Watch for These 6 Phishing Scams During The Holidays

Phishing is a type of cyberfraud that uses deceptive emails and other electronic communication to trick people into sharing sensitive information, clicking on malicious links or opening harmful attachments. During the holiday season, when inboxes are full of shipping alerts, donation requests, travel confirmations and online shopping deals, it becomes even easier for cybercriminals to disguise fake messages as legitimate ones. Beyond email, they may also use text messages, social media messages, fake or misleading websites, voicemails or live phone calls that appear tied to holiday activity. This article outlines six common types of phishing scams that tend to surface around the holidays and offers practical tips to help you avoid them and protect your information.

Types of Phishing Scams                         

Many significant cyberattacks have included a phishing component. In fact, in its 2021 Data Breach Investigation Report, Verizon noted that phishing played a role in approximately one-third of all breaches analyzed. The following are six of the most common types of phishing scams:

1. Deceptive phishing—Deceptive phishing is when a cybercriminal impersonates a recognized sender to steal personal data and login credentials. These emails often trick victims by asking them to verify account information, change a password or make a payment.
2. Spear phishing—A spear-phishing scheme is typically aimed at specific individuals or companies and uses personalized information to convince victims to share their data. In these instances, cybercriminals will research a victim’s online behavior—such as where they shop or what they share on social media—to collect personal details that make them seem legitimate.
3. Whaling—Whaling aims to trick high-profile targets such as CEOs, chief financial officers and chief operating officers into revealing sensitive information, including payroll data or intellectual property. Since many executives fail to attend company security trainings, they are often vulnerable to whaling scams.
4. Vishing—Vishing, or “voice phishing,” occurs when a criminal calls a target’s phone to get them to share personal or financial information. These scammers often disguise themselves as trusted sources, such as a bank or the IRS, and rely on creating a sense of urgency or fear to trick a victim into giving up sensitive information.
5. Smishing—Smishing refers to “SMS phishing” and incorporates malicious links into SMS text messages. These messages often appear to be from a trustworthy source and lure victims in by offering a coupon code or a chance to win a free prize.
6. Pharming—Pharming is a sophisticated method of phishing that redirects a victim to a site of the cybercriminal’s choosing by installing a malicious program onto their computer. The goal is to have users input their login credentials or personal information, such as credit card numbers, on the fraudulent site.

How to Protect Against Holiday Phishing Scams

As more criminals turn to online scams to steal personal and company information, the busy holiday season gives them even more opportunities. People are shopping online, tracking packages, booking travel and responding to donation requests, which creates a perfect environment for fake shipping notices, bogus order confirmations and fraudulent charity appeals. While no single cybersecurity solution can stop every phishing attempt, the following actions can help minimize their frequency and impact during the holidays and into the new year:

Stay informed about holiday-themed phishing techniques.

IT administrators should watch for new scams that tap into seasonal activity, such as fake gift card offers, year end bonus notifications or “problem with your delivery” emails, and build timely training around them. Mock holiday phishing scenarios can help employees practice spotting real attempts before they click.

Examine each message before clicking.

Holiday phishing scams often hide behind rushed shopping and travel plans. Before clicking, inspect URLs for odd spellings or extra characters. A secure website should start with “https.” When in doubt, type the retailer, shipper or charity’s web address directly into the browser instead of using a link. Remember that many scams rely on emotional hooks such as “urgent,” “last chance” or “account frozen,” so slow down when a message feels intense or panicked.

Keep computer systems up to date.

During the holidays, attackers count on people being too busy to install updates. Security patches close loopholes that cybercriminals can exploit. Download and install new software and browser updates as soon as they are available.

Never give out personal information in response to unsolicited holiday messages.

As a general rule, do not share personal, login or financial information in response to emails or texts about sales, donations, deliveries or travel changes. If a message appears to be from a known company, go directly to the organization’s official website or call a verified number to confirm whether the request is legitimate.

Use antivirus software across all work systems.

Ensure antivirus software is installed, active and updated on all devices used for work, especially as more employees may shop or check personal email from work machines during the season. This helps detect and block many phishing related threats.

Back up data regularly.

Because phishing attacks often deliver malware, including ransomware, organizations should maintain a robust, tested backup program so that a successful attack does not halt operations or permanently destroy data.

Phishing scams are becoming more sophisticated and often spike during the holidays when people are distracted and moving quickly. By taking practical precautions and reinforcing good cyber habits now, organizations can reduce their exposure to these seasonal threats. For additional risk management guidance and insurance solutions contact CoyleKiley today.