ADVERTISEMENT
TechEconomy
Tuesday, June 3, 2025
No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Podcast

Home » Phishmas: Defending Against Holiday Scams

Phishmas: Defending Against Holiday Scams

Techeconomy by Techeconomy
December 26, 2022
in Security
0
Phishmas - Defending Against Holiday Scams
Image Credit: avanan.com

Image Credit: avanan.com

RelatedPosts

SMS Scams on the rise

SMS Scams Surge 73% | Data Finds Key Trends

June 2, 2025

IHS Nigeria Commissions 65 Patrol Vehicles to Enhance Telecoms Tower Site Security

June 2, 2025
  • Phishes roasting in an open email…malware nipping at your nose. It’s Phishmas and all the hackers are stirring–even your mouse!

  • It’s that most wonderful time of the year–Phishmas, when hackers get out their naughty and nice list and check it twice. It’s the holiday season when hackers are hard at work trying to phish as much as possible.

  • In fact, according to Check Point, 17% of all malicious files distributed by email in November were related to orders and shipping; one scam involving a fake Louis Vuitton domain saw 15,000 attacks in a week.

Check Point Software Technologies Ltd., a leading provider of cybersecurity solutions globally, believes that in December, this will reach a crescendo. We’ve taken a number of different attacks that are circulating this holiday season and put them together so you can see the potential impact these can have.

These attacks tend to take advantage of shipping and package notifications, as you can imagine, but they go beyond that. We’ve seen a noted increase in impersonation and payment fraud.

You need money to pay for holiday gifts, and impersonating payment notifications or direct deposit can be a great way to scam someone out of money.

Just remember, when it comes to the holidays and email security, it’s much easier to prevent presents from being bought as opposed to taking them away after they’ve been placed under the tree.

Direct Deposit Scam

In order to buy presents, you need money. In that vein, we’re seeing an influx of phishing campaigns surrounding Direct Deposit.

The general idea is that a scammer will pose as an employee asking HR or a manager to change their direct deposit information.

Phishmas - Defending Against Holiday Scams

Advertisements
MTN ADS

In this email, a scammer is impersonating an employee. However, the sender address is a Gmail account. The person asks to change their direct deposit information. Of course, if the change is made, payments will go to the scammer, not the employee.

And if that’s the case, it will make for a bleak holiday for the company and employees alike.

Though this happens all the time, the fact that we’re seeing an influx around the holiday is an interesting trend. It means that hackers are actively targeting people when they are likely to spend their money the most. Here’s the latest example:

Phishmas - Defending Against Holiday Scams 2

You’ll notice that the email comes from a “proton.me” address, and not the company’s address. That’s a tell-tale sign that something is amiss.

In this case, the formula remains the same. Ask for HR to change direct deposit details. Money gets diverted elsewhere.

Direct Deposit scams are common. In fact, here’s another example we have found:

Phishmas - Defending Against Holiday Scams

These scams are not super sophisticated. What makes them tricky, however, is the lack of malicious link or attachment. Security scanners often look for those items, since if it’s malicious, it’s an easy block.

When it’s just text, it becomes a bit harder. It’s not entirely out of the ordinary for an employee to change their bank account information. People change banks; sometimes they want their money deposited into multiple accounts. This email in and of itself is not malicious.

The text, however, is where the danger lies. A good email security solution would see that the sender address doesn’t match the company address and block it accordingly

The Verification Email

During Phishmas, you can expect a large increase of phishing emails from shipping companies like UPS, DHL, and FedEx. End-users receive tons of legitimate emails from these companies, making these scam emails seem more legitimate.

In this email, we see a spoof of UPS. The scammers are asking for the user to confirm their email address.

That link, however, goes to a credential harvesting page.

Phishmas - Defending Against Holiday Scams

Notice that the sender address is not actually from UPS. This holiday season, check sender addresses before responding to anything–and be sure to check it twice to see who is naughty or nice.

USPS Delivery Status

Of course, we also expect to check delivery companies for package and delivery status.

Hackers know this and will use it to phish their victims. This example is no different. In here, the email comes from the salesperson at the store, trying to be helpful. The salesperson is saying that the USPS wasn’t delivered and attaches an email that claims to come from USPS.

Phishmas - Defending Against Holiday Scams

This is part two of the email.

Phishmas - Defending Against Holiday Scams

The link to “Receipt” goes to a OneDrive page, meaning the malicious content is hosted via the file-sharing platform. This is another example of The Static Expressway.

There’s also a call to urgency, with an “overdue date” that will cost the recipient $5.25 a day in storage.

Further, notice how they say you can ask for help at USPS.gov. Note that the official USPS URL is USPS.com

When getting shipping emails this Phishmas season, it’s important to pay attention to:

  • The Sender Address
  • The Grammar
  • The Logic

What do we mean by logic? Many phishing emails don’t follow standard logic. For instance, paying to verify your address. Or saying, “Dear Email User”. When evaluating an email, if the logic isn’t there, it’s probably not safe.

The FedEx Sender Spoof

You must make sure you know how to spot all the signs of a bad email.

This email claims to come from a Fedex.com address–although in this case, it’s a clear spoof of the domain.

