How to Stay Safe Online During the Holidays

Black Friday and Cyber Monday are long-standing shopping and eCommerce traditions that many look forward to every year, and holiday shopping accounts represents a vast amount of consumer purchases. But there are more sinister actors anticipating these holidays as well.

Why The Extra Caution?

Cybercriminals exploit the urgency and chaos of the holidays, including events like Black Friday and Cyber Monday, to trick you into falling for scams that you might otherwise avoid. Kaspersky, a cybersecurity and anti-phishing firm, detected over 92,000 spam emails containing the keywords “Black Friday”. Kaspersky also reports nearly 800,000 attacks mimicking Amazon per month since July, more than double that of the first half of the year with an average of about 300,000 per month.

Cybercriminals ramp up their attacks during this time, casting a wider net and phishing more victims. By taking advantage of the holiday hype cybercriminals increase the volume of attacks, and fine-tune their deception methods. While phishing attacks are normally difficult to detect, cybercriminals often craft even more deceptive spoof landing pages, emails, or SMS attacks, as the potential for a successful attack is increased.

Awareness and the right tools are the best way to prevent becoming a scam victim.

Tips to Stay Safe

When browsing, scrolling, or checking any messages, remember to keep your eye out for common phishing red flags. Follow these tips to stay safe:

Email

The holidays are a great time for companies to ramp up their promotions, as nearly 30% of annual sales for retailers are made in the last quarter. So, you’ll likely see an increase in communications from your favorite brands in your inbox. And while email is a great marketing channel for these companies, it is also preferred by cybercriminals. In fact, 91% of cyberattacks originate from phishing emails. Here’s how to keep your clicks safe in your email:

1. Educate Yourself and Others: Phishing is a cycle, and if you are phished, the attacker will likely attempt to exploit your online network of contacts as well, spreading the scam like wildfire. The first step is to become aware of the threats you may see this time of year but also to ensure those you interact with online are safe too. Hey, maybe you could even send them this article!
2. Be Skeptical of All Emails: Treat every email with caution, especially those that prompt you to click on links or download attachments. If an email is requesting you to log in, navigate to your browser and log in using the legitimate website, not the link that the email provided.
3. Verify Email Sources: Sometimes it’s easy, but it often can be difficult to tell a real email address from a fake one. If an email address looks in any way suspicious, exit the message, and report it for phishing (if your email provider offers the option). If the content of the message seems legitimate, verify the email address through your browser or another source before interacting with the message.
4. Look Closely at the Email: While cybercriminals are polishing their attacks, sometimes you can spot phishing red flags in the content of an email. Look at formatting, branding, language, grammar, and URL structures. If anything seems off, return to safety.
5. Click Verified Links: Whag offers URL verification, so when you send your friends and family links, they know that they can be trusted. Use Whag links in your emails, so that everyone knows exactly who sent them.

Fake Online Stores

Spoofed phishing pages are another way that hackers can trick you. By impersonating a trusted brand or eCommerce site hackers can fool you into entering your information, which they can then use to take over your social profiles, email accounts, or even bank accounts. Look closely for these signs that a page might be spoofed:

1. Check the URL: Often, scammers will hide elements within a URL to disguise it as real, or do a character swtich that you might not notice. Look for extra words, excessive-hyphens, or added punctuation. Also, check the top-level domain, if you find yourself on Amazon.cn instead of Amazon.com quickly exit the site.

• Also, check for an SSL certificate. To do this, look the the beginning of the URL and you’ll see HTTP or HTTPS, if there isn’t an “S” that means the website is not secure.

1. Look at the Content of the Page: Similarly to phishing emails, you can sometimes identify spoof content based on page formatting, font styles, branding inconsistencies, spelling and grammar issues, or language that the company wouldn’t normally use. These can be difficult to identify, as 97% of people can’t identify a sophisticated phishing attack.
2. Don’t Log in Anywhere You Can’t Verify: If you can’t verify the legitimacy of a page, it’s better to play it safe and don’t enter any login credentials. Instead, visit the legitimate page by searching for it in your browser.
3. Watch Out For Ads: Surprisingly enough, hackers can buy advertisements on the Google search results page and banner ads on different websites. See something you like? Find it by looking it up, not by clicking a search or display ad.

