With the arrival of the 2022 holiday season in the U.S., many workers are wrapping up end-of-the-year projects and looking forward to taking time off. Spending also increases as people travel, make extra purchases, and get into the spirit of the season. Unfortunately, some will try to take advantage of others’ goodwill. Due to the season’s busyness, customers and businesses alike are more vulnerable to getting caught by holiday phishing scams.
Phishing attempts happen by email 96% of the time. They can disguise themselves as holiday sales, messages from your bank, order confirmations for something you didn’t buy, and even offers for free products or gift cards. Knowing a fake email from a real one isn’t always easy, but that are some extra things you can watch for to help avoid them.
What Is a Holiday Phishing Scam?
A holiday phishing scam attempts to gather sensitive information through different means. They are often done by contacting individuals directly, and simply asking for what they want. Unlike a hacking attempt, the goal is to get the target to give information or account access freely. Holiday phishing scams often come through email but can also arrive through phone calls, texts, or randomly found on the internet.
While strategies and frequency have changed over the years, unique phishing websites have massively increased. Compared to Q1 2020, the number of phishing websites has grown by around 300%. They are designed to pretend to be a well-known company they’re not or present themselves as a legitimate business.
What Are Some Signs of a Holiday Phishing Scam?
A well-designed holiday phishing scam may not be obvious at first glance. They’ll attempt to use legitimate logos, write official-sounding messages, and may even use the name of an employee if copying a real company. However, they will often slip up in different ways if you take a closer look.
Sounds too good to be true
Scammers may put together offers that sound too good to be true when phishing for credit card information. It’s a red flag when a person or website is trying to sell an expensive item for close to free. While such bargains aren’t impossible, they’re unlikely. Online tools, like Scamvoid, can give extra insight into a website’s history, creation date, and trustworthiness for shopping.
Unusual email address
One of the quickest signs of a phishing scam is looking at the sender’s email address. They may come from a free email service like Gmail or have an unusual format. Others will make fake email addresses in bulk and won’t even try to hide what they’re doing. Those can appear as a mix of randomly generated letters and/or numbers.
Odd website URL or design
Phishing websites will often try to copy the look of official sites. These fake websites gather login credentials, payment information, and other sensitive data that people input. Phishing sites may also be missing basic features, have misaligned objects, or other issues. They can often be spotted by the website URL, but not always.
Frequent writing mistakes
While mistakes can happen at any level, businesses hold higher quality writing standards as part of the customer experience. Scammers don’t usually go through the same process. That means strange formatting, spelling mistakes, and unusually worded sentences can all be signs of a holiday phishing scam.
A strange request can come in many forms. Your accounting department might ask for data they should already have on file. Or someone may claim you won a $500 gift card, but they require you to buy and send them a $50 gift card code first. If something feels off or doesn’t make sense, there’s a good chance it’s a scam.
Aggressive or urgent tone
Regardless of how they’re reaching out, cybercriminals are ultimately trying to profit from their targets. Some will create an aggressive sense of importance, urgency, or even threaten people to pressure them into acting. If the target is stressed out, they’re more likely to overlook the warning signs and provide sensitive information to fix the situation.
What You Can Do to Avoid Holiday Phishing Scams
Be watchful of the signs and stay aware of modern holiday phishing scams. While there are different warning signs, it can be easier to miss them when you’re busy or in a hurry. Even large companies are not immune. One scammer stole over $120 million from Google and Facebook by sending convincing fake invoices. As phishing attempts become more persuasive, it’s easier than ever to fall prey to them.
Both personal and business information is valuable. Never give away sensitive data to someone unknown or unexpected. Even something as simple as login information can give attackers access to vital systems and documents. Phishing scams can also be combined with tactics like social engineering, where people act like someone they aren’t. It’s worth taking the time to verify someone’s legitimacy.
Whether accessing your company email or browsing the internet, it’s important to watch for holiday phishing scams. You can reduce the chance of becoming a victim through simple steps like paying attention to links you click on, only logging into accounts directly on company websites, and being careful with how you share information. When in doubt, use a trusted search engine to find a business’s official website, and log in or contact them directly from there.
The biggest challenge with phishing scams is how busy people get during the holiday season. When you’re tired from juggling a dozen different things, it’s tempting to skim through emails and click on links without putting much thought into it. Yet, that’s what cybercriminals hope will happen. You don’t have to face cybersecurity threats alone, though. ITonDemand provides phishing protection with email security partners like Micro Trends and SpamTitan.