This post was originally published on December 03, 2020, and has since been updated for relevancy and accuracy.
‘Tis the season for cybercriminals to launch email phishing scams as they seek to take advantage of online shoppers for their own personal gain.
Since the pandemic started, online shopping has become more of a necessity than a luxury. In fact, according to Deloitte’s annual holiday retail forecast, 63% of consumers plan to shop online. And with COVID cases seeing a surge along with the flu and RSV across major cities, many more consumers could decide to shop online.
From a cybersecurity perspective, this allows bad actors the opportunity to prey on unsuspecting consumers with various types of email phishing techniques.
To better protect shoppers from these threats, IRONSCALES compiled the top 5 phishing scams to watch out for this holiday season.
Unfortunately, this surge of marketing emails creates the perfect disguise for phishing attacks that look legitimate and advertise a good deal. But in reality, a hacker may be attempting to steal credentials and commence illegal activity, such as credit card fraud.
While sorting through holiday marketing messages, shoppers must be on alert for emails from stores and vendors they have never shopped with before. They should also keep an eye out for fake login pages spoofing your favorite retailers. With greater awareness, consumers can often identify fake login pages because of visual or verbal anomalies or flaws, such as blurred or resized images.
Since online shopping will remain as popular as ever, shoppers should keep track of all email order confirmations and be sure not to open attachments from unfamiliar senders.
To avoid becoming the target of this form of phishing, never open an attachment unless you are fully confident that the message is from a legitimate sender. Even then, you should still scan the attachment for suspicious language or images.
In addition, it’s a best practice to stay one step ahead of cybercriminals by consistently monitoring banking transactions to identify any fraudulent activity.
Since these scams seem legitimate and often create a sense of urgency, it is important to take the time to confirm that the email address of the sender is authentic. To validate a domain name, make sure there are no typos or misspellings in the email address and perform a quick online search of the domain name and company.
If you’re still unsure, contact the service provider directly via phone using a trusted number or visit a store in person.
Scammers have turned to online surveys to harvest personal and financial information in an attempt to steal your identity. Once you begin to complete the survey, you’ll notice the form requests extremely sensitive information, including your social security number and credit card details.
Be wary of surveys that make these odd requests, as they are potentially attempting to compromise personal information. Similarly, if the aforementioned reward is a significant amount of money, remember that it’s probably too good to be true.
Another increasingly popular holiday phishing scam is attackers taking advantage of the influx of virtual holiday events. Phishers are using this opportunity to create phony, copycat holiday events that charge admission in an attempt to obtain victims’ credit card and billing information.
The holiday season has always intrigued hackers, as phishing attacks frequently increase during this time of year. Over the years, COVID-19 has changed consumer behavior and amplified phishing risks. It's essential to remain extra vigilant and aware that the odds of being targeted by a phishing attack are greater during the holiday season.
Wishing you a happy, safe, and secure holiday season!