SPECIAL EDITION BLOG POST: Santa, Shopping, and Smishing: A Guide to Avoiding Cyber-Scams this Holiday Season  

Santa’s elves may be putting in overtime hours right now, but no one is working harder than cyber criminals! 

Phishing scams in particular tend to increase around the holidays as scammers exploit the rise in online shopping, charitable giving, and holiday-related communication.  

Just how big is this problem? 

According to the FBI’s Internet Crime Complaint Center report from 2021, non-payment or non-delivery scams cost citizens more than $337 million! 

Here are TEN key strategies to avoid phishing scams during the holiday season: 

1. Be Cautious of Holiday-Themed Emails 

  • Avoid Clicking on Suspicious Links: Phishing emails often contain links disguised as promotions, sales, or shipping confirmations. Hover over links to see where they lead before clicking. 
  • Verify the Sender: Double-check the sender’s email address, especially in holiday offers or charity appeals. Scammers may use similar-looking email addresses to impersonate well-known retailers or organizations. 

2. Beware of Fake Shipping Notifications 

  • Track Packages Through Official Channels: Scammers often send fake shipping notifications from delivery services like FedEx, UPS, or USPS. Always track packages using the official website of the shipping company instead of clicking links in emails. 
  • Check Tracking Numbers: Cross-check tracking numbers in emails with your actual orders or delivery history. 

3. Scrutinize Holiday Deals 

  • Too-Good-to-Be-True Offers: Scammers often lure victims with unbelievable deals during the holiday shopping rush. Be wary of heavily discounted prices on high-demand items, especially from unknown retailers. 
  • Check the Retailer’s Authenticity: Before making a purchase, research the seller. Look for contact information, customer reviews, and a secure website (one that starts with “https://”). 

4. Use Multi-Factor Authentication (MFA) 

  • Add an Extra Layer of Security: Enable MFA on your accounts, especially for email and financial services. This makes it harder for scammers to access your accounts even if they obtain your password. 

5. Look Out for Charity Scams 

  • Research Charities: Scammers may impersonate legitimate charities during the holiday giving season. Use platforms like Charity Navigator or GuideStar to verify that you are donating to a legitimate organization. 
  • Donate Through Official Websites: Instead of clicking on email links, visit the charity’s official website directly. 

6. Use Secure Payment Methods 

  • Avoid Wire Transfers or Gift Cards: Scammers may ask for payment through non-reversible methods such as wire transfers or gift cards. Use credit cards or trusted payment services like PayPal, which offer fraud protection. 
  • Monitor Financial Statements: Keep an eye on your bank and credit card statements to catch any unauthorized transactions. 

7. Recognize and Report Phishing Emails 

  • Misspellings and Poor Grammar: Many phishing emails contain spelling mistakes, awkward phrasing, or improper formatting. These are signs of a scam. 
  • Urgent or Threatening Language: Be wary of emails that create a sense of urgency, like warnings about account suspension or missed payments. Verify directly with the company through a trusted source. 
  • Report Suspicious Emails: If you receive a phishing email, report it to the Anti-Phishing Working Group (APWG) or your email provider. You can also flag it within your email service as “phishing.” 

8. Keep Software Updated 

  • Install Security Patches: Ensure your operating system, browsers, and antivirus software are up to date. This helps protect against malware or viruses that phishing attacks may try to install on your device. 

9. Enable Spam Filters 

  • Use Built-In Filters: Most email services have spam filters that block known phishing emails. Keep these filters active to reduce the number of scams reaching your inbox. 

10. Be Wary of Text Message Phishing (Smishing) 

  • Avoid Clicking on Links in Texts: Scammers also use text messages to send phishing links. Do not click on unsolicited links, especially those claiming to be from retailers, banks, or delivery services. 
  • Verify with the Source: If a text message claims to be from your bank or another company, contact them directly through their official channels rather than responding to the text. 

By staying vigilant and cautious during the holiday season, you can reduce the risk of falling victim to phishing scams. Always think twice before clicking links, sharing personal information, or making online transactions. 

Please share this article with your employees! “Human error” remains the number one cause of cyber incidents and cyber criminals are working overtime to take advantage of well-meaning citizens.  

Sources: 

Internet Crime Complaint Center Reports