This time of year is filled with holidays, celebrations, time spent with loved ones and gift exchanges. It is also a time filled with scammers and cybercriminals targeting holiday shoppers with frauds and cons.
You already know to not click on suspicious links or provide sensitive data without verifying the legitimacy of the requests (reminder, never respond directly to the suspicious message, the scammer will verify the legitimacy!) But holiday phishing scams often catch people off guard because they mimic the types of emails common during this season.
Seasonal phishing emails may already be hitting your inboxes. Here are “phishy” things you should watch out for:
- Notifications about unknown purchases from recognised retailers that require you to click links to confirm the transactions. Links may take you to fake websites imitating legitimate retail sites that ask you to enter your account password or “verify” credit card data so the information can be stolen and used fraudulently.
- Unsolicited emails or text messages claiming your package has been “stopped” or is “waiting” and inviting you to click on links to schedule delivery or track shipping. If you think the message is legit, contact the company using a website or phone number you have verified is real (not using the link you were sent). Do NOT directly respond to the suspicious email or text.
- Unanticipated electronic gift certificates inviting you to click links or download attachments to find out more about the value, the sender, etc. Criminals create emails that appear to be from trusted companies, but often contain malware or links to fake websites where personal information is harvested.
- Unusual requests to donate to charitable causes you have not previously supported. Carefully check the name of the charity, because scammers use names that sound similar to other charities to trick you. Do some research before you give. If you do decide to donate, do so only at the official charity website rather than from a suspicious email.
- Promotional websites or social media advertisements from unknown companies that can’t be verified as legit with simple online searches. Cybercriminals promote counterfeit products through fake social media accounts, with popular hashtags or via bogus websites to trick users into handing over payment info.
Remember, you can’t always trust the “from” line in an email. Scammers will spoof company email addresses (@company.com) to fool you into believing the message is genuine. If an email is unusual or unexpected and looks like it came from a trusted address, double-check it. Contact the sender directly through a different channel to ensure the message is not a hoax.
When in doubt, report suspicious emails with the “Submit a Phish” button – located on the right side of your Outlook ribbon.