Phishing for the Holidays

by Michael  Champion,

It’s holiday season once again. And once again countless shoppers will turn to online stores to avoid the holiday madness within stores—and for convenience. By shopping online we increase the time we are online searching for that perfect gift, confirming orders placed, going through social media making sure the recipient doesn’t already have the gift so carefully selected, and going frantic to make sure we didn’t skip anyone. This situation creates the perfect opportunity for one of the more common hacking techniques in use today: phishing.

Phishing is when that email comes from a supposed website such as Amazon or a payment service such as PayPal claiming that something has gone wrong. Of course you have to solve this now; you have packages meant to be on the way!  However, that company may not have sent that email. This particular email has been generated through a carefully planned campaign by criminals to gain your personal details and information.

These emails are meant to cause a sense of urgency and panic, hoping to override your usual scepticism. They direct you to click a link in the email, and a very genuine-looking website pops up and asks you to log in. If you do so, you’ve then just provided your details to a criminal who will likely take advantage of the situation. There are several ways you can avoid such a disclosure of information:

  1. Never click on links. It is far safer to open your browser and type the address directly or from a search engine.
  2. Directly contact companies. If you have concerns, contact companies directly through their publicly listed customer support options. Do not use methods listed in the email.
  3. Report it. Companies often offer a method to report spam. This will help track these scams.
  4. Never open these attachments. These can have malware.
  5. If it’s too good to be true, it is. No, you won’t get that iPhone for $/£/€1.
  6. Do not divulge your account password in an email.

If the email was genuine, and there is an issue, then none of the steps will get in the way. You will have logged in on your own, to the legitimate site, and rectified the issue. Problem solved, or averted.


BRG experts are leading advisors on cybersecurity to banks and other financial services organisations. If you would like to receive more information about BRG and our services see the following links:

What do you think? Comment here...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s