Social Media

47% of US consumers have made a purchase on social media, highlighting the prevalence and activity on these platforms. But we aren’t the only people looking for shopping inspo on Instagram, cybercriminals could be waiting for you. Here’s how to stay alert when engaging on social media, and how to prevent getting phished:

1. Verify Users in Your Network: If you get a message from a friend or family member offering you a discount code, or if someone you see posts a deal on their story verify that it is actually them who’s posting or messaging. Cybercriminals are impersonation pros and may have even compromised a legitimate account. When viewing content from brands on social media, don’t click any links, verify the legitimacy of the account, and visit their site through a web browser rather than interacting directly on social.‍
2. Be Wary of Promotions: Deals or discount codes on social media are popular around the holidays. However, if you see a seemingly legitimate advertisement that seems too good to be true, it probably is. Again, visit the site on your browser and claim your deal there.‍
3. Fake Accounts or Influencers: You may also experience influencers or brand ambassadors reaching out to you with promo codes or discounts. However, they may be being impersonated. Confirm the user identity, and be cautious when clicking on links from social media.

Delivery Scams

Hackers may email or text message you via SMS discussing a problem with a package, an order needing confirmation, or prompt you to track a package. These are very common phishing scams that fool thousands a year. If you want to check the status of a package or confirm order information, don’t click on any links sent to you, instead navigate to the legitimate page and view the information there.

What To Do If You Think You’ve Been Phished

1. Immediately look out for a download: When you click a malicious link, it’s possible malware was downloaded to your operating system. Look in your system download history and browser download popups; if you see a download that may be malicious, do not open the file. If you think you’ve been compromised, best practices suggest running a trustworthy malware scanner. We’ve compiled a list of free, well-reviewed scanners for you to use in case of a breach.
2. Don’t enter any personal information: When cybercriminals capture your personal information there are an infinite number of ways they can use it. They can deceive your contacts, access your accounts, manipulate your internet or cell phone providers, advance the cycle of phishing, and, in the worst case, steal your identity. If you’ve clicked a suspicious link, never provide them with your sensitive information!
3. Change your passwords: Even if you haven’t entered any personal information, the hacker may have accessed sensitive data via the click alone. You should begin changing your passwords immediately. Begin updating your mission-critical accounts like your bank accounts, emails, Google and Microsoft accounts, and social media accounts.
4. Report it! Not all heroes wear capes. Do your part and take pride in protecting the people you care about online. Phishing is a cycle that is perpetuated when it stays hidden but if we work together, we can stop it in its tracks. If you’ve been phished and believe it may affect your workplace, inform your superiors immediately. Report any malicious emails to your email provider and use Whag’s community Blocklist to report malicious URLs ASAP.

To learn more about what to do if you think you’ve become a victim of phishing, check out our blog post here.

The Importance of Staying Safe Online During the Holidays

Black Friday and Cyber Monday introduce compelling opportunities for deals but don’t let the urgency and excitement cost you. The consequences of falling victim to a phishing attack are real and can be catastrophic. We created Whag so that you don’t have to worry. Whag is an innovative online platform that verifies URLs to prevent successful phishing attacks. It allows users to create and share Verified Links, authenticated by connecting various social media platforms, which ensures a safer and more secure online experience. By using Whag, users can easily distinguish between legitimate and malicious links, share trustworthy links with contacts, and establish credibility in online circles. At Whag, we dream of a future where no one has to worry about phishing, but for now, we advocate for awareness and provide an innovative un-phishable solution to protect yourself and those you care about. By joining Whag and following the tips outlined in this article, you’ll be ready for a holiday season full of community, joy, and, most importantly, safety.

Sign up today and help us fulfill our mission of creating a trustworthy online environment for everyone! https://www.whag.me/join

‍