We have all heard the advice:
Don’t click on links in emails unless you are sure of the sender. Even if you are savvy to phishing, please make sure your friends, family and clients know as well.
Cyber-criminals get extra creative during the holidays. We especially worry about those who are new to the online world or have cognitive impairment. Fortunately, most of the fraudulent emails end up in Junk or Spam folders. But some slip through and many people check these folders to make sure they haven’t missed legitimate emails – giving they cybercriminals another chance to get our attention.
Watch out for emails that appear to come from:
- Delivery companies (e.g., FedEx or UPS) stating you missed a delivery. This is a favorite of fraudsters this time of year as people may think they missed a gift delivery.
- Social Media Accounts (e.g, Facebook) with any type of information about your account. These are perhaps the most difficult to distinguish from legitimate notifications. (And for this reason, we recommend turning off email notifications in your social media accounts. That way you will know that any emails you receive are likely fraudulent.)
- Financial institutions (e.g., bank, paypal, credit card company) asking you to click on a link in an email. Financial institutions will never ask you to click on a link in an email. If you have a question about your account, call the company, or log on to your account directly through the banks website if you already do online banking.
- Friends. It is easy for fraudsters to create an email that looks like it is from someone in your contacts. Watch out for emails with links and non-specific messages with links.
One trick to determine whether an email is fraudulent is to click on the sender’s “name” to reveal the actual email address that it was sent from. In the example below, when we clicked on the email address we could see that the sender had nothing to do with Victoria Secret!