The holiday season is a time of joy and celebration, but also a time of increased cyberattacks and scams. Phishing emails are one of the most common and dangerous threats that can compromise your personal and financial information.
Phishing emails are designed to look like legitimate messages from trusted sources, such as banks, retailers, or delivery services, and trick you into clicking on malicious links or attachments, or providing sensitive information.
Apple free iPhone fake email
TEMU fake phishing email
This scammer tries to fool you by using the words “Temu Confirmation”, which sounds like a legitimate email confirming that your package is on its way. They urge you to click on the link that says, “Please Confirm Receipt”, implying that you need to do so to receive your package.
They also add a deceptive message that says, “If you cannot see the images below, Click show images,” highlighted in red. This is another way to trick you into clicking on the link.
Moreover, they use a sneaky tactic of labeling the message as “This message is from a trusted sender” and highlighting it in green, as if to reassure you that it is safe and authentic.
TEMU fake survey email
This fake email is a fake one that tries to imitate the Chinese shopping platform TEMU. It uses the phrase “YOUR OPINION IS IMPORTANT!” in capital letters to get your attention. It then offers you a tempting reward: “a pallet of products from TEMU”, with a picture to make it look real. It asks you to take a short survey to claim your reward by clicking on the big orange button that says “CLICK HERE” in capital letters.
MORE: BEWARE OF THIS LATEST PHISHING ATTACK DISGUISED AS AN OFFICIAL EMAIL SENT BY GOOGLE
Target fake giveaway email
MORE: 5 GIFT CARD TRICKS TARGETING YOU THIS HOLIDAY SEASON
How scammers try to trick you with a series of urgent messages
As you’ll see in the ‘Delivery’ messages below, the scammers are getting clever by sending a series of emails to make you think that you have a real package on its way to you and/or you keep missing the delivery of this package. The emails say things like “We tried delivering your package,” “Uncompleted Dispatch,” “Third attempt,” “Delivery unsuccessful,” and “Your order will be canceled in the next 24 hours”.
UPS fake delivery notification email
MORE: BEWARE OF THESE 5 HOLIDAY SCAMS
UPS fake order pending email
Additional red flags to spot phishing emails
As you can see, phishing emails can be hard to distinguish from genuine ones, especially during the busy holiday season when you may receive many emails from various sources. However, there are some additional red flags beyond the ones we’ve already mentioned that can help you identify a fake email. Here are some of them:
Check the sender’s address and domain name. Fake emails often use spoofed or similar-looking addresses and domain names to deceive you. For example, an email from support@amaz0n.com or info@fedex.delivery.com is likely a phishing attempt. You’ll notice in the Apple phishing email below the email address just has a bunch of letters and numbers. Always verify the sender’s address and domain name before opening or responding to an email.
Check the spelling and grammar. Phishing emails often contain spelling and grammar errors or use poor or unnatural language. For example, an email that says, “Dear Customer, Your order has been shipped. Please confirm your delivery address by clicking here”. It is suspicious, as it does not address you by name, uses a generic greeting, and asks you to click on a link. Always read the email carefully and look for any mistakes or inconsistencies.
Check the links and attachments. Fake emails often contain links and attachments that lead to malicious websites or download malware to your device. For example, an email that says, “You have won a $100 gift card from Walmart. Click here to claim your prize”. It is likely a scam. Always carefully hover your mouse over the links and check the URL before clicking on them, and never open or download any attachments from unknown or suspicious sources.
How to handle spam emails
Do not open or reply to spam emails. This can confirm your email address to the sender and encourage them to send you more spam. It can also expose you to malicious links or attachments that can harm your device or data.
Mark spam email as junk or spam. Most email providers have a feature that allows you to flag spam emails and move them to a separate folder. This can help you filter out spam emails from your inbox and also improve the spam detection of your email provider.
Do not share your email address publicly or with unknown sources. This can reduce the chances of your email address being collected by spammers. You can also use a disposable or email alias for signing up for online services that you do not trust or need.
MORE: DON’T FALL FOR THAT DECEPTIVE EMAIL ASKING FOR YOUR HELP
What to do if you accidentally click on a link or open an attachment from a fake email
If you realize that you have clicked on a link or opened an attachment from a fake email, don’t panic. Here are some steps that you can take to minimize the damage and protect yourself:
1) Disconnect your device from the internet. This will prevent any further communication or data transfer between your device and the malicious website or malware. You can do this by turning off your Wi-Fi or unplugging your ethernet cable.
2) Scan your device for malware.
3) Change your passwords.
4) You should also enable two-factor authentication for your online accounts, which adds an extra layer of security by requiring a code or a device confirmation in addition to your password.
5) Monitor your accounts and credit reports. If you have entered or provided any financial information on the malicious website or link you clicked on, you should monitor your bank accounts, credit cards, and credit reports for any suspicious or unauthorized activity.
6) You should also contact your bank or credit card company and inform them of the incident. You may need to cancel or freeze your cards or accounts to prevent any further fraud.
7) Report the phishing email. You should also report the phishing email to the sender’s legitimate organization, such as your bank, retailer, or delivery service, and to the authorities, such as the Federal Trade Commission (FTC) or the Anti-Phishing Working Group (APWG). This will help them to take action and prevent others from falling for the same scam.
8) Use identity theft protection services
Kurt’s key takeaways
Phishing emails are a serious and prevalent threat that can ruin your holiday season and cause you a lot of trouble and loss. However, by being vigilant and cautious, you can spot and avoid fake holiday phishing emails and protect yourself and your information. Remember to always verify the sender, check the content, and think before you click.
Have you ever received or fallen for a fake holiday phishing email? How did you deal with it? Share your experience with us in the comments section below.
TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER
Answers to the most asked CyberGuy questions: