‘Tis the Season … For an Uptick in Spam and Phishing

In some countries, the festive winter season comprising Christmas and New Year is called the “silly season” because of the high number of people “drunk posting”—consuming greater amounts of alcohol and then engaging in social media channels or other internet-based activities. In that state, they might not be sufficiently aware of scams and phishing attempts.

Being under the influence of alcohol is not the only thing that can make people less vigilant about defending themselves against the dark side of the internet during. The idea of taking extended time off during the holidays or focusing more on buying gifts can be welcome distractions from work, but they often result in people letting their guard down while online.

These and other factors could cause even the most tech-savvy people to fall victim to spam offers and other attempts by hackers to steal information through phishing tactics.

Some Spam Originates Through Fake Apps

Black Friday is best-known in the United States, but the awareness of it has spread to other countries, too. Unfortunately, hackers know the popularity of the shopping day makes people potentially more likely to fall for spam as they search for deals, even through apps.

An analysis from RiskIQ checked through the Black Friday apps available for download and found more than 5 percent of them were not from legitimate brands. The risk of receiving spam offers from such apps goes up when people want to buy things from leading brand names.

The study showed that the top 10 most trafficked brands had an average of 17 fake apps each, and the titles or descriptions of those apps typically contained “Black Friday” as well as branded terms—both tactics intended to people think the applications were genuine.

A straightforward way to stay protected against such attacks is to only download brand-based apps from the store’s homepage. Of course, even when taking that approach, it’s essential to type out the URL in a browser address bar instead of clicking on a link that could redirect to a fake site.

Most Scams are Preventable

According to a U.S. Federal Bureau of Investigation special agent with the organization’s Nashville office, almost 90 percent of holiday scams are preventable if people use common sense. For a start, that means evaluating offers and deciding whether they seem too good to be true.

One frequent trick lottery scammers use is to tell “winners” they’re the rightful recipients of substantial amounts of money, but they must provide their bank details for a wire transfer. Then, instead of transferring the money, scammers drain the accounts. With that in mind, reminders to always read emails or other online communications carefully and not jump to hasty conclusions can go a long way in helping protect the corporate network during the holidays.

People who want to delight their loved ones with thoughtful gifts and hear they have to act quickly to take advantage of offers they may not weigh the pros and cons thoroughly. But, reminding them to do just that, even in seemingly urgent situations, could avoid catastrophes.

Some Phishing Attempts Masquerade as Invoices

People are exceptionally concerned with tracking their orders during the holiday season. Knowing that, scammers have updated a well-known phishing technique that involves sending an invoice instructing the recipient to click on a link if they do not authorize the charges.

The invoices are for things people genuinely didn’t buy, and scam artists know it. However, they’re also aware people may assume the busy nature of the holiday season makes it more likely for merchant-related errors related to misdirected invoices to happen compared to other times of the year.

Rather than clicking the link—which would go to a page requesting personal details—people instead should go directly to the webpage of the company that supposedly sent the invoice. They could then use official channels, such as a customer service live chat, phone number or secure email service, to inquire if the received document is real.

The Danger of Fake Shipment Confirmations

Another malware scam involves fake shipment confirmation messages that seem to come from established retailers. Security researchers started keeping tabs on this problem several years ago. The emails typically feature branded headers and instruct people to click on links to get more details about their shipped orders. But, when they do, that action installs malware onto their machines. Alternatively, the link could redirect to a form people must fill out to confirm their identity for “security purposes,” but is nothing more than a phishing technique.

Most merchants allow consumers to track orders directly on official sites. That way, they don’t have to deal with email correspondences for order updates.

There are straightforward ways to detect these fraudulent messages when they arrive. Authentic emails usually address purchasers by name, but the fake ones often are generic, which makes them usable for multiple victims. Also, there often are spelling or grammar mistakes that a real company would have caught before the communication was distributed.

Some machine learning tools detect phishing by analyzing the graphics, phrasing and communication patterns associated with an actual business, then recognizing deviations in those characteristics that could indicate phishing attempts. Moreover, tools integrated into email platforms can automatically detect for potentially malicious links or attachments.

Those interventions are helpful, but they don’t negate the need for people to scrutinize emails themselves and not click on parts that seem suspicious.

Interest in the Holiday Season Drives Spam Messages

When cybercriminals create spam, they use topics they believe will appeal to the largest segment of people. Those often determine spam content.

Other seasonal spam shows up in inboxes, as well. The messages might relate to impressing someone special on Valentine’s Day or saving money on school uniforms before the school year begins.

Slow Down and Recognize the Scams

The holiday season is a whirlwind of activity for many people. Unfortunately, that means they may not take the usual precautions that help them notice potential spam and phishing attempts.

Even as people feel as though they have too much to do during the holidays, they should take care to avoid rushing so much that they fall into cybercriminals’ carefully laid traps.

Featured eBook
7 Reasons Why CISOs Should Care About DevSecOps

7 Reasons Why CISOs Should Care About DevSecOps

DevOps is no longer an experimental phenomenon or bleeding edge way of delivering software. It’s now accepted as a gold standard for delivering software. It’s time for CISOs to stop fearing DevOps and start recognizing that by embedding security into the process they’re setting themselves up for huge potential upsides. Download this eBook to learn ... Read More
Security Boulevard
Kayla Matthews

Kayla Matthews

Kayla Matthews writes about cybersecurity, data privacy and technology for Digital Trends, Cloud Tweaks, TechnoBuffalo and The Daily Dot. To read more of Kayla’s articles, visit her blog Productivity Bytes.

kayla-matthews has 14 posts and counting.See all posts by kayla-matthews