The winter holiday season is a time when families get together to celebrate the holidays and companies hold holiday parties. Along with the festivities comes gift giving, festive meals and holiday deals. So, not surprisingly, it’s also a time when people increase their online shopping, clicking on links to get coupons and make their purchases, and opening confirmation emails. Consequently, it is also the season when there is always an increase in cyberattacks, putting your company at risk. (The cyber criminals are enjoying the holidays too!) Installing malware through phishing and other online scams accounts for the largest number of cyberattacks. These are a few of the types of phishing scams to look out for this holiday season.
“Thank you for your order” and “Delivery Confirmation” Phishing Scams
When you’re shopping online, you expect to receive emails that say “thank you for your order.” Several malicious thank you emails are being sent by cyber-criminals that appear to be coming from Ikea, complete with the Ikea logo (though they could come from any company). Even if you didn’t order something from that store, the official appearance of the email is designed to make you curious, or scared about an order you did or did not place. Don’t open the attached confirmation document or click on the embedded link! Opening the attached document will infect your computer with a Trojan which can target your bank account. When you next sign in on your bank account site, the Trojan will steal your sign-in credentials with the goal of breaking into your bank accounts to steal your money. The link in these emails typically gives hackers access to your personal information including passwords and credit card numbers.
The Ikea “thank you for your order” phishing emails are being sent to small and medium sized businesses. The person receiving the email might think that someone else at the company ordered something and will fall for the scam. The Trojan then gets access to the company’s bank account.
Phishing emails that appear to be from retailers are also being sent regarding “delivery confirmation.” Always check the sender’s email address to confirm that it is actually from a store from which you placed an order, and that it is spelled correctly. If you’re not sure, type the store’s website directly in your browser and login to your account to check the status of your order.
“Discounts” Phishing Scams
Other phishing scams related to holiday shopping include bogus online discounts or coupons that link to phishing sites, and emails promising great online deals that contain malicious links. Entering your personal information on a phishing site is literally handing over the information to the cyber-criminals. Clicking on links in phishing emails typically installs malware on your computer. (Keep in mind that someone in your company might be looking for discounts online even to order items for your business. If the infected computer is connected to the network, the malware can infect the whole network.) Be wary of online ads (even paid ads) and don’t click the links in emails from unknown senders.
Instead, type the name of the seller and product into a search engine (like Google or Bing), read the reviews to make sure that it is a legitimate company, and confirm the web address of the company. If you make a purchase, make sure the URL of the site into which you type your credit card number begins with https:// instead of just http://, (the “s” stands for “secure”), and make sure the name of the company is spelled correctly in the URL.
Emails “About Your Account”
Fraudulent emails are being sent to unwitting recipients regarding their accounts that appear to be from different banks, PayPal, the Apple Store, AOL, Amazon and more. The subject of the emails have been “Your Account Has Been Blocked,” “Important Notice,” “About your last Transaction,” “Please Read,” “Resolve remote access,” “Your account has been hacked,” and other messages that seem important.
If you receive an email purporting to be from your bank or other company with which you do business, hover over the links to make sure the name of the bank or other company is spelled correctly in the URL. If you’re not certain that it is legitimate, don’t click on the link! Go directly to the company’s website to find the information. The links in a phishing email that appear to be from a bank or other company could actually install malicious software. Or the link could bring you to a phishing site that collects your login and payment card information.
Don’t let the celebration of the holidays distract you from safe cyber-security practices. Be wary of the emails you receive and of online deals, and be on the lookout for phishing scams. The Big Idea team reminds you to stay safe online so you really can enjoy the holidays!