It’s the Holiday Season and Scams Will Multiply – Here’s How to Protect Yourself

A fishing hook stealing a credit card.

We’re coming to the peak shopping season: Black Friday, Cyber Monday, Thanksgiving, Christmas and New Year – and the scammers are gearing up for a killing!

Here are two common methods that are used to scam people at this time of year:

1. Phishing scams

Watch out for Phishing scams – where the cyber-criminals trick you into revealing your login details to one of your accounts: your bank account, credit card account or whatever.

A Phishing emailEmail is the most common way the scammers set the trap.

An email message that appears to come from a service provider you use, lands in your inbox with a message telling you that you need to take some urgent action – for example: your account has been suspended and you need to log in to reactivate it.

For your convenience a link is included in the email – but don’t click it..!

Navigate to your normal login page and log in there. 99 times out of 100 you will find that, actually, everything is working perfectly normally.

The email is well-branded (a very good copy of the institution’s branding) and clicking the link will take you to a fake website page (which is also an excellent copy).

The sole purpose of that web page is to collect your login details for the scammers, so don’t click the link in the email!

2. Purchase delivery notices

Sample of a delivery status emailIf you’re having any purchases delivered from Amazon (or any online retailer), watch out for emails that appear to give details of your delivery, or warn you that your delivery may be delayed.

These could look as though they come from wherever you made your purchase, or from Fedex, DHL, UPS or any delivery company, and they often contain attachments that are labelled ‘Delivery details’ or something similar.

The attachments contain nasty scripts, which are activated when you open them, so don’t..!

This is a great way for the scammers to get ransomware onto your computer.

Delete the email immediately and empty your recycle (or trash) bin while you’re at it.

Be extremely careful of opening any email attachments if you don’t know what they are, and always check and verify the originating email address before you do so.

Emails from people in your contact list

Even emails from your friends or contacts can be trojan horses if they include an attachment that contains malware.

If a hacker has managed to get access to your email address list, or the email address list of one of your friends, they can send emails that appear to come from one of your contacts – this makes you more likely to open them.

In fact, these emails come from the criminals who hacked your email address list.

It’s easy for them to falsify the name of the sender, but more difficult to falsify the originating email address.

Always check the sender’s email address (not just their name) before opening any emails that contain attachments.

If your email client doesn’t display the sending email address by default – webmail applications such as Gmail don’t – you can hover your cursor over the sender’s name and the sending details will be displayed.

It’s good safety practice to make sure you know how to see and verify the sending email address, so take care of that now, before you’re hit with a scam.

Long story short: treat any emails that come from senders with whom you don’t normally interact, with great suspicion.

Stay safe,

Martin Malden

Martin Malden
Owner – WP Security Basics

P.S. Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):