Home » The Blog » Holiday Hoax Reminder

Holiday Hoax Reminder

Don't Fall for Holiday Hoaxes

As if the year can’t get any crazier, I’ve experienced more sophisticated hoax emails than in years past. Many target the services and products we rely on or are looking for during the holiday season.

There are more emails sent around the holidays. This is primarily due to Black Friday, Cyber Monday, and other sales and specials to encourage online shopping. Now there are sales and more sales well before and even after the regular dates. This past couple of weeks, my inbox has been evidence of that.

Holiday Emails and Scammers

I don’t know about you, but I was to the point that anything that had Black Friday or Cyber Monday in the title, I just started deleting them. It was becoming exhausting…

With all that extra activity combined with the necessity for many to purchase online, hoaxsters know how to take advantage of the fact that folks are pressed for time, overwhelmed, or not paying attention as they should.

Common is the hoax emails disguised as order confirmations, financial alerts, and “feel good” forwards so that they can be more easily propagated. Phony order or invoice emails that claim to need your immediate attention look just like the real thing.

Your first instinct is that something isn’t right, but the phrasing seems to imply this is something you need to check out. Right now!

Please don’t do it.

First, let’s check out the little details.

Before forwarding any email or clicking on any links or attachments that claim to be of importance, you need to vet that email. Making sure it is not a hoax or a scam before reacting is worth a little extra effort.

This effort can prevent you from unknowingly installing malware or inadvertently providing payment or personal information.

Don’t Click “Phishy” Links!

phishing: n
The practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a website replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.

Do not click on any links or attachments if you do not recognize the sender. Even if the email looks like it may be legit, you still need to double-check if the clickable links are valid.

No matter what the Subject: field states or the message implies. Look at the underlying email address. Does it match what is displayed? Most likely not.

Hoaxsters have become pros at making emails look like they are from legitimate contacts or companies (UPS, Amazon, PayPal, financial institutions, etc.). They steal logos and images to look just like what you’ve expected.

Before clicking on any link, hover your mouse over the link. Look to see what displays in the location bar of your email software. The visible text can be different from the underlying link in the background code. You can see the actual underlying link below your message by hovering your mouse over it.

When you can see where that link takes you, you can immediately determine if the link could be trouble. But even with that, hoaxsters are very clever at making the underlying URL look legit(ish) too.

Here’s How to Investigate Underlying Link Code

Let’s use Amazon as an example:

  • https://www.amazon.com/ — Good
  • https://www.amazon.com/something-after — Good
  • https://amazon.hoaxdomain.com — NOT Good
  • https://www.hoaxdomain.com/amazon — NOT Good

You may even see website URLs with the company name in them. Even then, don’t assume the domain is legit if different than what you usually see.

Anyone can register a domain. While you are not supposed to buy or use domains of other companies and trademarks, that doesn’t stop the bad guys.

A good rule of thumb is that if you do not see the company name directly in front of the .com, you can bet something “phishy” is going on and NOT click the link. And don’t fall for similar domains with the company name in them that are not the domain you trust.

So how do you determine if a domain name is authentic? That can get tricky. If in doubt — just don’t click the domain.

How do you determine if a domain name is legit?

There was a time when you could see who owned a domain by looking it up. But due to privacy concerns, in most cases, that information is now hidden.

When in doubt, go to the primary domain you usually use. Check your user dashboard on the legit site to see if there are any alerts or messages that require your attention. If not, the other was most certainly a scam.

If you see a link that ends with:

  • .php
  • .js
  • .asp
  • .cgi

The above are not links you want to click on because they could be calling a script — not a web page.

If you see anything tacked on the end other than a typical domain ending, that’s a “Danger, Will Robinson!!” moment. That email could lead to you downloading/executing a trouble-making script onto your system.

The last thing you want to do is forward emails that contain nefarious links that could cause the other side to click on them. By you forwarding, naturally, the recipients will trust that you wouldn’t send them anything that wasn’t reliable.

If you don’t want to take the time to confirm an email’s legitimacy, then you don’t forward it. Just hit delete.

Hoax Vetting and Info Websites

Back in the day, there were some legit websites that were truth detectors and hoax exposers. Unfortunately, there are none that exist now that I trust that I can refer you to.

You can also learn more about how hoaxers use Social Engineering and Phishing Attacks here.

Please pass it on!

Are there irresponsible forwarders on your contact list? Then, send them a link to this article by clicking on that little envelope icon below!

Get the word out...