This post was originally published on December 03, 2020, and has since been updated for relevancy and accuracy. 

‘Tis the season for cybercriminals to launch email phishing scams as they seek to take advantage of online shoppers for their own personal gain. 

Since the pandemic started, online shopping has become more of a necessity than a luxury. In fact, according to Deloitte’s annual holiday retail forecast, 63% of consumers plan to shop online. And with COVID cases seeing a surge along with the flu and RSV across major cities, many more consumers could decide to shop online. 

From a cybersecurity perspective, this allows bad actors the opportunity to prey on unsuspecting consumers with various types of email phishing techniques. 

To better protect shoppers from these threats, IRONSCALES compiled the top 5 phishing scams to watch out for this holiday season.

5 Phishing Scams to Avoid this Holiday Season

1. Fake Email Promotions

At the height of the holiday shopping rush, the average email user can easily see a dozen or more advertising and marketing emails in their personal and professional inboxes as retailers work overtime to connect with both loyal and potential customers.  One report claims that for every $1 spent on email marketing, $44 is made in return. Making email a trusted resource for consumers looking for deals and a profitable resource for retailers. 

Unfortunately, this surge of marketing emails creates the perfect disguise for phishing attacks that look legitimate and advertise a good deal. But in reality, a hacker may be attempting to steal credentials and commence illegal activity, such as credit card fraud. 

While sorting through holiday marketing messages, shoppers must be on alert for emails from stores and vendors they have never shopped with before. They should also keep an eye out for fake login pages spoofing your favorite retailers. With greater awareness, consumers can often identify fake login pages because of visual or verbal anomalies or flaws, such as blurred or resized images. 

2. Fake Order Confirmations and Receipts

Since online shopping will remain as popular as ever, shoppers should keep track of all email order confirmations and be sure not to open attachments from unfamiliar senders. 

To avoid becoming the target of this form of phishing, never open an attachment unless you are fully confident that the message is from a legitimate sender. Even then, you should still scan the attachment for suspicious language or images. 

In addition, it’s a best practice to stay one step ahead of cybercriminals by consistently monitoring banking transactions to identify any fraudulent activity. 

3. Fake Shipping Notifications

The Better Business Bureau recently distributed an alert to warn individuals about package delivery scams and phony shipping email notifications aiming to harvest personal information. In this scam, shoppers may receive an email notification from a mail courier or parcel delivery service asking you to reschedule a delivery. Even though these messages look legitimate, they contain malicious links that will download malware when clicked to access personal information.  

Since these scams seem legitimate and often create a sense of urgency, it is important to take the time to confirm that the email address of the sender is authentic. To validate a domain name, make sure there are no typos or misspellings in the email address and perform a quick online search of the domain name and company. 

If you’re still unsure, contact the service provider directly via phone using a trusted number or visit a store in person. 

4. Fake Customer Surveys

Online surveys have recently received notoriety for being a novel way to earn easy money. With most companies offering between $1 and $5 per survey and some paying upwards of $20 per survey in the form of cash or gift cards, it’s pretty easy to see why shoppers looking for a little extra cash for gifts are enticed to click on and submit responses. 

Scammers have turned to online surveys to harvest personal and financial information in an attempt to steal your identity. Once you begin to complete the survey, you’ll notice the form requests extremely sensitive information, including your social security number and credit card details. 

Be wary of surveys that make these odd requests, as they are potentially attempting to compromise personal information. Similarly, if the aforementioned reward is a significant amount of money, remember that it’s probably too good to be true. 

5. Fake Virtual Holiday Events

Another increasingly popular holiday phishing scam is attackers taking advantage of the influx of virtual holiday events. Phishers are using this opportunity to create phony, copycat holiday events that charge admission in an attempt to obtain victims’ credit card and billing information. 

The holiday season has always intrigued hackers, as phishing attacks frequently increase during this time of year. Over the years, COVID-19 has changed consumer behavior and amplified phishing risks. It's essential to remain extra vigilant and aware that the odds of being targeted by a phishing attack are greater during the holiday season. 

Wishing you a happy, safe, and secure holiday season!