You are hereHoliday Phishing and Online Cyber Scams

Holiday Phishing and Online Cyber Scams

By admin - Posted on 07 December 2011

During the holiday season, many consumers will choose to buy gifts and services from online retailers. Malicious actors will take advantage of the increased volume of online consumers and try to exploit those who are unaware of cyber risks and gain access to their personal information. Public and private sector organizations and individuals should remain vigilant when purchasing online. Some of the current threat trends include, but are not limited to:

  • Phony profiles on social networking sites such as Facebook and Twitter are claiming to be legitimate businesses. These fake profiles will look like their legitimate counterparts but clicking on links in these profiles could allow malicious code to be installed on the victim’s computer compromising the victim’s security and privacy.
  • Emails from hotels claiming that a “wrong transaction” has been charged to a credit card have also been reported. The hotel will claim to offer a refund if the victim downloads and completes a refund form. Unfortunately, the form is embedded with malicious code and downloading it installs malware onto the victim’s computer.
  • Emails which are actually phishing scams involving bogus courier services during the holidays. The fake courier will send an email saying there is a package waiting for the victim and ask for personal information in order to retrieve it.
  • Non-legitimate websites claiming to have the “hot” gift of the season when most legitimate retailers are sold out. The non-legitimate websites will tempt the victim to order from them when they actually do not have the item and will steal their personal information and charge their credit card.


The following preventative strategies are intended to help our public and private partners proactively look for emails attempting to deceive users into ‘clicking the link’ or opening attachments to seemingly real websites regarding holidays season ‘deals’. The following represents some best practices to follow but is not an exhaustive list:

  • NEVER click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.

  • NEVER open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

  • DO NOT give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate! Again, be careful when providing any information over the phone.



Syndicate content