ThreatSTOP Blog

Watch out for Phishing this (online) Holiday Season

Written by Ofir Ashman | December 7, 2020

Winter holidays are a glowing delight, filled with cozy warm drinks, great food, decorations, family traditions, and of course – presents. Families know the feeling of December creeping in, and the burst of joy filled with urgency that comes with it. People rush to shopping malls by the handfuls, making a day (or days) of purchasing gifts for their friends and loved ones. But the Covid-19 pandemic has reshaped the holiday shopping experience, migrating holiday shoppers from mall trip extravaganzas to multi-platform online shopping. Probably the last thing buyers are thinking about when deliberating between a blue bike or a green scooter is the plethora of cyber attackers just waiting for them to make one mistaken make one wrong click, and fall victim to a phishing scam that can drain all the money (and holiday joy) from your stocking.

Tis’ the time of year for holiday phishing, and no one is immune to it. Attackers have become very skilled at creating legitimate-looking emails and text messages. A survey by McAfee found that 41% of Americans fell victim to email phishing scams in 2019. It doesn't need to be like this, we can do better! Here are a few ways you can detect and avoid phishing attempts:

Learn how to recognize phishing emails and messages

Every time a holiday offer email lands in your inbox, take more than just a second or two to look over and validate the email. Check that the sender looks legitimate, and is originating from the correct company domain. Make sure the email body does not include spelling mistakes. If the email includes a link or a file – take a close look. Does the file icon match the file ending displayed? Does the link look like a valid website?

Make sure you are on the right webpage

For every popular website, there are thousands of imposter internet pages preying on victims that aren't paying attention. When performing online shopping, confirm that the website you browsing is authentic. Check that the domain and top level domain (TLD) are correct without any typos, and that the secure connection padlock is displayed beside the URL. This is especially important to do before you enter your credit card details.

If a deal looks too good to be true – it IS too good to be true

Holiday phishers know that shoppers are looking for the best deals on all the hottest items of the year. Who hasn’t gotten a forwarded message in the family WhatsApp group from Mom offering 70% off on everything on the “Adidas website” with an extremely suspicious-looking link? A good rule of thumb is to ask yourself “is this deal similar to others I’ve utilized by this company in the past?”. If Lenovo consistently offers a 30% off during the holidays, don’t fall for an email promising you a 90% discount.

Avoid password reuse

It is crucial to use different passwords for accounts on different platforms. A whopping 65% of people reuse passwords, which is quite shocking considering the fact that 80% of data breaches last year were caused by password compromise. Services and businesses are constantly getting breached, their user credential databases downloaded and sold on the internet. Once your breached credentials from one platform reach cyber attackers, they will try to breach your accounts on all platforms and get their hands on personal data and payment details.

 

With all that being said - have a great, safe and happy holidays!