The holiday season brings a flurry of email scams to inboxes everywhere. Be aware of these popular ones, so the CyberGrinches don’t steal your Christmas.
The six weeks between Thanksgiving and New Year's is the traditional "giving season" in the United States. According to a recent holiday giving survey, the average holiday donation this year will be $281. People who give online said they would contribute even more, an average of $378, and scammers are out to get a portion of that.
Email charity scams use phony email messages to trick recipients into revealing personal and financial information which can lead to identity theft. These phishing sites are made to look like an organization's official site using legitimate sounding names, real logos, and link to a website where you can make a donation.
Legitimate charities do not recruit new donors by email, so unless you have signed up to receive email from a charity, do not respond to email charity solicitations.
If you want to help the genuine charity mentioned in the email
- Check the web address in an email soliciting for donations. Search for the charity’s name or type the proper name into your browser address window, making sure you have the correct spelling.
- Don’t click on the links themselves. Scammers can “spoof” links to go to a different site than the one you think or the link could redirect you to somewhere else entirely.
- When in doubt, check out sources like Charity Navigator in the U.S. and The Charities Aid Foundation in the UK.
- The best way to avoid charity scams is to decide in advance which charities you'll support and contact them yourself.
This time of year, scammers trick people not accustomed to getting packages delivered to their home or office by sending fake package delivery emails. The subject lines of these bogus emails usually say something like "UPS package delivery problem, UPS 34898239-a." The senders also use DHL, FedEx and the USPS with the same message.
If you get an email indicating a problem with shipping
- Do not open the email
- If you do, do not click on the link
- Delete the email immediately
- Go directly to the shipper’s website or contact the company via telephone to confirm whether there is a shipping problem with your package
Electronic Greeting Card Scams
Electronic greeting cards are a popular way to deliver season’s greetings to friends and loved ones. When you send a legitimate e-card, the recipient receives an email with a link that leads to the e-card’s website where they can retrieve it. Fake notifications for e-cards are common because hackers can easily use phishing emails and direct you to their websites which will install viruses and malware on your computer.
Recently, bogus "Merry Christmas" greeting e-cards were sent to government workers supposedly coming from the White House, complete with a "@whitehouse.gov" address. When clicked, the link infected computers and then stole passwords and online account information, plus disabled computer security notifications, software updates, and firewall settings.
Phishing emails posing as e-cards can be difficult to spot. Here are some red flags to be aware of:
- Spelling and grammatical mistakes
- The name of the sender is not recognized, rather it says "friend" or "secret admirer" or a title like "firstname.lastname@example.org."
- A link or attachment that ends with ".exe," which indicates an execute command that could download a nasty virus.
Have you seen one of these scam attempts this season? Let us know if you have.