Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

December 21, 2021

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun. Whether you celebrate Christmas, Hanukkah, Kwanzaa, or simply want to celebrate your employees with an end-of-year party, we spend the better part of December shopping and giving to others. It's critical to keep ourselves safe online and not fall for prevalent scams this time of year.

At Abnormal Security, we see thousands of scams and phishing attacks each holiday season, as cybercriminals look to take advantage of our lowered defenses this time of year. Here are a few tricks they use to steal your money and joy.

Charity Scams

We tend to be charitable throughout the year and according to the Giving USA Foundation, Americans contributed more than $471 billion to charity in 2020. That said, over 30% of the annual total given comes in December, when people are more likely to be appreciative of the things they have—and thus, more likely to give to others.

Scammers and cyber thieves know that fact and go out of their way to capitalize on that reality. Be on the lookout for fake online charities, where criminals will set up a “charity” specifically to steal your money. You should also be wary of landing on typo-squatted domains pretending to be your favorite charity. For example, humanesociety.org is a great charity, but humansociety.org may be glad to take your money, without donating it to animals in need.

If the charity you supported last year reaches out with a text or vague email asking for your generosity, avoid clicking on any links. Instead, visit their website by directly typing it into your browser and make sure you spell it correctly so you don't accidentally land on a malicious site. This is a great time to give, but make sure it ends up where you intended it to go.

Delivery Scams

There are two flavors to the delivery scam. The first one is when you purchase something, and the criminal takes your money with no intention of delivering a product. To avoid this situation, check the website's reputation through a service like Better Business Bureau before entering personal information, especially credit card or banking information.

The second one takes advantage of the busy person that has a daily visit from the Amazon delivery van. This attack poses as a delivery alert in your email or a text message with a link to track the order. We all fear the dreaded porch pirates that steal packages when we are away, so the sense of urgency to click the link and check the status of that treasured gift is too hard to resist. By doing so, you could accidentally provide login credentials or personal information that cybercriminals can use to target you again.

Instead of clicking unsolicited links, leverage the vendor's app or website to configure updates and alerts. You can also set up apps like Amazon, UPS, and FedEx to provide a push notification when your package is delivered.

Phishing and Look-a-like Websites

And finally, be wary of emails that ask for you to click a link, perhaps to check on the status of an order or to provide additional delivery instructions. This is a stressful time of year for many people, and cybercriminals take advantage of that fact to socially engineer victims into clicking on links where they can then steal credentials.

A common trick by cybercriminals is to provide a Google or Microsoft authentication page that looks real and upon completion, forward you directly to the intended link. The part you miss is where the criminal captured your user name and password as part of the scam. Making matters worse, we tend to be creatures of habit, so your email password is likely similar, if not the same, as your Amazon or PayPal or bank password.

Security for Individuals and Employees

While many of these scams target individuals, companies often participate in the celebrations throughout December and employees often purchase customer or employee appreciation gifts from online retailers using their corporate email accounts. To help protect employees and customers, organizations should re-evaluate their technical email controls in place to prevent these scams and attacks—throughout the holidays and beyond.

Modern solutions that leverage machine learning and behavioral data science as part of the solution are highly effective at mitigating these risks, blocking charity scams and phishing emails before they reach inboxes. As the CISO of Abnormal Security, I rest assured my employees and customers are well protected from these threats.

To see how Abnormal can protect you from charity scams, delivery scams, and more this holiday season, request a demo of the platform today.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 06 21 22 Threat Intel blog
Executives are no longer the go-to impersonated party in business email compromise (BEC) attacks. Now, threat actors are opting to impersonate vendors instead.
Read More
B 06 7 22 Disentangling ML Pipelines Blog
Learn how explicitly modeling dependencies in a machine learning pipeline can vastly reduce its complexity and make it behave like a tower of Legos: easy to change, and hard to break.
Read More
B 04 07 22 SEG
As enterprises across the world struggle to stop modern email attacks, it begs the question: how are these attacks evading traditional solutions like SEGs?
Read More
Enhanced Remediation Blog Cover
The most effective way to manage spam and graymail is to leverage a cloud-native, API-based architecture to understand identity, behavior, and content patterns.
Read More
B 05 16 22 VP of Recruiting
We are thrilled to announce the addition of Mary Price, our new Vice President of Talent. Mary will support our continued investment in the next generation of talent here at Abnormal.
Read More
B 06 01 22 Stripe Phishing
In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.
Read More
B Podcast Engineering9
In episode 9 of Abnormal Engineering Stories, Dan sits down with Mukund Narasimhan to discuss his perspective on productionizing machine learning.
Read More
B 05 31 22 RSA Conference
Attending RSA Conference 2022? So is Abnormal! We’d love to see you at the event.
Read More
B 05 27 22 Active Ransomware Groups
Here’s an in-depth analysis of the 62 most prominent ransomware groups and their activities since January 2020.
Read More
B 05 24 22 ESI Season 1 Recap Blog
The first season of Enterprise Software Innovators (ESI) has come to a close. While the ESI team is hard at work on season two, here’s a recap of some season one highlights.
Read More
B 05 13 22 Hiring Experience
Abnormal Security is committed to offering an exceptional experience for candidates and employees. Hear about our recruiting and onboarding firsthand from three Abnormal employees.
Read More
B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More