Now that the holiday season is in full swing, so are phishing attacks. Cybercriminals are always searching for ways to take advantage of the holidays and get their hands on unsuspecting victims’ information. It is important to be aware of the most common phishing attacks so that you can protect yourself and your organization. 

In this blog, we review four holiday-themed phishing attacks to watch out for. Keep reading to learn more.

Fake Shipping Notifications

Holiday season is a popular time for fraudsters to target unsuspecting victims. One of the most common phishing attacks involves fake shipping notifications, which purport to be from a legitimate shipping company and inform the recipient of a package shipment. 

The scammer will include a link in the message to either a malicious website or a form requiring personal information. If the victim clicks the link or submits the form, the scammer will now have obtained the victim’s personal data, such as passwords, credit card information, and other sensitive information. 

While this particular scam occurs year round, it is important for users to be especially aware of these types of scams during the holidays due to increased prevalence of shipping activity. As the end of the year nears for businesses, be especially cautious when receiving unexpected messages from supposedly known or new vendors.  

Fake Charitable Donations

The holidays are a time of giving. Many organizations take this time to reflect and give back to their communities. Cybercriminals also try to get in on the spirit, attempting to solicit donations to fake charities. 

These phishing scams are attempts by scammers to obtain money or personal information by posing as a charity, typically through unsolicited emails, phone calls, or text messages which ask the recipient to donate to a specific charity or to provide personal information such as credit card numbers. The scammers may also impersonate an organization’s CEO to make the request seem like it originates from a legitimate and reputable source.

Be sure to do your research and only make donations to legitimate charities, and never provide money or personal information to anyone who contacts you without verifying the legitimacy of the charity. When in doubt, ask!

Fake Gift Cards

Cybercriminals often send out emails offering free gift cards. They typically involve emails that appear to be from a popular retailer or vendor offering a free or discounted gift card. However, the messages are actually part of a scam to steal personal and financial information or to install malicious software on the victim’s device. 

To protect your organization from these scams, be wary of any emails offering gift cards, even if they appear to come from a trusted vendor. It is also important to never click on any links or download any attachments in such messages.

Fake Holiday Deals

Fake holiday deals are becoming an increasingly common threat. These scams involve emails that offer amazing holiday deals that are too good to be true. The scammers use fake websites or links that look like they are from a legitimate business to try and get the victims to enter their personal information, such as credit card numbers or banking information. 

Be aware of these scams to make sure your organization is not duped by a compromised/impersonated vendor account, or worse–that your organization is the one being spoofed.

Wrap Up Time

It is important to remember that phishing attacks can occur any time of year, but they are especially prevalent during the holiday season. Scammers know that people are more likely to be shopping online, making transactions, and sharing personal information during this time. Additionally, people are more likely to be in a rush and less likely to think critically about suspicious emails during the holiday season. Holiday-themed attacks can be particularly dangerous, since they often look like they come from legitimate sources. To protect yourself and your organization from falling victim to these attacks, we recommend taking the following precautions to mitigate your risk:

  1. Be wary of unexpected emails or messages that claim to be from familiar organizations, even if the email address looks legitimate. 
  2. Don’t click on links or attachments in emails from unknown senders. 
  3. Always check the URL of any website you are directed to from an email. 
  4. Pay close attention to typos or poor grammar in emails, as these can be signs of a phishing attempt. 
  5. Don’t provide personal information, like your bank details or credit card number, in response to an email. 
  6. Verify that the sender is legitimate by contacting them through an official email address or phone number. 
  7. Educate yourself and your team on phishing tactics and how to spot them. 
  8. Implement an advanced email security solution that will be able to catch these types of attacks before they reach your users’ inboxes.

Looking for more information on how to fend off phishing attacks? Check out this article next: “How To Prevent Phishing.”