Is that a real tacking email from FedEx or is it a fake? Should you open that holiday schedule that looks to be from a supplier, or is it a trap?

These are the questions your employees should be stopping to ask themselves during the holiday season when phishing scams mimicking common seasonal emails are out in full force.

90% of employees have problems identifying phishing emails.

2020 has already seen a major rise in phishing due to the coronavirus pandemic. During the first quarter of the year, phishing was reported to be up by 350%.

Now, with the holiday season starting, even more phishing is about to hit users’ inboxes that are themed around the holiday season.

Without the right IT protection and employee training, Tucson businesses can easily get hurt by a successful holiday phishing attack. All it takes is one mistaken click to end up with major losses from a ransomware infection or data breach.

Since employees are on the receiving end of these threats, it’s important they know how to identify them and avoid being fooled.

Popular Holiday Season Phishing Emails

How do holiday season phishing emails differ from phishing that comes in the rest of the year?

The main difference is that phishing emails around the holidays will try use the activities that happen around the season as a way to trick people into responding.

For example, holiday party invitations come during November and December, so hackers will take advantage of that and spoof these in their seasonal phishing attacks. To hackers, phishing is a business, so just like retailers have seasonal sales and promotions to capitalize on the holidays, phishing scammers do the same.

Here are some of the most popular types of holiday phishing emails that employees need to be on the lookout for.

Holiday Closure Schedules

Many companies send out their holiday closure schedule to customers and vendors this time of year. This is a popular type of email to spoof because it often includes a file attachment or link to a document.

Be especially wary of any holiday schedule emails, and check with the purported sender by phone to make sure they’re legitimate before opening them.

Fake Order Emails

Phishing criminals can send order emails that look just like the real thing, spoofing the look of Amazon and other retailer emails. The recipient sees the unfamiliar order from a known company, thinks that there must be some kind of mistake, and clicks the email order link without thinking.

These emails can either lead the user to a spoofed sign-in page designed to steal their login or take them to a site that does a drive-by malware injection.

Hovering over links without clicking on them often reveals these fakes because it shows that the URL isn’t going to the purported retailer site.

Fake Tracking Emails

Another email type that is seen in high numbers through the holidays are tracking emails for online orders. Hackers use this as a tactic as well to fool a recipient into thinking a phishing email must be from one of their recent holiday shopping sessions.

It’s always better to check directly on a website for tracking rather than to trust an email link.

Holiday Event Plans & Surveys

Who doesn’t love getting an email about an upcoming holiday event or a survey about what the office should do for the holidays this year? It can be a welcome respite from the workday, but it can also be a phishing scam.

Always check with your office by phone, or ask someone in person if you’re at the office before opening any type of company-related holiday event or survey email.

Gift Card Scams

Gift card scams are a favorite of cyber criminals during the holidays. This type of phishing is usually done as a targeted whaling attack or spear phishing attack.

The reason is that this scam needs to be targeted to work. The scammer needs to have the email address of a higher-level manager, one that other employees would tend to follow.

The scammer then sends and email or text that looks like it’s from the manager to an employee that has a lower organizational rank. The email or text will go something like this:

“I completely forgot to have gift cards purchased for important clients and I’m visiting several this afternoon. I need you to purchase 10 $100 iTunes gift cards and email/text me the numbers within 2 hours. I’ll make sure you’re reimbursed as soon as I’m back. I’m heading into a meeting so won’t be able to be reached for the next few hours. It’s vital I have these. Thank you!”

The scam depends upon the employee’s need to please their boss and do as they’re told. It also uses the tactic of urgency to get the employee to act fast without thinking. Of course, as soon as the scammer gets the gift card numbers, they’re spent and long gone.

If employees see any type of request regarding gift card purchases by email or text, they should follow up to ensure it’s legitimate using the contact details they have for that person before taking any kind of action.

Backstop Your Employees with Spam & Phishing Protection

ECN IT can help your Tucson business put important safeguards in place like email and DNS filtering that block malicious emails and websites.

We’re here and ready to talk phishing security with you! Reach out at 520-355-7553 or through our website.