Home » The Blog » Holiday Hoax Reminder

Holiday Hoax Reminder

 How to avoid Holiday Hoaxes

As if 2021 can’t get any crazier, I’ve personally experienced more sophisticated hoax emails than years past. Many target the services and products we rely on due to closures and shutdowns.

There are more emails sent around the holidays. This is primarily due to Black Friday, Cyber Monday, and other sales and specials to encourage online shopping. Now there are sales and more sales even after the regular dates. This past couple of weeks, my inbox has been evidence of that.

Holiday Emails and Scammers

I don’t know about you, but I was to the point that anything that had Black Friday or Cyber Monday in the title, I just started deleting them. It was becoming exhausting…

With all that extra activity combined with the necessity for many to purchase online, hoaxsters know how to take advantage of the fact that folks are pressed for time, overwhelmed, or not paying attention as they should.

Common is the hoax emails disguised as order confirmations, financial alerts, and “feel good” forwards so that they can be more easily propagated. Phony order or invoice emails that claim to need your immediate attention look just like the real thing.

Your first instinct is that something isn’t right, but the verbiage seems to imply this is something you need to check out. Right now!

Don’t do it. First, let’s check out the little details.

Before forwarding any email or clicking on any links or attachments within that claim to be of importance, you need to vet that email. Making sure it is not a hoax or a scam before reacting is worth the little bit of extra effort.

This effort can prevent you from unknowingly installing malware or inadvertently providing payment or personal information.

Don’t Click “Phishy” Links!

phishing: n
The practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a website replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.

If you do not recognize the sender, do not click on any links. Or attachments.

Even if the email looks like it may be legit, you still need to double-check if the clickable links are valid. No matter what the Subject: field states or the message implies.

Hoaxsters have become pros at making emails look like they are from legitimate contacts or companies (UPS, Amazon, PayPal, financial institutions, etc.). They steal logos and images to look just like what you’ve come to expect.

Before clicking on any link, hover your mouse over the link. Look to see what displays in the location bar of your email software. The visible text can be different from the underlying link in the background code. You should see the actual underlying link right below your email message when you hover over.

When you can see where that link takes you, you can immediately determine if the link could be trouble. But even with that, hoaxters are very clever at making the underlying URL look legit(ish) too.

Here’s How to Investigate Underlying Link Code

Let’s use Amazon as an example:

  • https://www.amazon.com/ — Good
  • https://www.amazon.com/something-after — Good
  • https://amazon.hoaxdomain.com — NOT Good
  • https://www.hoaxdomain.com/amazon — NOT Good

You may even see website URLs with the company name in them. Even then, don’t assume the domain, if different than what you usually see, is legit.

Anyone can register a domain. While you are not supposed to buy or use domains of other companies and trademarks, that doesn’t stop the bad guys.

A good rule of thumb is that if you do not see the company name directly in front of the .com, you can bet something “phishy” is going on and NOT click the link. And don’t fall for similar domains with the company name in them but are not the domain you trust.

For example, domains like amazonshipsfast.com or orderatamazon.com. So how do you determine if a domain name is authentic? That can get tricky. If in doubt — don’t click the domain.

How do you determine if a domain name is legit?

There was a time where you could see who owned a domain by looking it up. But due to privacy concerns, in most cases, that information is now hidden. When in doubt, go to the primary domain you usually use.

If you see a link that ends with:

  • .php
  • .js
  • .asp
  • .cgi

…chances are the link is not one you want to click on because they could be calling a script — not a web page.

If you see anything tacked on the end other than a typical domain ending, that’s a “Danger, Will Robinson!!” moment. That email could lead to you downloading/executing a trouble-making script of some sort.

The last thing you want to do is forward emails that contain nefarious links within that could cause the other side to click on them. By you forwarding, naturally, the recipients will trust that you wouldn’t send them anything that wasn’t reliable.

If you don’t want to take the time to confirm an email’s legitimacy, then you don’t forward it. Just hit delete.

Hoax Vetting and Info Websites

While there are websites that claim to be truth detectors and hoax exposers — some are not what they say either! Here are a couple of sites I can confidently recommend to check out email claims before you embarrass yourself by forwarding them “to everyone you know.”

You can also learn more about how hoaxers use Social Engineering and Phishing Attacks here.

Pass it on!

Are there irresponsible forwarders on your contact list? Then, be sure to send them a link to this article by clicking on that little envelope icon below!

Get the word out...