'Tis the season to be scammed

The most successful phishing attacks are the ones that lure victims effectively, and hackers use timely lures around current events and holidays to make themselves relevant and convincing. Since holidays are fixed calendar events, the overall volume of phishing emails generated per year tend to fluctuate in predicable patterns, with the summer generally having fewer phishing emails but a huge spike occurring around Black Friday and when people receive tax returns. The number of phishing emails this year has been much greater than in previous years because hackers are finding more people vulnerable to email-based attacks.  

As COVID-19 has caused more people to work or school remotely, phishing campaigns have exploded in popularity, and the number of successful scams is overwhelming the attempts to thwart them. As the holidays approach, more people are choosing to shop and celebrate together electronically as opposed to in person, which means the number of new phishing campaigns is suspected to rise to an all-time high. Going forward, it will be important to recognize and respond correctly to these phishing attempts in order to keep your data and privacy protected.

The boom in phishing campaigns over the holidays will be from two different fronts: phishing impersonating commercial businesses and campaigns taking advantage of current events. Commercial businesses and eCommerce based phishing are particularly successful around this time, as more people expect emails from these type of businesses and respond or interact with them instead of avoiding them. These types of phishing attacks can look like password reset emails, product shipping and delivery updates, and fraudulent gift card or promotional offers. Commercial phishing like this is usually focused on financial damage, trying to get access to your credit card or banking information.

Current event scams are looking to leverage the upcoming holidays, as well as COVID-19 related information and relief. Phishing attacks disguised as holiday events, charities, e-cards, or personal requests are looking to steal credentials, credit card information, and account credentials. COVID-19 related scams are especially sinister, looking to intercept relief funds or push malware onto the victim’s computer through attachments advertising the latest information on the spread and prevention of the virus.

Even if the expected volume of phishing emails is anticipated to increase dramatically, you can handle and prepare for them the same way you prepare for any other type of phishing campaign. Be cautious of unsolicited emails, and be extremely cautious of emails with attachments. Attachments like PDFs and Word documents can install malware or send commands that compromise your account or device when opened. Be sure to check URLs closely, because there are multiple ways to obfuscate a hyperlink within an email to send users to a credential harvesting website, malware repository, or fraudulent e-commerce marketplace. To prevent any redirection through a phishing email, manually type in URLs to known websites to avoid clicking on a phishing link masquerading as a legitimate website. The best way to prevent unauthorized access to your accounts if they do get compromised is to enable multifactor authentication. Help keep your privacy and identity safe this holiday season by remaining vigilant and aware of potential threats in your inbox.