Beware of holiday phishing scams

Beware of holiday phishing scams

’Tis the season of giving and joy — not to mention a whole lot of emails from your favorite retailers. But this season also comes with an increased risk of phishing scams. To stay safe during the holiday season, we've identified three popular scams making the rounds and tips on how you can avoid them.

For those readers unfamiliar with phishing: "Phishing" is messaging via email, text, or voice call that appears to have come from your bank or other legitimate organization. However, the message is designed just so the sender can trick you into sending them your account login or online payment information.

1. Coupon or gift card scams

Coupons make Christmas shoppers more willing to spend on items, whereas gift cards are great for when they’ve run out of gift ideas for loved ones. Phishers take advantage of this by sending fake emails about discounted gift cards and generous coupons. They usually either just steal credit card information or money directly from shoppers, but they can also target companies that purchase corporate giveaways.

Email scam artists may also trick people into going to malware-laden websites to obtain discount coupons. If a staff member makes the mistake of doing their personal shopping while at work, they might open coupon scam emails and click on the provided links to get the promised coupons. But clicking on these links will lead them to websites that will infect your network with ransomware and other malicious programs.

To thwart cybercriminals, show your employees how to recognize coupon and gift card scams — deals that are too good to be true are often just that. Tell your staff never to click on email links, but rather verify the authenticity of the deal by visiting the company’s legitimate website. That is, they must type the website’s real URL manually in the URL field or do an internet search and find the real website in the search results. Most importantly, tell staff to shop on their own time, not the company’s.

2. Shipping notifications

During the COVID-19 pandemic, more people got used to online shopping since it’s so convenient. During the holidays, cybercriminals take advantage of this by sending fake shipping confirmation or update emails. These emails look like they’re from legitimate and massively popular websites like Amazon, but they often feature fake email addresses and domains.

Still, phishing emails are sent en masse, and there are some who either happen to be waiting for shipments to arrive or become curious about the shipment notification when they didn’t order anything. They might download malware-laced attachments, thinking that these are receipts. Or they might click on the provided links and try to log in to check their order, but all they end up doing is give their account credentials to scammers.

By their very construction, shipping notification scams are easy to spot. This is because legitimate eCommerce sites will provide all of the relevant information in the email body itself — no need to download attachments or log in anywhere. Scammers, however, are counting on people not knowing this fact, so informing your staff is the best way to keep them from being fooled.

3. Calls for donations

It is standard practice for charities to invoke the season’s spirit of giving when asking for donations. Fraudsters, however, spoof the websites of legitimate charities or create sites for nonexistent foundations to make a quick buck.

Again, people must avoid clicking on provided links or downloading attachments they never asked for. If they’re feeling charitable, it’s a good idea to go out and find a cause they care about. They can share their time, talent, or treasure with a local charity and see the results of their efforts up close, or support internationally renowned charities like UNICEF.

Tech-based ways to protect your business against holiday phishing scams

To safeguard your business, implement the following:

  • Web filter – Create lists that block employees from landing on sites that are not relevant for work. Most web filters can block entire categories of websites, like eCommerce sites.
  • Machine learning-powered email filters – Integrate advanced email filtering solutions that keep phishing emails from everyone’s inboxes during the holidays and all year round.
  • Updated antivirus software and firewalls – The longer these remain outdated, the higher the likelihood that cybercriminals could infiltrate your network.
  • Security patches – Address the vulnerabilities of applications and hardware before hackers take advantage of them.
  • Multifactor authentication – Oftentimes, people reuse access credentials. If they use the same credentials for both their shopping and work accounts and they fall victim to holiday phishing scams, hackers can access both types of accounts. This is bad news for your business — unless you implement multifactor authentication (MFA). MFA asks for more information (such as fingerprint scans) to verify the account holder’s identity. Therefore, even if a hacker gets hold of a user’s passwords, that hacker won’t be able to take over that user’s account.

Rely on Athens Micro to protect your business from phishing and other cyberthreats. Leave us a message or call us toll-free at 1-866-262-4461.


Various cybersecurity mistakes can result in massive data breaches. Learn how your business can avoid them with our FREE eBook.Learn more here
+