Holiday Phishing Expedition
By: Bill Howard – Manager of IT Services
As Cybersecurity month wraps up and the holiday shopping season gets into full swing, everyone should remember that there are professional phishers working hard to trick you into giving out your personal information. Internet phishers see us all as fish in a big pond ready to take the bait. A smart fish will not get caught if they just ignore the bait.
There are some very common scams that circulate heavily during this shopping season. The two that have been seen the most recently are receipts from Amazon reporting a purchase that you never made and receipts from FedEx or UPS tracking for packages for which you were not aware. Both scams usually carry different payloads, so beware!
Bogus Receipts and Shipments
In this instance, you will receive an email where a bogus Amazon receipt or non-existing FedEx shipment (complete with a bogus tracking number) is designed to get you to call the fake support number provided. Once you call, the scammer will attempt to get you to reveal personal information about yourself and your credit card accounts. They will even attempt to tell you that someone already has your information and has opened credit cards in your name. The tracking receipts typically contain links to malware which will attempt to install itself to your devices. If successfully installed, the malware will usually collect information and send it back to the scammer or encrypt your files and ask you for a ransom to unlock them.
The phishing messages will come to you from multiple directions. They can come via email, text message and now via pop-up alert messages from your web browsers. There is little to no protection from the pop-up messages or text messages. They and the links provided are not currently scrutinized by any anti-virus/malware application. We must rely on ourselves to steer clear and stay out of harm’s way.
Don’t Take the Bait
My best advice? Be wary! The messages you receive are nothing more than bait but they can do you a lot of harm. Sometimes they appear legitimate and other times it’s obvious that it is a scam or a fake. Either way, the best thing to do is to ignore all the messages and delete them permanently from wherever you received them. You should then check your accounts from your known interfaces. Do not ever click on the provided links in these messages.
Wishing you a safe and pleasant holiday shopping experience.
About the Author
Bill Howard is Manager of IT Services at Buckingham Advisors, an SEC Registered Investment Advisor and wealth management firm with offices throughout Ohio. Howard is responsible for all aspects of technology used at the firm. He began his IT career in 1988 and has experience using every version of Windows since Windows 1.0. Bill was communicating by PC via “bulletin boards (BBS)” long before the internet web browser was invented.