Phishing Scams to Watch For This Holiday Season
Holidays are the perfect time for fraudsters to make their appearance. (Even more than they do the rest of the year.) Whether it is fake shipping notices or charity frauds, here are tips on how to avoid them.
Information originally from TechRepublic – Posted November 13, 2020
A typical phishing campaign starts off with an email in which the attacker impersonates a well-known brand, product, organization, or other entity. The goal is to trick the recipient into believing that the email is legitimate and is of great interest or importance.
Anyone who clicks on a link or file attachment in the email is taken to a landing page where they’re asked to sign in with certain account credentials or provide sensitive data, which the attacker then captures.
Learn more about phishing and other types of cyber attacks >>
Fake Shipping Notifications
As more people are shopping online this year, cybercriminals are launching phishing emails that impersonate shipping notifications. These emails include links to pages that aim to trick the victim into signing into the impersonated website with their account credentials. In other instances, the emails come with file attachments that masquerade as receipts but actually contain malware designed to capture your keystrokes, install ransomware, or steal data.
How to Avoid this Scam:
Don’t open attachments from suspicious email IDs and do not click on links for external pages.
Legitimate e-commerce sites will provide your shipping details in the body of the email and use a standard email address, such as [email protected] or [email protected].
Malicious emails use a more generic domain such as [email protected] or [email protected].
Charity Frauds
This type of scam typically tries to trick the recipient into believing that they’re donating money to a charity. In reality, the scammers are luring people to donate to charities that don’t exist. This year, phishing campaigns are likely to exploit COVID-19 to convince people to donate to coronavirus-related charities.
How to Avoid this Scam:
To avoid this scam, check the charity. Legal and legitimate charities are registered, which means you can cross-check the organization’s credentials with a public database to see if it’s genuine.
Also, avoid responding to any strangers who ask for money upfront through an email.
Gift Card or Coupon Scams
Gift cards and coupons are an easy way to get money, one reason this type of fraud is popular among cybercriminals. In this scam, the phishing email typically creates a sense of urgency by offering a great deal on a popular product. But the attackers will ask for payment through gift cards.
How to Avoid this Scam:
To avoid this scam, be wary of any coupons that offer great deals and discounts on popular items.
Scammers direct potential victims to spoofed landing pages where they are asked to enter personal data such as their credit card details. Avoid giving any sensitive information through a webpage to someone you don’t know or trust.
Travel Phishing Scams
When doesn’t a vacation to an exotic location sounds enticing? So you book your trip. But then you receive a notice informing you that your booking has been canceled. The email notice asks you to fill out a form to claim your refund. Only the external form is a malicious one designed to capture your personal information.
In a related scam, you’re offered free air travel tickets from what seems to be a legitimate airline. The only requirement is that you forward or share a link to the deal on your social media account. But therein lies the catch. The link leads people to a phishing site where scammers try to capture their personal information.
How to Avoid this Scam:
To avoid this scam, check the sender address on any such suspicious emails you receive.
Two warning signs – The external site uses https:// instead of https://, and the email domain points to Gmail, AOL, or Yahoo.
Don’t enter any information on a third-party app or website. And beware of social media requests. No airline or travel company will ask to sign into your social networking accounts.
“While these four categories of phishing attacks are the most common ones in the current climate, this is certainly not an exhaustive list,” GreatHorn said in its blog posted on November 12, 2020 . “Please beware of any communication that requires you to disclose your personal information without giving you enough information needed to verify the institution’s or person’s legitimacy. Always double check sources making unusual requests to collect your personal information.”
Source: https://www.techrepublic.com/article/4-phishing-scams-to-watch-out-for-during-the-holidays/?ftag=TREa988f1c&bhid=29394199833739522004750465323332&mid=13168964&cid=2271024764