Holiday fishing trips take on a new meaning when scammers try to phish you instead. Between getting the turkey thawed and the potatoes mashed before your family arrives, cybersecurity is probably the last thing on your mind… creating the ideal environment for scammers to take advantage of an inattentive click on a link. With the prevalence of technology, we have become desensitized to the vigilant scrutiny necessary to avoid becoming part of the ever-growing populace of the scammed. (https://www.aarp.org/pri/topics/work-finances-retirement/fraud-consumer-protection/2022-holiday-shopping-scams-report.html)
To keep your holidays full of merriment and free from fraud, keep these best practices in mind:
- Remember that scams can come in many forms, including phone calls, texts, and emails.
- Scrutinize the phone number, name, or email address. Do you know it? Are you expecting it? Does it pertain to something you’re aware of (E.g., a purchase, vendor, meeting, etc.)?
- Before clicking on any links, mouse over them - does the linked URL look like it goes to a valid site? Double check spelling and placement of the periods in domain names. Hackers regularly use subdomains and misspellings for false websites. (E.g., goo.gle.com instead of google.com)
- Most likely, some of your information is available for anyone to see – be that your interests, your identifying information, your place of work, etc. Scammers will use this information to attempt to build credibility in their message, often paired with a sense or urgency to play on fear. It is always worth verifying authenticity before acting on any contact.
- Be especially mindful of any websites you are purchasing from, especially if it is a smaller company (i.e., something unlike Amazon or a trusted payment platform) or vendor. Scrutinize the website and research it thoroughly. Avoid clicking any popups. If you have a browser safety extension or your antivirus/EDR has the option, enable it.
If you think the message may be legitimate, do your own lookup of a valid phone number or other contact information for the appropriate person/company, and reach out for verification. Do not call any numbers listed in the original message. In time, these practices will become as second nature as making sure your turkey is cooked the whole way through.
-Erin Wagner, Security Analyst