Security Scout on Holiday Phishing Scams

Be on the Lookout for Holiday Masqueraders!

The holidays and end of the year rush makes you more likely to fall victim to a phishing scam and the bad guys know that. It’s important to know hat to look out for at work and at home to keep you, your family, and your workplace safe.

The most common types of phishing emails seen around this time of year include fake invoices, purchase orders, coupons, and special offers. Similar to other phishing emails, it will use the company’s logo and appear to use its real website, but if you look closely and hover over links and the sender’s email address, you will see it is fake.

Phishing email example

A common example is using a different type of font or display for the link:

Real vs Fake site image

Another example is to use a shortened URL to try to hide where it will take you: https://tinyurl.com/yatrukrh

You can check a shortened URL to see if it is safe using one of these sites:

The email may have a sense of urgency which will make it more likely for you to act without verifying its authenticity.

It might ask you to download an invoice attached to the email or click a link to enter payment information or a username and password to an online account. All of these are set up to steal your business/personal information and/or infect your system with malware.

Other topics to look for are sudden password change requirements, sales, discounts, or offers that are too good to be true or that you must act quickly to take advantage of, suspicious account activity notifications, and identification confirmations that you have not just initiated (e.g., like a code you receive to confirm logging into your bank account or EHR).