10 top holiday phishing scams

Here are holiday threats to watch out for

01 holiday phishing
Credit: Thinkstock
Scams to keep an eye out for

It always happens this time of year, an influx of holiday related scams circulating the interwebs. Scams don't wait for the holidays, but scammers do take advantage of the increased shopping and distraction when things get busy to take your money and personal information. Jon French, security analyst at AppRiver, warns you of six holiday threats to watch out for.

malware
Credit: Thinkstock
Look out for fake purchase invoices

With holiday shopping starting to ramping up and the daily deluge of holiday discounts in your inbox, it can be confusing to remember which online stores you actually purchased items from. This creates a vector where attackers can be more successful in attacks with things like fake purchase receipts. An unexpected receipt from Amazon or Wal-Mart during most of the year would hopefully raise some red flags for most users, but during the prime time for shopping for the holidays, users will likely be more susceptible to clicking those types of things. Victims could find themselves installing malware or landing on a phishing page if they aren’t cautious.

Shipping Status malware messages
Credit: Thinkstock
Shipping status malware messages

Along the same lines as fake email receipt messages, fake shipping notifications usually increase each year around the holidays. With so many online orders being shipped around during peoples shopping sprees, they again might be more likely to click something they wouldn’t normally click. If you just placed an order that shipped via UPS, and then you get a zipped virus with the vague wording about your recent order being delayed, you may be more likely to click it.

Be cautious of email deals
Credit: Thinkstock
Be cautious of email deals

Not all email flyers and sales are going to be legitimate this shopping season. Some of the big stores where you have previously shopped or signed up for newsletters will likely be OK and legitimate. But be cautious of unexpected deals or product promotions from stores or sellers you have never dealt with. There will be people trying to take advantage of buyers where the victim could be subject to phishing tactics or just stolen money for an order that will never come in.

Take a little more care at looking at links and URLs
Credit: Thinkstock
Take a little more care at looking at links and URLs

Phishing websites are around all year, but again with the sometimes hectic holiday season, people's guards can be down and they could fall victim to phishing attempts. Hovering over links in webpages and emails as well as taking that second to just look at the address bar and see what site you’re really at can save you from falling for a phishing page.

Keep an eye on your bank accounts
Credit: Thinkstock
Keep an eye on your bank accounts

Some people may be spending money on whatever catches their eye, and others may be planning every purchase out. Regardless, people should keep an eye on their accounts and make sure the purchases made are ones they are actually making. It would only take one store you shop at being compromised to give criminals the chance to drain your bank account. Whether it be a card scanner at a gas pump, POS malware at a retailer store, or an online store with lax web security.

Fake surveys
Credit: Thinkstock
Fake surveys

Survey emails sent out promising some sort of money or gift card in exchange for completing it can end up being a scam. Often the surveys are very short and generic, but at the end they may ask for some personal information. This can be what the attackers are really after. By gathering this information, they can use it to further a more advanced phishing attack. Some may even directly ask you for bank details or credit card information promising you won’t lose money.

video poster: How to protect the C-suite from spear phishing
Credit: IDG
Related video: How to protect the C-suite from spear phishing

Watch the video: CSO Editor-in-Chief Joan Goodchild sits down with Kevin O'Brien, founder and CEO of GreatHorn, to discuss ways that security leaders can fend off spear phishing attempts aimed at the executives at their companies.