It’s quite easy to fall victim to criminals that take advantage of the holiday season by using themed scams in online advertisements, phishing emails, misleading sales calls and text messages.
In many cases, scammers use holiday-themed phishing messages while pretending to be from popular brands or online stores like Countdown, PAK’nSAVE, and Amazon. Scammers may send victims fake order confirmations via email with malicious attachments or share links to phishing messages that promise special discounts to users that provide their personal data via a specially designed online form.
The first thing to be aware of is that thanks to Google, anyone has access to company logos that they can slap on a website or email. Anyone can create an email address or a business Facebook page that looks vaguely legitimate, but they also rely on the fact that most people don’t pay attention to the actual email address itself, just the name.
So there is your first tip: pay attention to the actual email address and links in the messages. Unfortunately, spoofing the emails (making them look like they come from a legitimate sender) is very easy. These messages usually end up in junk or spam folders but if you are using a free email address like @xtra.co.nz and the likes, their spam filtering system isn’t great and you’ll probably see a lot of junk in your inbox!
Here is a good example. It looks like a legitimate email from Netflix! Typically, you can spot scams by reading. As most scammers operate from overseas, there is always something wrong with their spelling or style. Another obvious giveaway is the links in the email. If you hover the mouse over a link, you’ll see where exactly the link is pointing to. In this case, I noticed it goes to “https://support.netflix.login.admin-mxdesconsole-select.com”. Doesn’t look like Netflix.com, does it?
The aim of these scams is to collect financial or personal information or send money and they would get you to do so by impersonating a legitimate company or organization (also called brand spoofing).
The content is designed to elicit an emotional or immediate response from you. They often use terminology like, “your account will be deactivated” or “I have an urgent proposition for you” or “update to your payment info is urgently required”.
The information you give can be used to access or open bank accounts, apply for various forms of credit, sending and / or will access your contacts lists to run the scam posing as you and even identity theft.
There are over 156 million phishing scams sent out on a daily basis. If you come across one:
1. Do not click any links or provide personal/financial information.
2. Flag the email as phishing to your email service provider
3. Depending on the nature of the scam, you can report it to Netsafe.
4. If for any reason you feel your personal or financial information has been compromised, it’s best to contact your banks, replace all your credit cards and change passwords immediately. The longer you wait, the more damage cyber-criminals can do!