‘Tis the season for hackers, scammers, and crooks to use phishing scams and take advantage of the often chaotic holiday shopping season for their own gains.

The holidays have a way of bringing out the very worst in the type of people who happily profit by preying on others. Phishing scams have been a favorite tool of cybercriminals for years, and the ongoing rise in the popularity of online shopping has made email phishing even more effective. When your inbox already has a higher than normal amount of out of the ordinary emails coming in, would you notice one more?

While phishing is far from the only cyber threat out there causing trouble for businesses and consumers alike, it tends to be the most prevalent. These six scams, in particular, are ones you should be on the lookout for this holiday season.

1. Fake Receipts and Invoices
   One of the more popular ways of using phishing to sneak malware past IT security measures is to hide the malicious code in an attachment. With so many people doing most or all of their holiday shopping online, there is a noticeable increase in the number of invoices, receipts, and order confirmations popping up in everyone’s inboxes. Normally, an unexpected message from Amazon would raise a red flag, but this time of year many users would open the attached PDF without a second thought.


2. Fake Shipping Status Alerts
   Much like phony invoices, fake shipping notifications and updates are finding their way into unsuspecting users’ inboxes. This particular phishing method can often be more effective, as it relies not on a fake purchase, but on making the user worry that there is a problem with a purchase they know they’ve made. A notice from “UPS” letting you know your package is delayed is bound to get a click-through from a user who is, in fact, expecting a delivery via UPS.


3. Fake Flyers and Deals
   At the height of the holiday shopping rush, the average user can easily see a dozen or more emails each day advertising special offers and discounts from websites they have frequented in the past. While skimming through these messages, be on alert for emails from stores or vendors you have never shopped with before. These digital flyers may be advertising a great deal, but chances are the only thing you’ll receive by clicking through is a malware infection or lost funds for an order you’ve placed and will never receive.


4. Malicious Embedded Links
   Embedded links are just as common a tactic as attachments for downloading malware to a system, or redirecting the target to an infected website. Always take a few extra seconds to hover your mouse over any link that finds its way into your inbox. The hyperlink may look legitimate, but the link itself may tell a completely different story. A hacker can make a link embedded in a phishing email look like it leads somewhere familiar, but in reality, they’re directing you to content they control.


5. Unauthorized Transactions
   It’s always a good idea to keep an eye on your bank accounts, but it’s especially critical to the holidays. Keeping track of numerous holiday shopping purchases can be challenging, but by ignoring changes to your balance, you could be missing the fact that not all of your purchases were actually made by you. All it takes is one website with lax security standards to lose your credit card information to a hacker, and you’re left footing the bill for someone else’s shopping habits.


6. Fake Customer Surveys
   Online surveys offering cash or gift cards as a reward for completing them can often end up being a scam. The difference between a legitimate offer from a legitimate business and a phishing attempt is often those last few questions. If a survey asks for personal or financial information, it’s extremely likely that the survey is a cybercriminal’s way of stealing your identity or setting up a more advanced phishing scam.

While the bulk of these phishing threats are intended to target individuals, if one of your employees happens to trigger one of these infections or intrusions from their workstation or any device that is connected to your business’ network, it can be disastrous for your business. A hacker that is hoping to get a hold of personal data would be more than happy to instead help themselves to any and all sensitive data stored on your systems and network.

Ensure that you have the right network security measures in place and that your firewall, anti-virus, and anti-malware programs are up-to-date with all of the latest patches.

Want to find out more about the steps you can take to protect your business from cyber threats? Contact Datum Consulting.