You would think after the harrowing year 2020 has proven to be – and with Santa loading his sleigh with COVID vaccine almost as we speak – the dangers of a historically tough year are almost behind us. But not so fast. This year, like every year, the holiday season brings with it increased threats to you and your loved ones’ cyber safety and the security of your personal data, mostly due to nefarious phishing scams.
Phishing is a con method in which bad actors pretending to be legitimate entities email unsuspecting users and fraudulently attempt to acquire sensitive data, such as logins, passwords, and credit card information. Phishing scams almost always seemingly come from a trusted sender who urgently needs you to verify something related to your account; they might claim to be your insurance company asking you to confirm your social security number or perhaps your bank requesting you login to your online checking portal to update your address. So, you click on the link and are forwarded to a seemingly-legit-but-fraudulent landing page requesting you sign in using your credentials. The scammers capture your logins and other sensitive data – then pretty much do everything they can to exploit this information for their financial gain (AKA take you to the cleaners).
Last year, it was estimated email scams cost consumers more than $1.3 billion and that number tripled from just three years prior. Cybersecurity experts are particularly concerned about phishing scams and other cybercrimes this holiday season, due to the surge in online activity related to pandemic lockdowns.
In the past, anyone with a keen eye could often discern a questionable email or landing page from those of its legitimate counterparts. Things like misspellings, poor grammar and odd email addresses were easily distinguishable red flags. But phishing scams – and the scammers behind them – have gotten much more sophisticated, generating emails that look surprisingly legitimate.
There are still often both glaring and more subtle clues that can help you discern the real from the fake; the biggest being a message requiring you to act immediately or else suffer a harsh consequence. Keep an eye out for our future blog post on the characteristics of phishing emails.
THE TOP 3 HOLIDAY PHISHING SCAMS IN 2020
Fake Package Delivery Scam
According the Better Business Bureau, fraudulent shipping schemes occur frequently during the holidays. In this scenario, you receive an email (or a text or phone call) from USPS or another parcel delivery service informing you they were unable to deliver your package. The scammers (who often do a very good job of pretending to be legitimate) might request you provide them with credit card information in order to reschedule the delivery. Or the email might tell you to click on a link to track your package. If you do click, ransomware or other malware will likely infect your computer and threaten the safety of your personal data.
Best tips: Do not respond to the email and/or hang up on the caller. Look up the Customer Service number for the delivery service and contact them directly to ascertain whether you have a package waiting. Never give anyone who contacts you your credit card information.
Canceled Travel Scam
You booked a trip to the beach this winter for a little well-deserved rest and relaxation. Then you receive an email informing you that your flight has been cancelled (thanks again, 2020) and instructing you to complete a Request for Refund form. You click on the link and fill out the claim; only the form is a fake and you just gave strangers your credit card number. Ouch.
But hey, things are looking up. You just received a couple of free tickets from a seemingly legitimate airline; all you have to do is share a link on your social media pages. Oof. Not only are you not getting the tickets, but you just directed all your social media friends to a fraudulent website that is attempting to scam them out of their personal data.
Best tips: Contact the airline or travel agency directly to determine the legitimacy of a reported cancellation; be wary of free offers, especially if they sound too good to be true.
Last year, Americans donated more than $450 billion to charity. And since the holidays are a time for giving, this year phishing scammers are counting on your generosity more than ever. You have likely already received emails asking for your support. Charity phishing scams play upon a person’s goodwill and lure them to donate to seemingly worthy causes. But in reality, the only people benefitting from your generosity are the scammers and frauds themselves. Experts anticipate an onslaught of charity phishing scams this year that exploit support for people in need like COVID victims and unemployed workers, along with important causes like Black Lives Matter. Scammers will use pressure tactics to urge you to act immediately.
Best tips: Always check the legitimacy of a charitable organization before you donate; a good place to start is the BBB Wise Giving Alliance. Visit the charity’s website for instructions on how to donate.
The best defense against phishing scams really boils down to awareness, diligence and, maybe, a good dose of skepticism. If something doesn’t look right or sounds too good to be true, the only thing you should be clicking is the trash icon. And my last bit of advice. Don’t let the bad guys get in the way of celebrating this year. We all deserve a little cheer.
Stig Ravdal is the President & Founder of Ravdal, Inc., a leading cybersecurity company. He is an expert in the fields of cybersecurity strategy and technology solutions, and is available for speaking engagements.