The holiday online shopping season is upon us.  Cybercriminals are upping their game in anticipation of the opportunities the rampant online shopping will provide.  Often the cybercriminals will be sending you phishing emails.

What is Phishing?

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity for the purposes of committing cyber theft or fraud.”

We commonly recognize them as fake emails from Walmart, Amazon, Target, or other prominent companies, promising gift cards or discounts, etc.  Some are easy to spot, others are not. Cybercriminals put great effort into camouflaging their emails as legit emails from companies you know and trust.  They do such a good job of making them attractive to you, they get a much higher open rate than promotional emails. According to Verizon’s 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened.

How Do I Avoid Becoming a Victim of a Phishing Attack?

The benefits and convenience of online shopping are obvious, but how do I avoid the risks of becoming a victim of a phishing attack?  How do I tell the difference between a legit email from a retailer or other company? Below are a few ways to detect a phishing email.

  1. They Know What You’re Expecting
    Phishing emails are often disguised as an email you’re expecting.  We’re all either expecting packages to arrive or are shipping packages to family and friends.  According to a Wombat Security survey, the most popular phishing attack templates with the highest click rates were emails that people were expecting to get.  When you receive this type of email from UPS, FedEx, or USPS, be sure to look closely at the email before you click or provide any information. Check to make sure it references a package you shipped or that is coming from an individual or entity you’re expecting to receive a package from.

  2. Poor Spelling or Grammar
    If the email looks like it was written by someone for whom English is a second language, it’s almost certainly a phishing email.  Your best course of action is to immediately close and delete the email. Reputable companies hire professional copywriters and editors to ensure the use of proper English.

  3. Be Suspicious
    To paraphrase Joseph Heller, author of Catch 22, Just because you're paranoid it doesn’t mean they’re not out to get you.  It may seem crazy to think every email you receive is someone trying to scam you, but it will keep you safe.  Always treat emails coming from unknown sources as suspicious. Likewise for emails that appear to come from friends or colleagues.  If the content of the email seems out of context, not something that person would send to you, then don’t click on anything or provide any information in a response.  If you’re uncertain it’s a phishing email, call or message the sender to confirm they sent it.

  4. Be Aware of Threats
    If an email you just received is trying to scare you or threaten you if you don’t take some action, it’s most likely a phishing scam.  Some will be so brazen as to directly ask you for payment or else.  Others will tell you if you don’t take some action immediately, bad things are going to happen to your computer.  They won’t. The only action you want to take immediately is to delete their email.

  5. Use Your Phone
    Most malware is written for Microsoft Windows PC’s or MAC based systems.  If you view your email on your phone, you’re less likely to be infected by a virus or other malicious software.  But considering how many of us are abandoning our computers and laptops for smartphones, it won’t be long before cybercriminals adapt.

  6. Use Common Sense
    You won’t win a contest or sweepstakes you never entered.  Microsoft did not detect a virus on your PC and banks that you do not have accounts with are not contacting you about fraudulent attempts to access your non-existent account.  When you receive these types of emails delete them without opening them.