Holiday shoppers should be on high alert for email scams

connectVideoAre spending limits is the key to a happier holiday?

Ramsey Solutions’ Rachel Cruze explains.

Holiday shoppers should be on high alert for spam-scams, a new report.

Malicious e-mail disguised as delivery notes or purchase invoices are particularly effective during the holiday season when shoppers are active, says F-Secure, a Helsinki-based cybersecurity company.

“The type of spam that criminals use do not appear as spam to many people this time of the year,” said F-Secures behavioural sciences analyst Adam Sheehan in a statement.


The “failed delivery notice scam works because it plays on our trust in big brands that we have to deal with on an almost constant basis,” F-Secure said.

In a way, online criminals are amateur behavioral scientists. “They know that we tend to click before we ask questions,” the cybersecurity company said.

Tests performed by F-Secure that simulated Black Friday and Cyber Monday phishing e-mails saw 39 percent more people on this than at other times of the year. Phishing is when an attacker pretends to be a reputable organization, company or person.

F-Secure’s research cites spam campaigns — sent out to a huge number of e-mail addresses — as the most common method for cyber criminals to spread malware in 2018, accounting for 9 of the 10-infection attempts through the year.

A whopping 69 percent of the spam campaigns attempt to trick users into visiting malicious websites and downloading malware-laden file, or other malware, which results in infection, F-Secure said. Malicious attachments were used in the remaining 31 percent, F-Secure added.

Other data points:

  • Banking malware is the most frequently detected malware delivered by spam.
  • The majority of the spam campaigns seen by F-Secure target-users in the US, EU, Canada and Japan.

Retailers try to become better in spotting fraudsters

Shopper-targeted spam “warm up just for the holidays, as cyber criminals rely on the consumer are in a hurry,” said Ryan Wilk, VP of Customer Success for Mastercard property NuData Security, in a statement to Fox News.

Their goal is to steal consumer credit card or account information. “They [the criminals] use this information to take over accounts or the use of the credit cards to steal goods and services online,” Wilk said.


But retailers are fighting back. Sellers are now becoming more aggressive in trying to separate real customers from fraudsters, Wilk added.

With the help of behavioral analysis and a technique known as a passive form of biometrics which analyses customers ‘ patterns and habits, retailers can have their game, according to Wilk.

“Traders…are in a position to determine whether the rightful user has access and to perform transactions on the account, or if a cybercriminal at work,” Wilk said.

So, what should consumers do? “Keep your system updated and running security software at all times. And train yourself not to click on links in e-mails—especially e-mails related to the shipping industry,” F-Secure said.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular