Are Your Employees Prepared for This Year's Holiday Phishing Scams?

The holiday season is here, and that means a whole new slew of phishing attacks added to what companies already see coming into inboxes every day. 

The holiday season is here, and that means a whole new slew of phishing attacks added to what companies already see coming into inboxes every day. 

Holiday-themed phishing can be particularly dangerous because people tend to be distracted by holiday planning and events and can easily get fooled by a clever phishing scam.

Employee email security awareness of phishing is vital to reducing your risk of falling victim to an attack. Email is the #1 conduit used for malicious attacks, including malware, ransomware, and more. If employees learn to recognize phishing, they can avoid clicking a dangerous link or file attachment.

Every minute, $17,700 is lost due to successful phishing attacks.

What can happen when a phishing link or attachment is clicked? Scammers use email for a wide variety of attacks on business networks and data, including:

Knowing what types of holiday scams to watch out for can help your team identify them when they come in during the course of a busy day and avoid a potential IT security incident.

Fake Holiday Phishing Scams to Watch Out For

Gift Card Scams 

Gift cards scams are prevalent during the holidays. Scammers look for a quick pick up of some cash by sending millions of these emails every year.

In this scam, an employee receives an email that appears to be from someone in their company (the scammer uses email spoofing). The scammer will usually try to find a higher-level position person, whose name they’ll use to send the email.

It will request that the recipient purchase gift cards either for employee or customer holiday gifts. There is usually an urgency in the request, such as “I completely forgot to have this done and need these in two hours.” There is also a mention of “being in meetings and unreachable” to discourage the recipient from double checking with them by phone.

Finally, the scam will ask that the gift card numbers be emailed. Of course, the scammer cashes them in immediately and the employee or their company is out the money.

Fake Order Receipts

One of the first reactions when you receive an order receipt for something you never purchased is to click the link in the email to find out how to fix the issue.

Fake order receipt phishing emails are designed to look like they’re from legitimate companies. They often fool people into believing they’re real and then reacting out of emotion rather than questioning the email first.

It’s easy for an employee to get fooled by one of these, especially when real order receipts may be coming in as well from legitimate holiday shopping.

Bogus Tracking Emails

Another type of email that comes in more frequently during the holiday season is the tracking email that’s sent when an order is shipped. Bogus phishing scams take advantage of this fact, and spoof the signatures and email formatting of companies like UPS and FedEx.

Clicking the link can take a person to a site that injects their computer with malware or serves up a fake sign-in form designed to steal login credentials.

Fake Holiday Party Surveys/Notices

While there may not be as many in-person holiday parties this year due to the pandemic, there are still plenty of other types of holiday activities. Companies often plan holiday events to reward employees and celebrate the season.

Phishing scammers take advantage of this fact by sending fake holiday party surveys or informational notices.

A phishing scam may purport to be a survey for “what to do this year for our holiday party” or claim to contain an attachment with directions to an event.

Requests for Charitable Donations

Nonprofit organizations often increase their outreach during the holidays, and unfortunately, so do phishing scammers.

They’ll spoof legitimate charity names or choose a domain that’s very similar, and request donations using emotion-evoking images. The goal here is to not only get the donation to their fake charity, but to also get the person’s payment card details.

How to Help Your Employees Spot Holiday Phishing Scams

Employee training is one important piece of cybersecurity and phishing prevention, but in the busyness of the season, it can be easy to get fooled when looking through an email inbox quickly.

eMailAde is like an email security assistant for your employees. This tool analyzes all incoming email and will mark each message for the recipient as either safe, potentially dangerous, or dangerous. The visual warning system helps employees immediately identify holiday phishing scams and avoid being fooled by them.

You can try eMailAde Outlook for Windows right now free for 14 days (no credit card required). It’s fast to install and it can start protecting your business from phishing scams within 5 minutes!

Get early access to eMailAde today!

References linked to: