It’s that time of year again. The holiday season, along with its surge in online shopping, inevitably involves a rise in cybercrime. With shoppers spending billions and many hunting for deals using mobile devices, hackers and scammers are also out in droves looking to steal personal information.
Incidents of fraud increase to 50 percent above the annual average in October, November and December, according to F5 Networks. One of the most common tactics cybercriminals use to steal information and gain access to their targets’ accounts is phishing scams, which involve sending emails that look like legitimate messages from companies or friends.
Typically, a phishing email will contain a link that, once clicked on, will ask you to enter personal information or input your login info for an account. If you fall for a phishing attempt, the hacker will then be able to access your account and all the info in it. Phishing and pretexting (crafting a false narrative to get info or manipulate someone) account for 98 percent of social incidents, according to Verizon’s 2018 Data Breach Investigations Report.
It’s important to keep an eye out for phishing attempts year-round, but it’s especially crucial to stay vigilant during the holiday season. The following tips can help you avoid taking the bait and becoming a phishing victim this year.
1. Assume unexpected emails with calls to action are scams. If you get an unsolicited email from your bank or a retailer offering a holiday deal that asks you to click on a link, download an attachment, or perform another action, it’s best not to do it. This is a common tactic used in phishing campaigns.
2. Don’t give away any personal info via email. Most companies will never ask you for your username, password, and other sensitive information through an email. For example, if you receive an email from your bank asking you to click to confirm your account number, it’s a phishing attempt.
3. Look for misspellings, grammatical errors, and other hallmarks of a phishing email. If a message contains spelling errors and/or the grammar is bad, it’s probably a phishing attempt, according to the ConsumerAffairs article “Beware of phishing scams this holiday season.”
Some other telltale signs of a phishing campaign include the following:
- Unclear and/or mismarked links
- Message from an unknown sender
- Message containing threats and demanding private information
4. Type in web addresses directly and ensure they start with https:// instead of http://. The “s” means there’s an additional layer of security, according to the MarketWatch article “Beware of hackers who impersonate your favorite brands this holiday season.”
Additionally, since it’s become difficult to determine what’s a real promotional email and what’s an imitation, it’s best to avoid clicking on links in your email altogether and just type URLs directly into your browser, Dave Baggett, co-founder and CEO of the anti-phishing startup Inky, told MarketWatch.
5. Keep an eye out for fake tracking numbers. Scammers will still try to trick you even after you’re done shopping, the MarketWatch article warns. Assuming that you have a lot of packages in transit from online purchases, they might send you a fake email from UPS with a tracking number.
To avoid falling for this type of phishing scam, don’t click on any tracking numbers in emails. Type them into the UPS website instead to check if they’re legitimate.
If you’d like to learn more about how to thwart phishing and/or other types of cyberattacks, don’t hesitate to contact our team of IT security experts. We work with a wide range of cybersecurity solutions from various vendors in our partner network, which allows us to serve as a trusted advisor to clients seeking to minimize their data breach risk. Contact us today by calling 877-599-3999 or emailing sales@stratospherenetworks.com.