Holiday season is scam season

Holiday scam email season has begone…

December 3, 2022

Along with shopping, decorations, sweaters with reindeer, and cheer, the holidays are also the high season for scam email phishing skullduggery. 

Remember that prince from a faraway land who promised to share his country’s riches with you, and all he needed was your banking details…  

These days scammers are much more sophisticated and deploy a variety of technical tricks to evade scanners and get through spam filters behind the scenes.  

Scams, a growing trend 

The basic idea involves pretending to be a well-known brand and offering a prize in return for some personal information. While not a new story, the scam still catches plenty of unwary people.  

Giving Tuesday (Tuesday, 29 November) is a marvelous opportunity for scams impersonating credible sources such as charities, NGOs, and online shopping companies. Get ready for email messages offering giveaways or huge discounts, and all you must do is sign up.  

Typically, the message claims to be the second attempt to reach you, and includes instructions to complete a survey, and add your credit card to cover a minimal charge – say shipping. Despite months of waiting, your – name, the product of your dreams, will never arrive. And while you wait, credit card or bank fraud may be underway.   

Common Scam Approaches  

  • Claims of a suspicious activity or log-in attempts  
  • Offers to extend a warranty or service   
  • Banking or other financial organizations requesting you to confirm personal information 
  • Requests for you to pay by clicking on a link – a common malware gateway 
  • Offering refunds or coupons  

In a recent survey, Proofpoint found attackers successfully phished more than 80% of organizations in 2021 – a whopping 46 % scam jump from 2020. 

Build a Video eLearning Email Security Course  

Your team needs timely, engaging, and flexible training to meet security challenges.

Building your own IT security video eLearning library with uQualio – the video4learning platform is a simple, cost-effective way to train your people to be ready for scammers. 

The Email Scammers Toolbox  

The Multi-Factor Shortcut: Use Subterfuge or Be Annoying 

Multi-Factor Authentication (MFA) plays a key role in online security for organizations, but lately, hackers have discovered several ways to bypass it. 

Typically, attackers call targets claiming to have false credentials. Once they have established trust, the scammer simply sends the MFA request, and the victim unknowingly authorizes it. Another technique is MFA Prompt Bombing where hackers flood potential victims with countless MFA requests – often late at night or early morning. 

Email Malware-Detection Bypass: Mimic Microsoft 

Sure, pretending to be Microsoft can be successful, but it’s not always easy. 

To gain access to your systems, attackers borrow the Azure domain or Office file types to create the image of being a trustworthy entity to scam you. 

Azure’s new App Service enables organizations to quickly create and deploy web-based apps on the Azure platform. To obtain domain credibility, attackers host their malware on Azure which can cause firewalls and DNS servers to accept the source IP as an Azure domain.  

The U.S. Federal Trade Commission’s list of phishing scams 

Email phishing scam

The most common form of phishing, this type of attack uses tactics like phony hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a coworker. 

Malware phishing scam 

Another prevalent phishing approach, this type of attack involves planting malware disguised as a trustworthy attachment (such as a resume or bank statement) in an email. In some cases, opening a malware attachment can paralyze entire IT systems. 

Spear phishing scam

Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity. 

Email phishing scam

The most common form of phishing, this type of attack uses tactics like phony hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a coworker. 

Malware phishing scam

Another prevalent phishing approach, this type of attack involves planting malware disguised as a trustworthy attachment (such as a resume or bank statement) in an email. In some cases, opening a malware attachment can paralyze entire IT systems. 

Spear phishing scam

Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity. 

Digital Security Depends on Everyone being Prepared and Vigilant 

Better watch out, so you don’t have to cry, this year scammers have expanded their attacks, built a better toolbox, and are ready for the holidays.  

Step up your game before it’s too late!

Discover the simple, cost-effective solution of making your own IT safety video eLearning courses with uQualio – video4learning.

Click here for a free trial.