8 phishing email scams to watch out for this holiday season

Be on alert this holiday season for phishing emails. Kurt "CyberGuy" Knutsson shares several examples of fake phishing emails he's received in his inbox.

Dec 5, 2024 - 12:00
8 phishing email scams to watch out for this holiday season

The holiday season is upon us, bringing joy and celebration. But it also comes with a surge in cybercrime. As we focus on shopping and connecting with loved ones, scammers are hard at work using phishing emails to trick us into revealing personal and financial information. 

These deceptive messages often look like they’re from trusted sources such as banks or delivery services, making it easy to fall for their traps.

Below are some phishing attempts that have ended up in CyberGuy's inboxes. By examining these examples of fake phishing emails, you’ll be better equipped to spot the red flags and protect yourself from potential scams this holiday season.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

This phishing email claims to be from Apple and promises you a free iPhone 15 Pro.

 It says, "NO CATCH, NO COST, WIN IN MINUTES." It uses the official Apple logo and the word FREE in capital letters to catch your attention. It asks you to confirm your shipping address to receive your prize and says, "Just answer a few questions, WIN a iPhone 15 Pro. It is that simple!" 

It even shows you a picture of an iPhone 15 to make it look authentic. You’ll notice it has two green buttons for you to click that say, "GET STARTED." 

This scammer tries to fool you by using the words "Temu Confirmation," which sounds like a legitimate email confirming that your package is on its way. They urge you to click on the link that says, "Please Confirm Receipt," implying that you need to do so to receive your package.

They also add a deceptive message that says, "If you cannot see the images below, Click show images," highlighted in red. This is another way to trick you into clicking on the link.

Moreover, they use a sneaky tactic of labeling the message as "This message is from a trusted sender" and highlighting it in green, as if to reassure you that it is safe and authentic.

This email is a fake one that tries to imitate the Chinese shopping platform Temu. 

It uses the phrase "YOUR OPINION IS IMPORTANT!" in capital letters to get your attention. It then offers you a tempting reward: "a pallet of products from TEMU" with a picture to make it look real. It asks you to take a short survey to claim your reward by clicking on the big orange button that says "CLICK HERE" in capital letters. Don’t do it!

BEWARE OF THIS LATEST PHISHING ATTACK DISGUISED AS AN OFFICIAL EMAIL SENT BY GOOGLE

The scam email pretending to be from Target wants you to believe that you are a lucky winner. 

It uses the words "GIVEAWAY ENTRY WINNER" in large and bold capital letters. It also puts "Final notice" in the subject header, giving you a sense of urgency. The email asks you to take a short survey about your Black Friday shopping experience to claim your prize and wants you to click on the GET STARTED button. Don’t do it.

SCAMMERS EXPLOIT GRIEF WITH FAKE FUNERAL STREAMING ON FACEBOOK

As you’ll see in the "Delivery" messages below, the scammers are getting clever by sending a series of emails to make you think that you have a real package on its way to you, and/or you keep missing the delivery of this package. The emails say things like "We tried delivering your package," "Uncompleted Dispatch," "Third attempt," "Delivery unsuccessful" and "Your order will be canceled in the next 24 hours."

These emails are designed to create a sense of urgency and pressure you into clicking on the links that they provide. They want you to think that this company is really trying to reach you, so it must be real. But it’s a scam! However, these links are not from legitimate delivery companies but from scammers who want to steal your information or infect your device. If you are expecting a package, check the tracking number and the sender’s address carefully. Do not click on any links or attachments that you do not recognize.

This email claims to be from UPS, but it is actually a scam. It uses the UPS logo and colors to look authentic and is designed to trick you into clicking on malicious links. It starts with the alarming phrase "Delivery Unsuccessful" and tells you that you have one package waiting for delivery.

It then asks you to confirm your shipping details by clicking on either the "CONTINUE" or the "SCHEDULE YOUR DELIVERY" buttons, both in capital letters. Don’t do it!

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

This is another email pretending to be from UPS. It uses the words "order pending" to catch your attention, and it shows a picture of a package to make you think you have a delivery.

It then tells you that your parcel is stuck at a distribution center because you need to pay more postage. It asks you to go to a link to pay the fee. And it warns you that you have only 48 hours to do so, or else your package will be returned to the sender. It tries to create a sense of urgency by making you click on the yellow button that says "SCHEDULE FOR DELIVERY" in capital letters. Don’t do it!

One of the phishing scams we encountered recently is an email claiming that you've won a Rachel Ray Cucina Cookware Set. This email is particularly deceptive because it appears to come from a reputable retailer, Kohl's, but there are several red flags to watch out for. The email falsely claims to be from "Kohl's Department" instead of the official "Kohl's." This slight alteration is a common tactic used by scammers to trick recipients into believing the email is legitimate.

