Open season for phishing scams and other email security threats

Suspicious seasons greetings

As the holidays approach, inboxes are filled with ecards, messages from relatives, shipping notifications and order confirmations. Internet miscreants will attempt to leverage these emails and the high stress and frantic season to weasel their way into your money box. ‘Tis the season for phishing scams and other email security threats.

Instead of the holiday cheer from an ecard, you might find the gift of malware spreading its way through your bank account ordering new toys for bad little boys and girls in a different part of the world.

To protect yourself and your family and friends from falling for phishing scams and other email-related security threats, be on high alert for the following this season.

Holiday phishing scams and other email security threats

CyberWeek deals

These messages hit your inbox in a surge, offering deals from Walmart, Target, etc. They offer “buy now” and “click here” links to take you to the website to get the deal of a lifetime (or at least, this holiday season).

Tip: It’s sometimes difficult to differentiate these scams from the real offers. Your best bet is to go directly to the website and look for the deal on their home page. Trust me, if they are marketing a product via email, it should be easy to find on their website.

Letters from Santa

Phishing Scams Santa Letter
Photo: Vancour via Visual Hunt / CC BY

Many hackers are now mimicking websites that send letters from Santa to get personal information from unsuspecting parents. They offer a personalized note, phone call or text to make your child’s night. Unfortunately, they steal your personal and credit card information — and you end up with a lump of coal instead of your Santa greeting.

Tip: Use trusted companies that you have used in the past. If this is your first time, check with the Better Business Bureau to find out which businesses are legitimate.

Social media freebies

Offers show up all over social media these days, offering free stuff by liking a page or sharing a post. These might be Facebook accounts that have links to amazing deals that don’t actually exist. Disney Cruise giveaways and free Amazon gift cards are the popular ones this year.

Tip: If it sounds too good to be true, it probably is. Do a Google search for the offer, and see what others are saying about it. You might quickly find that it’s a scam.

Report the scam to the owners of the legitimate website to help prevent others from taking the bait!


Photo enforcement notices

You’re zipping from store to store looking for gifts for friends and family, which means it can be difficult to pay attention to the speedometer. Sly criminals have realized this is a great spot to try and ask you for your SSN and credit card to pay for “photo enforcement” fines.

Tip: Our government does not use email for traffic violations. Look for officially signed and sealed documents in your home mailbox, as well as photos of the infraction, before you dish out the dough.

More email safety precautions

Here are a few more things to look out for while navigating your inbox, regardless of time of year:

Stay away from junk (or bulk) mail. Any email that lands in this folder is probably there for a good reason. Most can be purged immediately.

Test your URLs. A quick test you can perform to determine where a link will resolve is to hover over the link (DO NOT CLICK!) with your mouse.

Be careful with attachments. It’s no longer safe to only avoid attachments with .zip, .jar or .exe files, as attackers are now using more common formats such as Office documents or PDFs.

The rule of thumb is to always be careful with any attachment that you were not expecting, especially if it comes from an external source.


When is the last time your bank sent you a .doc? Never. Delete it immediately.

Last, and most important, if you are not expecting an email with an attachment or link from someone, DO NOT OPEN IT. Your curiosity is the one thing that the attackers need to entice you to fall for their phishing scams.

Want to learn more? Here are some holiday email scams that were active this time last year.

Image by: wuestenigel via VisualHunt / CC BY