Phishing scams are coming to town

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Researchers at email security specialist Avanan are seeing an increase in phishing campaigns surrounding direct deposits. The idea being that a scammer will pose as an employee asking HR or a manager to change their direct deposit information.

Another favorite are emails spoofing delivery companies like UPS, DHL and FedEx. These seek to harvest credentials, often in the form of a charge for delivery or a compensation claim for a lost package. At this time of year when people are expecting packages they are more likely to fall for these scams.

There is also of course the evergreen scam of sending malware via an attachment designed to look like an invoice or delivery notification.

To avoid falling victim to this kind of scam you need to stay alert to the sender’s email address and the URLs used. Also be aware of the grammar and logic of the message itself. If you're sufficiently convinced that something is real that you do feel the need to visit a retailer or courier website, type the address into your browser, or use a known safe bookmark, rather than click a link in an email.

You can find out more with details and examples of current scams on the Avanan site.

Image credit: GeneGlavitsky/depositphotos.com