That’s the only thing that ties to shipping. Everything else is a really poor spoof of a McAfee subscription. There are spelling errors everywhere–it would be a good idea to spell McAfee right in the spoof.

Holiday mails

The URL is a clear credential harvesting scheme.

When you see an email like this, even if the sender address appears legitimate, look at the rest of the email. That will alert you that the sender address is actually a spoof.

Is Your Address Correct?

We’ve all gotten some variant of this email before, even legitimate ones. A package can’t be delivered. Maybe they couldn’t get access to a building; maybe the address was typed incorrectly.

This attack, which does a fairly good job of spoofing FedEx, claims that FedEx couldn’t deliver your package, because the delivery address was wrong.

Holiday mails

In order to remedy this, they want you to fill in some information on an attachment. This attachment is actually fairly common, and it is indeed malicious.

The Failed Delivery

There are few things more frustrating than getting a notification that a package couldn’t be delivered. It requires far too much work to get it back on track. But when you have a package that needs to be delivered, you’ll do what it takes. That’s what this phishing scam aims to take advantage of.

Holiday mails

In this email, the URL at the bottom links to a downloadable component. The email kindly asks you to download it, and to ignore any warnings that it may be dangerous. That should be the ultimate signal something is off.

Summary

This Phishmas, be on the lookout for a tremendous number of attacks. Hackers want to be the Grinch and steal your holiday cheer. But if you look at an email properly, you can stay safe. Here are some things to pay attention to:

  • Sender Address
  • URL
  • Logic

And if unsure, always check your account on your online shopping store or courier company by directly typing in the URL into the address bar.

Loading

Author

  • Techeconomy
    Techeconomy

    View all posts
0Shares
Tags: Holiday emailPhishmas
Previous Post

OKX Publishes Second Proof-of-Reserves with new Features, Commits to Monthly Reports

Next Post

Nigeria Needs at least N3.7tn to Tackle Poverty

Techeconomy

Techeconomy

Related Posts

SMS Scams on the rise
Security

SMS Scams Surge 73% | Data Finds Key Trends

by Joan Aimuengheuwa
June 2, 2025
0

Key Findings The brands that scammers imitate the most are USPS (15.43%), IRS (11.71%), and Amazon (7.71%)– over 170 other brands were identified....

Read more
IHS Nigeria and Tower sites security

IHS Nigeria Commissions 65 Patrol Vehicles to Enhance Telecoms Tower Site Security

June 2, 2025
Cyberdefence SensePost

SensePost debuts SecDevOps: A developer-oriented Security Training Course

May 29, 2025
Check Point to acquire Veriti

Check Point to Acquire Veriti Cybersecurity

May 28, 2025
Autonomous Cyber threats | Nigeria - Transparent Transformation, Bridging digital divide, Nigerian Businesses and cybersecurity by Oluwole Asalu

Nigeria Must Prepare for the Rise of Autonomous Cyber Threats

May 27, 2025
DDoS and NETSCOUT

Nigeria, Mali Lead West Africa in DDoS Attacks for Late 2024, Says NETSCOUT

May 27, 2025
Next Post
Poverty

Nigeria Needs at least N3.7tn to Tackle Poverty

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Techeconomy Podcast

Techeconomy Podcast
Techeconomy Podcast

Infowave is brought to you by TechEconomy. Every week we will bring new stories from startups and influencers who are shaping and changing the world we live in. We’ll also bring you reports on topics you should know.

Follow us @techeconomyng for more.

TECH TALK EPISODE 2
byTecheconomy

PRODUCTIVITY AND WORK-Life Balance

TECH TALK EPISODE 2
TECH TALK EPISODE 2
May 22, 2025
Techeconomy
CYBERSECURITY ESSENTIALS
April 24, 2025
Techeconomy
Digital Marketing Trends and strategies for 2025 and beyond
February 27, 2025
Techeconomy
Major Lesson for Techies in 2024 and Projections for 2025
December 6, 2024
Techeconomy
Major Lessons for Techies in an AI-Driven World | Techeconomy Business Series Highlights
November 26, 2024
Techeconomy
Maximizing Profitability Through Seasonal Sales: Strategies For Success
November 8, 2024
Techeconomy
Techeconomy Business Series
October 15, 2024
Techeconomy
PRIVACY IN THE ERA OF AI: GETTING YOUR BUSINESS READY
May 30, 2024
Techeconomy
Unravel the Secrets of Marketing Everywhere All At Once with Isaac Akanni from Infobip | Infowave Podcast Episode 1
February 9, 2024
Techeconomy
The Role of Ed-tech in Life Long Learning and Continuous Education
October 19, 2023
Techeconomy
Search Results placeholder

WHAT IS TRENDING

https://www.youtube.com/watch?v=g_MCUwS2woc&list=PL6bbK-xx1KbIgX-IzYdqISXq1pUsuA4dz

Follow Us

  • About Us
  • Contact Us
  • Careers
  • Privacy Policy

© 2025 Techeconomy - Designed by Opimedia.

No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS

© 2025 Techeconomy - Designed by Opimedia.

Translate »
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.