As you’re cozying up with a hot drink and a blanket while updating your website for the holiday season, your mind is probably racing with excitement at the idea of incoming orders - not cybercrime or phishing attacks. Unfortunately, this time of year is rife with opportunities for cybercriminals to make a quick buck, so you need to be on your guard.
While the specifics of phishing attempts often change every year, here are the most common holiday phishing scams that target small businesses during the holiday season.
A Quick Note on Phishing Scams
Before we dive into this, it’s worth noting that not every phishing attempt will ask for your credit card information. Cybercriminals may also ask for personal information that can be used to commit identity theft. They may also include malicious links or attach a document that contains a virus, ransomware, or another form of malware.
One of the most prominent phishing scams during the holiday season involves shipping notifications.
Because small business owners like you are ordering higher levels of stock or materials to meet demand, cybercriminals will send an email claiming to be from UPS, USPS, FedEx, Amazon, or another courier company saying that your parcel couldn’t be delivered. Usually, the scammer will claim you need to pay customs fees or unpaid shipping charges.
Variants on this include fake order confirmations or tracking buttons, designed to look like authentic emails from large stores like Amazon.
These are designed to create a false sense of urgency - whether that’s to give them your credit card details, your login information, or other sensitive or personal information - so you act without thinking.
Many suppliers will send gift cards to small businesses during the holiday season, and cybercriminals use this to their advantage.
These gift card scams will appear to be an email from your supplier or another small business you recognize. This phishing email will tell you that you’ve received a gift card or coupon as a holiday gift, and you’ll need to claim it by following the attached link.
Again, this link will likely be a spoofed login page and will ask you to log into your account to claim the coupon. Or, you might be asked for your credit card information to “apply” the coupon to your next purchase.
Similar to the gift card phishing scam, you might receive an e-Card claiming to be sent from a friend via Hallmark or another recognizable greetings card company. This might be a link to a spoofed website that downloads malware onto your system, or a malicious attached file that contains malware.
These phishing scams have been circulating for decades, but they rarely ask for your credit card number. Instead, you’ll likely receive a form of malware that can steal your login credentials and other information directly from your system before it’s detected by your antivirus software.
This phishing scam involves a spoofed email, claiming to be from a friend, a supplier, or another small business, asking if you can donate to their GoFundMe or holiday donation drive.
As you might have guessed, if you click on the included email link, you’ll see a spoofed donation page. These malicious sites are filled with heartfelt images claiming to be from a recognized charity. Scammers aren’t just looking to make a quick buck, though - they’re after your credit card details so they can steal thousands of dollars from you.
Finally, we have the classic bank notification scam. This can take a lot of different forms, so you need to be vigilant.
The most common fake notifications that circulate during the holiday season are:
- You’ve gone into overdraft
- A bill couldn’t be paid
- The bank blocked an unauthorized use of your credit card
- Someone tried to steal money from your account
Typically, the email contains a link that asks you to log in to your account, allowing the scammer to capture your bank login details. The spoofed page may also tell you that you need to move money into a certain account “to keep it safe” too.
Stay Cyber Aware This Holiday Season
While these holiday scams might sound scary, you can stay safe by being suspicious of everything in your email inbox. If you receive an unexpected email with a link or attachment, the email is telling you to act urgently, or you’ve got a bad feeling about it, always err on the side of caution.
Remember, you can always directly navigate to a website to check notifications on your account or make a charitable donation. Similarly, if you receive a gift card or e-Card and you’re not expecting it, there’s no harm in verifying with the supposed sender that the email is legitimate. We also recommend checking the sender address as phishing scammers cannot fake a legitimate email. Another way to identify a phishing email is to always check for spelling and grammar mistakes. Many times, these phishing emails will include several careless grammatical errors. Unsuspecting victims often overlook these mistakes as they are quick to give up their personal data, contact information, or login credentials. Lastly, you can also hover over any links within an email to check the web address and see where these links lead. Is the link taking you to where it claims to be? If not, this is a tell-tale sign of a phishing scam.
By being cautious and remaining vigilant, you can protect yourself and your business from these common holiday phishing scams.