Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

December 21, 2021

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun. Whether you celebrate Christmas, Hanukkah, Kwanzaa, or simply want to celebrate your employees with an end-of-year party, we spend the better part of December shopping and giving to others. It's critical to keep ourselves safe online and not fall for prevalent scams this time of year.

At Abnormal Security, we see thousands of scams and phishing attacks each holiday season, as cybercriminals look to take advantage of our lowered defenses this time of year. Here are a few tricks they use to steal your money and joy.

Charity Scams

We tend to be charitable throughout the year and according to the Giving USA Foundation, Americans contributed more than $471 billion to charity in 2020. That said, over 30% of the annual total given comes in December, when people are more likely to be appreciative of the things they have—and thus, more likely to give to others.

Scammers and cyber thieves know that fact and go out of their way to capitalize on that reality. Be on the lookout for fake online charities, where criminals will set up a “charity” specifically to steal your money. You should also be wary of landing on typo-squatted domains pretending to be your favorite charity. For example, humanesociety.org is a great charity, but humansociety.org may be glad to take your money, without donating it to animals in need.

If the charity you supported last year reaches out with a text or vague email asking for your generosity, avoid clicking on any links. Instead, visit their website by directly typing it into your browser and make sure you spell it correctly so you don't accidentally land on a malicious site. This is a great time to give, but make sure it ends up where you intended it to go.

Delivery Scams

There are two flavors to the delivery scam. The first one is when you purchase something, and the criminal takes your money with no intention of delivering a product. To avoid this situation, check the website's reputation through a service like Better Business Bureau before entering personal information, especially credit card or banking information.

The second one takes advantage of the busy person that has a daily visit from the Amazon delivery van. This attack poses as a delivery alert in your email or a text message with a link to track the order. We all fear the dreaded porch pirates that steal packages when we are away, so the sense of urgency to click the link and check the status of that treasured gift is too hard to resist. By doing so, you could accidentally provide login credentials or personal information that cybercriminals can use to target you again.

Instead of clicking unsolicited links, leverage the vendor's app or website to configure updates and alerts. You can also set up apps like Amazon, UPS, and FedEx to provide a push notification when your package is delivered.

Phishing and Look-a-like Websites

And finally, be wary of emails that ask for you to click a link, perhaps to check on the status of an order or to provide additional delivery instructions. This is a stressful time of year for many people, and cybercriminals take advantage of that fact to socially engineer victims into clicking on links where they can then steal credentials.

A common trick by cybercriminals is to provide a Google or Microsoft authentication page that looks real and upon completion, forward you directly to the intended link. The part you miss is where the criminal captured your user name and password as part of the scam. Making matters worse, we tend to be creatures of habit, so your email password is likely similar, if not the same, as your Amazon or PayPal or bank password.

Security for Individuals and Employees

While many of these scams target individuals, companies often participate in the celebrations throughout December and employees often purchase customer or employee appreciation gifts from online retailers using their corporate email accounts. To help protect employees and customers, organizations should re-evaluate their technical email controls in place to prevent these scams and attacks—throughout the holidays and beyond.

Modern solutions that leverage machine learning and behavioral data science as part of the solution are highly effective at mitigating these risks, blocking charity scams and phishing emails before they reach inboxes. As the CISO of Abnormal Security, I rest assured my employees and customers are well protected from these threats.

To see how Abnormal can protect you from charity scams, delivery scams, and more this holiday season, request a demo of the platform today.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 1500x1500 Modern Email Attacks Webinar Series L4 R2
Our Modern Email Attacks series has wrapped! Here are some of the biggest takeaways from Chris Krebs, Troy Hunt, and Theresa Payton.
Read More
B 1500x1500 Gartner Insights L1 R1
See our commitment to providing our customers with the best possible solution and support with these reviews from Gartner® Peer Insights™.
Read More
B 11 14 22 SPM Launch Blog Graphics
Security Posture Management gives organizations insight into cloud configuration risks and gaps across user and app privileges.
Read More
B 11 14 22 SPM Launch Blog 2
Cloud email platforms enable better collaboration, but they also create new entry points, making sensitive data more accessible to attackers.
Read More
B 1500x1500 Q3 Ransomeware L1 R2
This post explores the continuation of the sharp decline in ransomware attacks as well as a few other notable data points from Q3 2022.
Read More
B 10 05 22 Cloud Email Security Platform Essentials
Learn the 7 key capabilities a cloud email security platform should have in order to address and resolve common email security challenges.
Read More
B 11 07 22 Valimail
Discover the benefits of a modern, best-of-breed solution to email security with Abnormal Security and Valimail’s New Partnership.
Read More
B 11 07 22 Vision 23 Blog
Discover the latest trends in cybersecurity as we look toward the email threats of the future in partnership with SecureWorld.
Read More
B 1500x1500 Crimson Kingsnake L2 R1
Uncovering how threat group Crimson Kingsnake uses third-party impersonation tactics to swindle organizations across the world.
Read More