The email's reply-to address is tech@student.lvusd.org, which is clearly unrelated to Kohl's. Official emails from Kohl's would not use a student email address. The message includes phrases like "You have won a Rachel Ray Cucina Cookware Set" to create a sense of urgency and excitement, prompting you to click on the provided link without proper verification.

As you can see, phishing emails can be hard to distinguish from genuine ones, especially during the busy holiday season when you may receive many emails from various sources. However, there are some additional red flags beyond the ones we've already mentioned that can help you identify a fake email. Here are some of them:

Check the sender’s address and domain name. Fake emails often use spoofed or similar-looking addresses and domain names to deceive you. For example, an email from support@amaz0n.com or info@fedex.delivery.com is likely a phishing attempt. You'll notice in the Apple phishing email below the email address has just a bunch of letters and numbers. Always verify the sender’s address and domain name before opening or responding to an email.

Check the spelling and grammar. Phishing emails often contain spelling and grammar errors or use poor or unnatural language. For example, an email that says, "Dear Customer, Your order has been shipped. Please confirm your delivery address by clicking here." It is suspicious because it does not address you by name, uses a generic greeting and asks you to click on a link. Always read the email carefully and look for any mistakes or inconsistencies.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Check the links and attachments. Fake emails often contain links and attachments that lead to malicious websites or download malware to your device. For example, an email that says, "You have won a $100 gift card from Walmart. Click here to claim your prize." It is likely a scam. On a laptop or desktop, always carefully hover your mouse over the links and check the URL before clicking on them, and never open or download any attachments from unknown or suspicious sources.

Use strong antivirus software: The first and most crucial step to protect yourself from accidentally clicking on fake links in spam emails is to have strong antivirus software installed on your device. This software can detect and block malicious emails and links, providing an extra layer of security. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Do not open or reply to spam emails. This can confirm your email address to the sender and encourage them to send you more spam. It can also expose you to malicious links or attachments that can harm your device or data.

Mark spam email as junk or spam. Most email providers have a feature that allows you to flag spam emails and move them to a separate folder. This can help you filter out spam emails from your inbox and also improve the spam detection of your email provider.

Do not share your email address publicly or with unknown sources. This can reduce the chances of your email address being collected by spammers. You can also use a disposable or email alias for signing up for online services that you do not trust or need.

Use a personal data removal service: Scammers can obtain your information from various online sources, including data brokers, people search sites and public records. Using a data removal service can help reduce your digital footprint, making it harder for scammers to access your personal information. This proactive step can be crucial in preventing identity theft and minimizing the chances of falling victim to scams during the busy holiday season.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

YOUR EMAIL DIDN'T EXPIRE, IT'S JUST ANOTHER SNEAKY SCAM

If you realize that you have clicked on a link or opened an attachment from a fake email, don’t panic. Here are some steps that you can take to minimize the damage and protect yourself:

1. Disconnect your device from the internet. This will prevent any further communication or data transfer between your device and the malicious website or malware. You can do this by turning off your Wi-Fi or unplugging your ethernet cable.

2. Scan your device for malware. Use a reputable antivirus software to scan your device and remove any potential threats. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.  Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

3. Change your passwords. If you have entered or provided any passwords or personal information on the malicious website, you should change them as soon as possible. Consider using a password manager to generate and store complex passwords.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. You should also enable two-factor authentication for your online accounts, which adds an extra layer of security by requiring a code or a device confirmation in addition to your password.

5. Monitor your accounts and credit reports. If you have entered or provided any financial information on the malicious website or link you clicked on, you should monitor your bank accounts, credit cards and credit reports for any suspicious or unauthorized activity.

6. You should also contact your bank or credit card company and inform them of the incident. You may need to cancel or freeze your cards or accounts to prevent any further fraud.

7. Report the phishing email. You should also report the phishing email to the sender’s legitimate organization, such as your bank, retailer or delivery service, and to the authorities, such as the Federal Trade Commission (FTC) or the Anti-Phishing Working Group (APWG). This will help them to take action and prevent others from falling for the same scam.

8. Use identity theft protection services if you entered your personal information on any links you clicked on or websites that you were directed to. Identity theft protection companies can monitor your personal information (home title, Social Security number, phone number, email address) and alert you in the event they become breached. It can also alert you if any of these are being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

Unfortunately, as the holiday season unfolds, cybercriminals are also getting into the "holiday spirit" by increasing their efforts to exploit your trust and distractions. By staying alert and applying the tips we’ve discussed, you can enjoy the season without falling victim to their schemes. Remember, phishing emails are designed to play on your emotions — whether it's excitement, urgency or curiosity. Always take a moment to verify the authenticity of any message before clicking on links or sharing personal information. When in doubt, reach out directly to the company or service in question through its official website or app.

Do you feel that companies are doing enough to protect consumers from phishing scams? Why or why not?  Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.