Holiday Email Scams


This holiday season, as with every holiday season, the hackers and scammers will be out in full force. It’s time for them to celebrate, too, because most of us will be busy spending money, and rather more preoccupied than at other times of year. They know that we tend to let our guard down this time of year, and that’s when they pounce.

Email scams tend to be a favorite for them. When your inbox already has a higher than normal amount of out of the ordinary emails coming in – as usually happens during the holiday season – would you notice one more? There are quite a few different ways that cybercriminals can use email to trick us. Here are some of the most common ones:

Fake Receipts and Invoices – One of the more popular ways to sneak malware or a virus past IT security measures is to hide the malicious code in an attachment. With so many of us doing our holiday shopping online, we expect to see an increase in the number of invoices, receipts, and order confirmations popping up in our inboxes. Normally, an unexpected message from Amazon would raise a red flag, but this time of year we may be inclined to open the attached PDF without a second thought.

Fake Shipping Status Alerts – Since we’re all doing more online shopping, that means we’re also forced to keep an eye on more shipments. Much like phony invoices, fake shipping notifications and updates are finding their way into unsuspecting users’ inboxes. This particular email scam is especially effective, because we’re always on the lookout for a problem with a purchase that needs to be delivered to a specific place by a specific time. A notice from “UPS” letting you know your package is delayed is bound to get a click-through from anybody who is, in fact, expecting a delivery via UPS.

Fake Flyers and Deals – During the holiday season, most of us are bombarded with advertising special offers and discounts from retailers and other websites that we’ve purchased from in the past. When you’re parsing through these email messages, keep an eye out for emails from stores or vendors you have never shopped with before. While they might be a legitimate seller who simply (and legally) purchased your email from an email list-seller, they might just as easily be an illegitimate source who is out to infect your computer.

Malicious Embedded Links – Embedded links, which could redirect you to an infected website, are just as common as attachments for downloading malware to a system. If you receive an email that grabs your interest, take a few extra seconds to hover your mouse over any link that finds its way into your inbox. The hyperlink may look legitimate, but even a novice hacker can make an embedded link look that way. The best option is not to click on the link at all, and to do a web search for the retailer or source. If it shows up in your search results, click on that link instead.

Unauthorized Transactions – It should go without saying that it’s always a good idea to keep an eye on your bank accounts, but it’s especially critical during the holidays. Keeping track of numerous holiday shopping purchases can be challenging, but by ignoring changes to your bank account or credit card balance, you could be missing a fraudulent charge. All it takes is one website with lax security standards to lose your credit card information to a hacker. If your bank has the ability to email you a daily balance update, it would be wise to utilize that service.

Fake Customer Surveys – Online surveys offering cash or gift cards as a reward for completing them seem appealing, especially, but that are not always legitimate. If a survey asks for any kind personal or financial information, it’s extremely likely that the survey is a cybercriminal’s way of stealing your identity. Even a seemingly innocuous question can be leveraged by a skillful cybercriminal.

While the bulk of these email threats tend to target individuals, if one of your employees happens to trigger one of these infections or intrusions from their workstation or any device that is connected to your business’ network, it can be disastrous for your business.

Return to the Tech Trends Newsletter