Enterprise Solutions [Go to GAT Labs for Education solutions here]

5 Sly Phishing Emails ‘Dashing Through your Inbox’ this Holiday Season

See GAT Labs
in action

Table of Contents

Tis the season to be jolly and weary of phishing emails 🔔

 

Every year, phishing soars and roars around the holiday season. After all, it’s the most wonderful time of gift giving and celebration all the way. 

Cybercriminals typically wait for this time of the year to tap the seasonal trend and prey on eager festive shoppers by launching even more sophisticated phishing campaigns — and sadly, many people, and even organizations, fall for it. 

But don’t worry, we’ve been out there doing all the digging to bring you the news you need to protect your data from phishing this season. 

We also recommend that businesses share this list with their staff to avoid accidental data breaches or leakage that could kill everyone’s holiday spirit. 

So grab your eggnogs folks and let’s go through this list of trending email phishing scams making the rounds this year 

5 Phishing Emails to Lookout for During the Holiday Season

 

1. Christmas Themed Emails:

Email security might not exactly be the main thing on your mind as you wrap up work (and gifts!) for the end of year festivities, and cybercriminals are more than aware of that.

“During the festive period, not only does the number of phishing scams increase, but also the quality,” said Jan Oetjen, CEO of GMX.

With all the holidays themed emails you’re receiving, you want to pay close attention to those Christmas email event invites, fake charity requests, flyer, deals and surveys packed with information-stealing malware. 

Such emails are less suspicious than you’d expect them to be, making you think they’re totally legit upon first glance. 

However, many carry malicious executable files or embedded links  artfully named things like ‘Christmas menu’, ‘Shopper’s survey’, etc. to lure you in and steal your data.

** Using the right Data Loss Protection (DLP) tools like GAT Shield can be a real lifesaver during those peak times for Chrome environments as it monitors all activity and provides real-time DLP on all sites, in all locations and at all times.

 

2. Fake Payroll Emails:

As we all patiently wait for December’s much-needed pay check, payroll themed phishing emails prey on our charged sense of anticipation. 

In fact, these emails not only target employees, but payroll officers as well.

Employees should look out for suspicious emails titled things like, ‘Annual bonus’, ‘Christmas incentive’, etc. These emails do not come with attachments, instead they include links to what appears to be a Google document containing concealed malicious files hosted on Google Drive.

Payroll officers, on the other hand, should watch out for spoofed emails with signature blocks of staff asking for change of employee bank details. These emails usually come from attackers providing fake details to steal your staff’s salaries.

 

3. Fake Delivery/ Post emails:

Expecting multiple packages for Christmas? Well, you’d want to be extra careful then.

These ones are super easy to fall when you are actively doing your Christmas shopping online.

These emails look highly legit and trick you into disclosing personal information, account credentials or credit card details.

Keep your eyes wide open for the following tell-tell signs:

  1. Delivery emails asking you to pay a particular customs fee that you weren’t notified about when placing an order.
  2. Customs and import tax scams
  3. Order confirmations with tracking links for items you don’t recall ordering.
    **Leading Tech giant Amazon  warns customers to be extra careful of this particular scam this week.
  4. Order cancellation emails with suspicious links that install harmful malware into your system when you click on them then steal your data.  
An Post Phishing Scam
(Image: An Post)

 

4. Typosquatting, Please:

That is a brilliant mind gaming scam, but not too brilliant for us to detect. You might just need to recall a bit of those ‘Where’s Waldo?’ attention skills.

Typosquatting (also known as URL hijacking) is a form of cybersquatting, where attackers register a domain name that mimics a popular website (eg. Nikee instead of Nike or PayPaI instead of PayPal). 

Before clicking on any links or providing sensitive information, you always want to confirm that an email is in fact from the entity you believe it is. Don’t fall for those visual illusions.

 

5. The ‘You Won’ Scam

The typical ‘Congrats you won!’ phishing emails aren’t exactly new to the scene, yet people are still falling for them, especially when combined with typosquatting. 

These scams always phish for things like credit card details or banking information to rip you or your company off some good money.

The best way to detect them is by applying the ‘’Too good to be true’’ rule. I mean things like £2 for an iPhone 13 is highly far-fetched.

 

Finally, here’s a little Christmas bonus from our side to help you spot those phishing emails:

 

  1. Ensure the email address and the sender’s name match.
  2. Check that the email is authenticated.
  3. Be wary if alarming emails requesting immediate action, such as “Your account will be suspended”, “Update your payment details” or “Contact us immediately.”
  4. Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
  5. Check the message headers to make sure the “from” header isn’t showing an incorrect name.
  6. Check for communication gaps: emails that don’t provide an alternative method for communicating the requested information (i.e. telephone, mail, or physical locations)
  7. Check for peculiar email formats and typos in the names of well known companies.
  8. Invest in a good DLP solution for your company.
  9. Most importantly, avoid opening emails from unknown senders when using devices that have access to important and sensitive data.

Finally, as Santa makes his list and checks it twice, follow his lead and double check files, links, typos and dodgy websites to tell the naughty ones from the nice!

To learn more about how to spot a phishing email checkout our post 5 Tell-Tale Signs of a Phishing Email.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Related Posts

Google Workspace

Admin, Control your Google Drive File Sharing

Google Drive file sharing has gained a permanent position in the structure of many organisations’ daily functionalities of Google Workspace. Never before has file sharing …

Read More
Admin

Google Workspace Admins’ Most Liked Blog Posts in 2022

Google Workspace Admin, are you a lifelong learning fan?  If so, you are in good hands. Instead of looking for learning opportunities blindly somewhere, take …

Read More
Admin

New Year Gmail Clean-Up for Google Admins

It’s a moment of truth, Google Workspace Admin – did your domain users finish 2022 with a mess in their Gmail? If you said “yes”, …

Read More
Admin

Christmas Phishing Emails you Need to Watch out for

Every year online hackers improve their methods of tricking to use them during the festive season. Christmas phishing emails are one of the gifts no …

Read More