Deck the Halls with Firewalls: Holiday Email Scams

by | Dec 13, 2016 | Cybersecurity, Newsletters | 0 comments

The Holiday e-card: a faster, simpler way of spreading and receiving holiday cheer without ever having to desert your laptop. All you have to do is open the email sent from your cousin, click on the link and watch as…Trojan begins to download onto your hard drive? Whatever happened to the dancing reindeer you were promised?


Unfortunately, e-cards are just one of many scams potential hackers like to turn to during the holidays. These phishing emails are sent under legitimate greeting card company names like Hallmark, making them exceedingly difficult to differentiate from safe emails. The other popular scam that is likely to pop up in your inbox is the fraudulent charity hidden among legitimate charity emails. The holiday season is the time of year charities receive over half of their total yearly contributions, many of those through email. Hiding phishing emails under the guise of charity is the perfect camouflage during the months of giving.


During the 2015 holiday season, the United States received around 12% of the world’s total number of phishing attacks. In December of that same year, the number of phishing sites increased from 44,575 sites to 65,885 sites because of the increase in online shopping.


Spotting a scam e-card or scam holiday charity email is not different from spotting any phishing email: look for spelling mistakes, look for unfamiliar senders, don’t open any attachments, double check with family and friends that an e-card was actually sent, search to see if the charity in question is legitimate (multiple websites, such as this one here, exist for that exact purpose).  For e-cards, there may be a card number in the email that you can look up on the main e-card website that will let you view the card without clicking on any links.


Just as emails have saved many from purchasing holiday cards, online shopping has become the norm around the holidays. With online purchasing, however, come emailed invoices, another medium for cyber attacks. These invoices sometimes state that in order to confirm a purchase, the victim must provide personal information, confirm credit card values or click on a malware website link supposedly meant to confirm or cancel their orders.


Most fabricated invoices come from popular delivery services like UPS or FedEx, although they are far from being the only ones. The most common one this holiday season is a falsified email from Amazon with the subject line, “Your [order] cannot be shipped,” and in order to proceed any further, you must click the link provided in the email. That link may actually lead you to Amazon’s homepage, but not before obtaining a member’s login and credit card information.


The steps for a safe holiday season are:

  • Updating your computer’s malware protection to the latest version.
  • Going directly to the distributor site and confirming any information directly on that webpage, not through the link.
  • Inspecting an email for red flags like a strange email address or many misspelled words.
  • Confirming that a charity exists before donating.
  • Checking with family members and friends before opening up any e-cards.
  • Reading through invoices to make they are about your order and not a random item from the vendor site.
  • Cozying up next to a warm fire with some peppermint tea before switching on your computer.


Follow these, and you will be able to shop online in warm, virus-free, yuletide bliss.