Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

What You Can Do to Better Prepare Yourself for Holiday Scams

David Bienkiewicz
Nov 27, 2019 1:29:51 PM

It’s that time of the year again! With the holiday season upon us, many criminals will be attempting to scam people via phishing emails. This time of the year (Black Friday, Christmas) is the most lucrative for attackers due to the fact that stores are having a crazy amount of sales with tons of marketing emails and content to promote these sales. Unfortunately, people often fall for these fraudulent emails asking them to click a link or download an attachment to get special deals.

In this blog post I’m going to share with you ways you can mitigate your risk of falling victim to holiday scams attempting to steal your private information. I would love to just say don’t click on any email link or attachment that sounds too good to be true, but the problem is that there might be legitimate Black Friday deals that you just don’t want to miss. Luckily there are simple ways to identify phishing emails. Emails that stores send out are essentially just shortcuts to their site. If you receive a sale offer from a store but you aren’t sure if the email is legitimate, you can just navigate to their site using your phone or computer instead of clicking the link in the email. Then browse the site until you see the deal that you saw in the email, and if it’s not there then there is a good chance it is an attacker trying to get your credit card information or login for your store account. Another way you can check to verify that these sales are actually happening is to call a store near you. There are also the standard tips for avoiding phishing emails that I provide in many of my blog posts:

  • Check the sender email address
  • Hover over links to see if they take you to a legitimate site before clicking
  • Avoid downloading suspicious attachments
  • Look for spelling and grammar mistakes
  • Were you expecting the email? Are you even signed up to receive emails from this store?

Most online retailers also now provide MFA (multi-factor authentication) for accounts on their websites. Enabling this feature forces you to verify your login with a code sent to you via text, call, or email and adds an extra layer of security to your account. Don’t use the same password for every site you shop on! If an attacker is able to retrieve a password of yours, they could always try it on different sites and if your passwords are all the same then the attacker now has access to all your accounts. You should also check your credit card statements regularly to see if there has been any suspicious activity.

Finally, the holiday seasons are a popular time for scammers to attempt scare-tactic scams. These can include fake emails, texts, and phone calls claiming to be from a family member in need of immediate financial assistance, or from law enforcement demanding some fee be paid. In some cases, the criminals will go as far as duplicating email addresses and phone numbers of those they are impersonating, making it more difficult to identify them. Always handle these urgent scare-tactic scams with logic and patience. If you are unsure of their identity, ask a few questions only the real person would know, or simply hang up and call them back at the number you have for them in your contacts. Verify any emails with the phishing email tips listed above.

While the holiday season is one of the most fun and enjoyable times of the year, it’s also a big payday for most scammers. While the tips I’ve offered today are aimed at helping you protect your personal information and money, Compass IT Compliance also specializes in training your staff to recognize these threats. We offer online and on-site security awareness training, as well as simulated phishing emails and vishing phone calls to test your staff. Do you believe your workforce is ready to meet these threats head-on? Contact us today to learn more about these effective services!

You May Also Like

These Stories on Social Engineering

Subscribe by Email

No Comments Yet

Let us know what you think