With holidays fast approaching, cybercriminals are taking advantage of people’s vacation planning, online shopping and expected package deliveries. Millions of phishing scam emails are being sent out daily, spoofing trusted brands, retailers, postal services, banks, stores and more. Many of these emails look legitimate, and it gets harder to tell what’s a real email, and what’s a scam.
When in doubt, don’t click any links in an email. You can always go to the website of the company the email is supposed to be from, or call them to confirm if the email is legitimate if you have made an order or are expecting a package.
You can often spot a phishing email by watching for:
- Threats: Many phishing scam emails use a fake “Missed delivery” or “Address does not exist” notification to scare people into either clicking on a link and entering their personal information or downloading an attachment that’s actually a malware file that infects your computer. Legitimate shipping companies will not do this.
- Misspellings and bad grammar: Many phishing scams originate from overseas and they often contain grammar and spelling mistakes. While legitimate organizations do occasionally send out emails with a mistake in them (it happens to us all), if you spot a mistake, pay extra attention to what the email is asking you to do.
- Links in email: If you see a link in a suspicious email message, don’t click on it. Place your mouse (but don’t click) over the link to see if the address matches the link that was typed in the message. If it doesn’t match, it’s likely a phishing scam.
- Looks similar to a popular website or company email: It’s easy to use graphics in email that have been taken from legitimate websites, so a phishing email or site looks almost like the real one. Instead, they take you to a phoney site or legitimate-looking pop-up window that steals the information you enter and transmits it to their server.
For more information on how you can protect yourself and spot phishing scams, take the IT Security Awareness Online Course – Focus on Phishing, and see the following articles: