Tips to Avoid Holiday Phishing Scams

close up computer engineering writing programming code in database on laptop keyboard to protect and blocking spam email from internet and hacker for smart technology concept

Around the holidays, our inboxes become flooded with shipping updates, order confirmations, and eCards from family and friends. Cyber criminals see this deluge of emails as an opportunity to send creative phishing emails — designed to not only catch your attention, but also catch you off guard. From fake charity websites to malicious eHolidayCards, cyber attacks spike during the holiday season. And it’s important to be extra careful before you click!

What to Look Out For

  • Shipping Updates
    Fake shipping notifications increase each year around the holidays. With so many online orders being shipped, people may be more susceptible to clicking a link about a status update or a failed delivery. Even if the message looks valid, go to the site directly and enter the tracking number yourself. Call a shipping company for assistance using the contact information on their site.
  • Fake Order Confirmations
    Attackers also take advantage of the increase in year-end online shopping from the most popular shopping days of the year—Black Friday and Cyber Monday. During this hectic time, you may be more likely to click an order confirmation link from your favorite company without questioning it. Keep track of your orders so you know what emails to expect.
  • Holiday eCards
    Another popular lure that attackers use is sending fake eCards with malicious files attached. Although a cute eCard may look innocent, never click a link from an unknown source.
  • Charity Phishing Scams
    Phishers often impersonate charities and send emails asking for year-end donations. Before entering personal information and making a donation, ensure that the site is legitimate and you recognize the domain. Also, ensure the URL shows “https://”, indicating that the connection is secure.
  • Unsolicited Offers and Deals
    ​​​​​​​Around the holidays, inboxes are overflowing with messages about stunning deals and promotions. Attackers often target employees with end-of-year giveaways and contests. Don’t click on any email offers or pop-up ads. Instead, verify that the offer is legitimate by going to the retailer’s site and shopping there directly. Remember, if it seems too good to be true, it probably is.

Read more tips on the Cofense Blog.