Catches of the month: Phishing scams for December 2020

In a Christmas in which we’ll be relying on technology more than ever – whether for online shopping or staying in contact with loved ones – we must all be aware of cyber security threats.

According to the UK government, the 2019 festive period saw online shoppers in England and Wales lose, on average, £775.

That’s why it has created the Cyber Aware campaign, which contains guidance on topics such as password security and software updates that will protect you from criminals’ most common attack methods.

Meanwhile, in this blog, we look at three specific ways that criminals may target you in a phishing scam this Christmas.

1. Fake adverts in online marketplaces

Shoppers must always be careful when they turn to online marketplaces, such as social media trading pages and auction websites, because they are typically not subject to the same regulations as standard e-commerce sites.

If you’ve visited one of these sites before, you might be aware of the dangers of price gougers, who inflate prices for in-demand items that you can’t find in shops.

However, according to UK Finance, you should also be wary of the fact that many of the people have no intention of delivering these items once they’ve been purchased.

Because you rarely have to verify yourself in online marketplaces, it can be easy to conduct scams.

The criminal posts an advert on a new account, the sale goes through a third-party system, such as PayPal, and by the time the purchaser becomes suspicious that their package hasn’t arrived, it’s too late: the seller has closed their account and created a new one.

UK Finance says that people looking for game consoles, bicycles and clothing may be most susceptible to this scam – but it’s worth adding that any highly priced item could be used as bait.

2. Order confirmation scams

Many of us buy so many things online during the Christmas period that order confirmation emails become a daily occurrence. It’s hard to keep track of what each message refers to.

That’s why scammers are so successful in sending bogus confirmation emails, such as this one:

Source: Action Fraud

The message might include a random item selected by the scammer (which you presumably haven’t purchased), encouraging you to click the link.

You are sent to a bogus website that’s made up to look like the Amazon login page. When you enter your credentials, you are handing them to the cyber criminals, who now have control of your account.

Alternatively, the message may trick you into clicking the link by giving you a delivery date after Christmas. This is clearly a problem if you want to give the item as a gift, so you would be tempted to follow the link to cancel your order.

You can protect yourself by looking for the tell-tale signs of phishing scams, or avoiding links altogether and visiting the Amazon website from your web browser.

3. Malware hidden in e-cards

We may see an increase in e-cards this year, with people concerned about sending a physical card that will be handled by several other people before making its way to the recipient.

Unfortunately, e-cards potentially contain a different kind of virus. As with order confirmation emails, it’s hard to tell the difference between a legitimate e-card and a scam that contains malware.

Before you open an email attachment, you must make sure you have antivirus software installed. Your email client should also have a spam filter that detects suspicious emails and warns you before opening attachments.

Can you spot a scam?

Make sure your staff know how to identify and avoid scams with our Phishing Staff Awareness E-Learning Course.

This 45-minute course uses examples like the ones above to explain how phishing works, what to look out for and the steps you should take to avoid falling victim.