The traditional Christmas and New Year season is a busy time for many people as they prepare for holidays, celebration, and shop for presents. Unfortunately, it’s also a busy time for scammers as they devise ways to scam others, often through phishing campaigns that try to trick people into divulging personal information.
1. Phishing Scams
A typical phishing scam starts off with an email in which the attacker impersonates a well-known brand, product, organization, or other entity. The goal is to trick the recipient into believing that the email is legitimate and is of great interest or importance.
Anyone who clicks on a link or file attachment in the email is taken to a landing page where they’re asked to sign in with certain account credentials or provide sensitive data, which the attacker then captures.
An attacker may impersonate a well-known brand and inform you that you have won a prize sponsored by the company. To claim the prize, you may be instructed to enter your bank account details. As soon as you do, then these are compromised by the cybercriminals or sold on the Dark Web for the possibility of more profit.
In the past, many phishing emails and landing pages were amateurishly created, therefore, they were easier to identify as scams. However, over time, criminals have become more sophisticated. This means that some of the latest attacks may be much harder to detect, especially if you do not scrutinize them for mistakes and tell-tale signs of being ingenuine.
2. Phishing Scams to Watch out for this Holiday
Here are 8 scams to watch out for this season and advice on how to avoid being a victim.
2.1. Holiday vacation scams
How it works: Despite the coronavirus pandemic, you may still be tempted to get away this season. But be wary of offers that seem too-good-to-be-true. Scammers have long been setting up fake travel sites to gather personal information.
How to avoid being scammed:
- Book your holidays through reputable websites and travel agents.
- Check the sender address on any such suspicious emails you receive. The external site uses http:// instead of https://, and the email may be coming from @gmail.com or @yahoo.com.
- Don’t enter any information on a third-party app or website.
- Go directly to the source. Instead of clicking on a link within the email, go straight to the company’s website or contact customer service first to verify.
2.2 Donate to charity phishing scams
How it works: Charity frauds crop up whenever there’s a disaster, but they also tend to increase around the holidays. The fraudsters will try to trick you into believing that you are donating money to a charity. In reality, the scammers are luring you and others to donate to charities that don’t exist. This year, phishing campaigns are likely to exploit COVID-19 to convince people to donate to coronavirus-related charities.
How to avoid being a victim:
- Go directly to the source. Be skeptical of emails claiming to be from companies or charities asking for donations. Instead of clicking on a link within the email, go straight to the company’s website, or contact customer service.
- Check the charity. Genuine charities are registered. Cross-check the organization’s credentials with a public database to see if it’s genuine. Be careful to note the spellings of the charities. The genuine one may differ from the fraudulent one by as little as one letter.
- Also, avoid responding to any unknown persons who ask for money upfront through an email.
2.3 E-card phishing scams
How it works: You may receive one or more little flash programs spreading holiday cheer. Unfortunately, scammers have designed some that can install data-harvesting programs on your computer and do untold damage.
How to avoid being a victim: Don’t click links in emails unless you know the sender.
2.4 Canceled trip phishing scams
How it works: You may have been stuck at home in lockdown mode for the better part of this year doing your best to quarantine. Now, a holiday to an exotic location sounds enticing. So you book your trip. Later, you receive an email informing you that your booking has been canceled due to the pandemic. The sender asks you to fill out a form to claim your refund. You recover from your frustration of a canceled holiday and eagerly fill in the forms. Unfortunately, the external form is a malicious one designed to capture your personal information.
How to avoid being a victim:
- Check the sender address on any such suspicious emails you receive. The external may be using http:// instead of https://, and the email may be coming from @gmail.com or @yahoo.com. These would be tell-tale signs that something isn’t quite right.
- Go directly to the company’s website instead of clicking on a link within the email.
- If you’re unsure, get contacts of customer service where you made your booking to verify the authenticity of the email.
2.5 Free air travel ticket phishing scams
How it works: You’re offered free air travel tickets from what seems to be a legitimate airline. The only requirement is to forward or share a link to the deal on your social media account. The catch? The link leads people to a phishing site where scammers try to capture their personal information.
How to avoid being a victim:
- Hover over links to verify the URL. If someone sends you an email with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. Seeing the URL is important because, for example, if you’re going to ABSA Bank website for instance, but the link says asba.com, that should be a red flag that scammers are trying to capture your personal information. Don’t interact with the link and delete the email altogether.
- Check the sender address on any such suspicious emails you receive. The external site may be using http:// instead of https://, and the email may be coming from @gmail.com or @yahoo.com.
- fDon’t enter any information on a third-party app or website.
- Go directly to the source. Instead of clicking on a link within the email, go straight to the company’s website or contact customer service first to verify.
- Also, beware of social media requests. No airline or travel company will ask to sign in to your social networking accounts.
2.6 Shipping notification scams
How it works: This year, as even more people opt to shop online owing to the coronavirus pandemic, cybercriminals are more determined to launch phishing emails that impersonate shipping notifications. They know you’ll receive unexpected packages this season and will send realistic-looking delivery failure notifications.
They also know you will be keen to follow up and possibly reveal your personal info. These scam emails may include links to pages that will aim to trick you into signing into the impersonated website with your account credentials. In other cases, the emails come with file attachments that disguise themselves as receipts but actually contain malware designed to capture your keystrokes, install ransomware, or steal your data.
How to avoid being a victim:
- Don’t open attachments or click on links for external pages from suspicious email IDs.
- Legitimate e-commerce sites will provide your shipping details in the body of the email and use a standard email address, such as delivery@domain.com or customercare@domain.com. Malicious emails use a more generic domain such as kcb@gmail.com or mtncustomercar@yahoo.com.
2.7 Gift card/coupon phishing scams
How it works: Gift cards and coupons are an easy way to get money, a key reason why this type of cyberfraud is popular. As more people shop online for the holidays, more scammers are likely to use gift cards and coupons to steal money from unsuspecting consumers. In this scam, the phishing email typically creates a sense of urgency by offering a great deal on a popular product. But the attackers will ask for payment through gift cards.
How to avoid being scammed:
- Be wary of any coupons that offer great deals and discounts on popular items. Scammers direct potential victims to spoofed landing pages where they are asked to enter personal data such as their credit card details.
- Avoid giving any sensitive information through a webpage to people you don’t know or trust.
2.8 Urgent emails
How it works: Things having to do with the holidays and/or COVID-19 are perfect excuses for urgent replies.
How to avoid being scammed: As always, be wary when you see the word urgent in emails. Any emails that proclaim a great sense of urgency for you to take any action quickly “before time runs out” – is a red flag and is likely to lead to phishing.
3. Conclusion
To avoid being a victim of phishing scams this Christmas, be extra vigilant if you receive any email communication that requires you to disclose your personal information such as your name, phone number, passwords, address, credit card or bank card number, ID, or social security number, and so on.
If in doubt about the institution or sender’s legitimacy, make calls to necessary persons to verify the communication’s authenticity before taking any action.
Also, use a comprehensive security solution. Ensure you have an email security service that offers you gateway spam, virus, and malware filtering. We also recommend ensuring you have installed up-to-date antivirus and antimalware on all your PCs and workstations.
Stay Alert, Stay Safe this Holiday Season!