With Christmas weekend upon us and many are still looking for the best last-minute deals, we noticed we are receiving an increasing amount of holiday related spam emails. We have been monitoring the amount of spam emails received this month and we noticed a trend where the amount received increases during the weekends. Not surprising since consumers are spending more time shopping online so cybercriminals have become more aggressive and creative with their tactics.
The following are some of the common email subjects:
- Don’t Wait! 80% off Christmas Sale
- Christmas Sale Find the Perfect Gifts Now
- Congratulations! You can get <insert merchant> $50 gift card!
- Save up to 80% off on the perfect gift for everyone
- Get a Drone as a gift
- Ahoy! Christmas Special!
- Hottest Christmas Gifts of 2021
Most of these emails are purporting to come from popular department stores promising gift cards, that when clicked would take you to a URL different from the real merchant’s website. The consumer will then be asked to enter their personal information and to participate in a number of “offers” often costing money in fees or subscriptions without the guarantee of ever receiving the products and services or the free gift card at the end of the process.
Some new tactic observed this year was the use of shortened URL masking the real website address where the link would take you. Adding a layer of trickery, to fool users into following links they otherwise wouldn’t click.
Another new trick this year, was adding a captcha to determine whether the user is actually human or bot.
They now also add a countdown timer to increase urgency and drive victims to act.
Rewards are too good to be true.
In this example, the user is asked to pay for a small amount to ship the reward in exchange for their credit card information.
We urge our users to always be vigilant and cautious with any unsolicited email and to avoid providing any personal information, particularly if you are not certain of the source.
SonicWALL Capture Labs Gateway Antivirus and Email Security service constantly monitor and provide protection against such malicious spam and phishing threats.