chat
expand_more

Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun.
December 21, 2021

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun. Whether you celebrate Christmas, Hanukkah, Kwanzaa, or simply want to celebrate your employees with an end-of-year party, we spend the better part of December shopping and giving to others. It's critical to keep ourselves safe online and not fall for prevalent scams this time of year.

At Abnormal Security, we see thousands of scams and phishing attacks each holiday season, as cybercriminals look to take advantage of our lowered defenses this time of year. Here are a few tricks they use to steal your money and joy.

Charity Scams

We tend to be charitable throughout the year and according to the Giving USA Foundation, Americans contributed more than $471 billion to charity in 2020. That said, over 30% of the annual total given comes in December, when people are more likely to be appreciative of the things they have—and thus, more likely to give to others.

Scammers and cyber thieves know that fact and go out of their way to capitalize on that reality. Be on the lookout for fake online charities, where criminals will set up a “charity” specifically to steal your money. You should also be wary of landing on typo-squatted domains pretending to be your favorite charity. For example, humanesociety.org is a great charity, but humansociety.org may be glad to take your money, without donating it to animals in need.

If the charity you supported last year reaches out with a text or vague email asking for your generosity, avoid clicking on any links. Instead, visit their website by directly typing it into your browser and make sure you spell it correctly so you don't accidentally land on a malicious site. This is a great time to give, but make sure it ends up where you intended it to go.

Delivery Scams

There are two flavors to the delivery scam. The first one is when you purchase something, and the criminal takes your money with no intention of delivering a product. To avoid this situation, check the website's reputation through a service like Better Business Bureau before entering personal information, especially credit card or banking information.

The second one takes advantage of the busy person that has a daily visit from the Amazon delivery van. This attack poses as a delivery alert in your email or a text message with a link to track the order. We all fear the dreaded porch pirates that steal packages when we are away, so the sense of urgency to click the link and check the status of that treasured gift is too hard to resist. By doing so, you could accidentally provide login credentials or personal information that cybercriminals can use to target you again.

Instead of clicking unsolicited links, leverage the vendor's app or website to configure updates and alerts. You can also set up apps like Amazon, UPS, and FedEx to provide a push notification when your package is delivered.

Phishing and Look-a-like Websites

And finally, be wary of emails that ask for you to click a link, perhaps to check on the status of an order or to provide additional delivery instructions. This is a stressful time of year for many people, and cybercriminals take advantage of that fact to socially engineer victims into clicking on links where they can then steal credentials.

A common trick by cybercriminals is to provide a Google or Microsoft authentication page that looks real and upon completion, forward you directly to the intended link. The part you miss is where the criminal captured your user name and password as part of the scam. Making matters worse, we tend to be creatures of habit, so your email password is likely similar, if not the same, as your Amazon or PayPal or bank password.

Security for Individuals and Employees

While many of these scams target individuals, companies often participate in the celebrations throughout December and employees often purchase customer or employee appreciation gifts from online retailers using their corporate email accounts. To help protect employees and customers, organizations should re-evaluate their technical email controls in place to prevent these scams and attacks—throughout the holidays and beyond.

Modern solutions that leverage machine learning and behavioral data science as part of the solution are highly effective at mitigating these risks, blocking charity scams and phishing emails before they reach inboxes. As the CISO of Abnormal Security, I rest assured my employees and customers are well protected from these threats.

To see how Abnormal can protect you from charity scams, delivery scams, and more this holiday season, request a demo of the platform today.

Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Most Interesting Attacks Q1 2024
Take a look at five of the most unique and sophisticated email attacks recently detected and stopped by Abnormal.
Read More
B MKT499 Images for Customer Blog Series
Discover key industry trends and insights from cybersecurity leader Michael Marassa, CTO of New Trier Township High School District 203.
Read More
B Construction Professional Services QR Code Attacks
Abnormal data shows construction firms and professional service providers are up to 19.2 times and 18.5 times, respectively, more likely to receive QR code attacks than organizations in other industries.
Read More
B 1500x1500 Evolving Abnormal R2
From the beginning, we created Abnormal Security to be a generational company that protects people from cybercrime. Here’s how we’re doing it.
Read More
Blog Cover 1500x1500 Images for SOC Time Blog
Discover the critical tasks that occupy SOC analysts’ schedules beyond mere inbox management, and discover insights into optimizing efficiency in cybersecurity operations.
Read More
B 1500x1500 MKT494 Top Women in Cybersecurity
In honor of Women's History Month, we're spotlighting 10 women leaders who are making invaluable contributions to cybersecurity.
Read More