Last month, CNN reported in an article that thousands of people only in the US have fallen victim to a phishing bank scam resulting in millions of dollars lost. Most if not all of these recent attacks occurred over the phone initially and are defined as voice phishing.
For those who have not heard of voice phishing until now, it is a form of social engineering used by scammers to obtain sensitive information from potential victims. Social engineering is a pivotal part of any cyber attacks unless the attacker is using a brute force attack, which is rare in most cases. Social engineering also appears in other forms such as fake emails from FedEx and eBay, for example.
Scammers and hackers love the holiday season. It might have something to do with how hectic things are around Christmas, not to mention the excitement of the New Year just around the corner. Many individuals simply are not paying close enough attention to who is calling them or if that email from Target is really from Target. Scammers and cybercriminals know this and deliberately seek out unwitting targets during the busiest shopping season of the year.
This article covers the top three phishing scams known to be used by scammers and hackers during the holiday seasons. Nevertheless, it is important to remember that the phishing attacks listed below can occur at any time of the year. Lastly, scammers and hackers often work in tandem—a scammer is the one who employs social engineering tactics to obtain sensitive information from the victim while the hacker works the technical end of things.
1. Fake Customer Surveys
As touched on above, social engineering is the primary stratagem employed by both scammers and hackers. This makes emailing fake customer surveys offering goodies like free gift cards, cash rewards, and other tempting deals a great lure. Fake customer survey phishing scams usually come in the form of an email supposedly from a name brand retailer. The distinction between a genuine customer survey and one from a scammer (to get your personal identifying information) usually reveals itself in the last few questions.
The biggest red flag question is one that requires you to submit any personal or financial information. If a customer survey you received in an email seems suspicious, do not hesitate to contact the company it seemingly originated from and inquire about it. If you do not feel like spending the time to do that, the offering is probably not worth the risk.
2. Malicious Embedded Links
Most Internet-savvy people are wise to the malicious attachments trick; clicking on or downloading any attachment from a source you do not recognise (and even those you do) puts you at risk of downloading malware. However, a lot of people still fall victim to malicious embedded links. All it takes is one click and a few seconds loading for an infected website to download malware onto your computer.
Anyone with a little skill can make a link look legitimate. As a general rule of thumb, it is never a good idea to click on any links from emails unless you know why the email was sent to you (i.e., a password reset).
3. Fake Flyers and Suspicious Deals
At the height and frenzy of the holiday shopping rush, the average individual could very easily find a dozen or so emails daily from advertisers offering all sorts of discounts from retail sites you have visited at one point or another in the past.
Do not become complacent while skimming through these seemingly familiar emails; somewhere hiding among the innocent emails might be lurking that one needle in the haystack. By clicking fake flyers and suspicious deals, you are inviting malware to infect your computer.
getNEXT‘s Security Solutions and Managed IT Services give you comprehensive protection against any cyber-attacks. Let getNEXT provide you with peace of mind without worrying about data breaches or system downtime and improve your current IT performance.