Be on high alert for this holiday spam

Be careful that your online shopping cart isn't actually a scam.

Phishing
A gift

Scam artists see the holidays as an opportunity to rip people off. This year is no different. PhishMe’s Chief Threat Scientist Gary Warner has caught a few to share.

Paypal: Suspicious activity
Credit: PhishMe
Paypal: Suspicious activity

If you were to use grammatical errors as the only criteria you need to see if it’s a phishing email, you would’ve fallen for this scam. When determining if an email is legitimate or not, examine two areas in the email address and URL:

1) Domain

2) Top level domain

Lets look at the sender’s email address - Serv_ured@swathibestie.com. If the email were actually from Paypal, the sender’s email address domain would be from Paypal and not a random site.

Phishing emails are harder to spot on mobile because the sender’s full email isn’t shown. In this case the name that would display on your phone would be: service@intl.paypal.com

phishing
Credit: Phishme
FedEx: Holiday package delivery leads to ransomware

The pressure of not having a present shipped makes someone more likely to open a fake confirmation email. A tiny malware downloader script is inside the attached file. Opening the file will cause the full Locky Ransomware malware package to be downloaded from the internet.

The email address once again reveals the true identity of the sender - Marvin.hodge@truecomsg.com

The email wasn’t actually sent by Fedex or else the domain would be Fedex.com. A shipping email wouldn’t be sent by a specific person like Marvin. Also, legitimate shipping emails won’t have any files attached. A shipping email wouldn’t be sent by a specific person like Marvin.

Holiday Coupons
Credit: PhishMe
Holiday coupons

Everyone wants to save money on presents. This email appeals to that frugal desire. Visiting the “special link” will steal a great deal of your personnel information without ever delivering on the promised coupons, starting with your email account.

Holiday Coupons
Credit: PhishMe
Holiday Coupons part 2

In the guise of customizing the offering, the consumer has to answer dozens of questions which will be sold to future advertisers. After a while, you’ll realize there are no Holiday Coupons and that it is all a scam.

phishing
Credit: Phishme
USAA: Holiday identity theft fears

Since identity theft is so common especially as we use our credit cards for holiday shopping, we almost expect to be notified of a problem! This email appears to be notifying you of a technical difficulty, but it’s actually someone trying to take your bank account info.

Once they “verify your identity”, criminals now have access to your personal details, user ID, and password.

Take a look at the sender’s email address again – postmaterr@gkclasses.com

A legitimate email from USAA would come from the actual USAA domain (USSA.com).

phishing
Credit: Phishme
Western Union phish: Holiday cash?

If you’ve ever sent money to a family member for the holidays, then you’re more susceptible to this email alerting you that someone has changed your Western Union profile!

While the link SEEMS to go to WesternUnion.com, clicking it will really take you to:

http://vmpub170-39-num.sfr-sh.net/SiteFront/tmp/tmp/

A legitimate email from Western Union would look like this:

Customersupport@westernunion.com

Letter from Santa
Credit: PhishMe
Letter from Santa

It is not advised to buy a product from a company that you’ve never heard of. While the domain may match the senders, look at the top domain level -northpole@letterbysanta.faith

If the letter from Santa were legitimate, it would have a .com or .org top domain level. This domain used was created the same day the space was received (Dec. 12).

Affiliate-based spam
Credit: PhishMe
Affiliate-based spam

The term “AFFID” in the URL is how the company pays the spammer. If you buy the product, the person who sent you the unsolicited commercial email will get a commission.

Whether you buy or not, you are now on their list as someone (with children) who is confirmed to click on spam emails to buy products! Spammers will spread the word that you are an easy mark.

phishing
Credit: Phishme
Need quick holiday cash? Get a job!

We had many thousand emails this week mostly with the subject:

“New positions listed in your area”

120 different domains are linked from that graphic, such as:

Cheddarinero.account

Chedderinero.stream

Coldforwinters.webcam

Pricestopay.racing

Nevergivein.racing

Mapsster.stream

Legitimate job search websites will have typical top level domain like .com or .org. Jobsites that advertise through spam and that have only been receiving traffic for a couple weeks are dangerous.

RELATED: 10 top holiday phishing scams