‘Tis the season to be scamming.
At least, that’s how cybercriminals approach the holiday season.
While law-abiding people are shopping online or making holiday plans, bad actors are embracing their inner Grinch and reaching into the bag of tricks to see what nasty holiday scams they can pull.
What’s worse is that scammers now have tools and tactics to deceive consumers who may only give messages a cursory glance. That has contributed to the already elevated number of phishing attacks during the holidays.
Before you click anything this holiday season, familiarize yourself with these common holiday scams and the best practices that can keep you safe.
Holiday Phishing Emails and Smishing Scams
Have you ever seen one of these messages before?
It’s a common phishing scam and you’ve probably heard to report them as spam. The only time the USPS will send out an SMS communication is when you have “signed up for a USPS tracking request for a specific package.” You’ll never receive unsolicited mobile text messages for packages you’re not expecting.
That said, opportunistic scammers will not shy away from using this phishing attack in the hope that consumers, worried about delayed packages, will have a lapse in judgment and make a regrettable click. They’ll ask for personally identifiable information (PII) like your birthday, SSN, credit card information, and other info, so criminals can sell or use that data for financial gain.
The Postal Service does not charge for tracking services, and they will not send unsolicited messages with a link. Never click any link you didn’t request.
Fake Social Posts and eCommerce Sites
With Black Friday, Cyber Monday, and Giving Tuesday fast approaching, you should be on the lookout for scam posts mixed in with the legitimate offers. Scammers use generative AI to create fraudulent social posts and fake eCommerce sites that appear legitimate. If you’re not looking hard enough, you can easily fall into their trap.
The good news is that if you are paying full attention and know how to spot telltale signs of the scams themselves, you can avoid most holiday scams like these. Ask these questions:
- Does the offer seem too good to be true? Proceed with caution.
- Is a well-known brand redirecting you to a shady URL? Don’t go forward.
- Are essential URL authentication signs missing? If you don’t see HTTPS or legitimate domain names, never give payment information.
When in doubt, visit the brand or charity’s official site directly through a search engine to be sure you’re interacting with the actual brand. For charities, you can check on the IRS’s Tax Exempt Organization Search to find a charity’s official information and bypass potential scam links.
Best Practices to Avoid Holiday Scams
Though these are some of the most common holiday phishing scams out there, criminals are always coming up with new ways to deceive consumers. Be sure to follow these tips whenever you’re buying anything online.
- Report suspicious messages – Deleting scam messages alone does not help to alert cybersecurity teams or automated systems to screen for emerging phishing tactics.
- Avoid clicking on unsolicited links – If you don’t expect it, there’s no reason to click it.
- Double check sending domains – Always check the sending email address before clicking on links or downloading attachments. If there’s anything fishy, flag it immediately as a potential scam.
When in doubt, reach out to your MSP solutions partner. We’re immersed in this world and know where the most common threats come from. Plus, our Cubex Group Security Solution can proactively identify vulnerabilities and eliminate threats.
With our help and a little caution, you can keep the holiday season merry and bright (without falling prey to bad actors).
Holiday scams aren’t the only cyberthreats on our radar. Dive into our blog for more tips on how to avoid phishing attacks, ransomware, and other cyber attacks.
Related Articles
What Is the Difference Between EDR and MDR in Your Cybersecurity Solutions?
Why One New iOS 18 Feature Is a Blessing to Communication AND a Threat
Cyber Safety for Kids: 5 Tips to Protect Your Kids from Cyber Threats