It’s the season to be jolly! Unfortunately, many bad actors out there are taking advantage of people being excited and charitable at this time of year. Hence, let’s talk about different holiday scams.
Christmas time is when we see a spike in scams. Hence, we’re going to look at a few common things that you can keep an eye out for to help keep yourself safe and have a Merry Christmas and a Happy New Year.
The most common trick that scammers have been using for centuries is taking advantage of our fear of missing out, or FOMO. People make bad decisions when they feel pressured. The risk of missing out means we are more likely to agree to something that we usually would say no to.
If, after thinking it over or discussing it with a friend, you would say no, it means it’s worth missing it.
In the online world, you’ll see emails and websites with sentences like these:
All of this might be truly legitimate. However, we don’t live in a movie where we have 10 seconds to defuse a bomb before the city explodes. Heck, most of us don’t even read our emails until they’ve been sitting in our inbox for a few hours or overnight.
Keeping this in mind, this means one of three things has happened:
It doesn’t help that people marketing real products use the same tactics as scammers who don’t have anything to sell. What’s worse is that a lot of services we use will also try and scare us into updating our settings using similarly urgent emails. Therefore, it’s hard for us to find out what’s real and what isn’t.
That leads us to our second point related to holiday scams, though.
Holiday scams are only good if they can get you to hand over your data. And they need to get you to a website they control to do this.
Most emails from both real companies and scammers will have links in them that you can click on. Just because the link text shows www.realsite.com doesn’t mean it will actually go there.
In most email clients (Gmail for example), if you hover your mouse over the text, you can see where it leads to in the bottom left-hand corner of your browser. If you’re on mobile, you can long press on the link. Then, it will pop up some options, but it normally shows the link’s destination.
If the link says it goes to www.realsite.com, but on hovering or long-pressing, you see it goes to www.badsite.com, then that’s a good sign that something is wrong. It means there’s a good chance you’re being scammed.
Once again, it would be nice if real companies didn’t make life difficult for us. Bulk emails are easier to send through a third-party service like Mailchimp.
Thus, both actual companies and scammers can point the links through there. And this makes it harder for you to tell at first glance whether they’re real.
It’s better just not to click any links anyway. If your bank needs you to reset your password, then go to their website the way you normally do instead of clicking a link and blindly handing over the keys to the kingdom.
Finally, there’s one more way that scammers can get caught out.
While it used to be more common for email addresses to be able to be faked (the digital equivalent of writing your name on the back of an envelope), these days, most companies will use a technology called DKIM to make this a lot harder to do.
When you receive an email, you can see both the sender’s name and the email to which it was sent on. You can hover over this or click on a dropdown, which will expand to show both the name and the email address of the sender. It will look like “Your Real Bank <donotreply@yourrealbank.com>.”
In other words, the sender’s name can be anything, but the email address, especially the part after the @ symbol, has to be authentic.
This means that a scammer can send you an email from “Your Real Bank,” but the email address has to be something different.
Maybe “Your Real Bank <your_real_bank@other.email.server>.” The part after the @ symbol, “other.email.server,” in this case, isn’t necessarily a bad thing, but it doesn’t belong to the institution that you thought sent the email.
As with other tips, real institutions often use third-party senders, which complicates things. Yet, this is another tip that can help you catch a phishing email even when nothing else stands out.
Hopefully, it will keep you safe in this season of holiday scams.
Keep yourself safe this Christmas, and follow these three rules when opening emails:
Be careful online, and have a Merry Christmas.
The post Holiday Scams Season – How To Avoid Online Swindlers appeared first on Global Fraud Protection.
