The two biggest shopping days of the year may be over but if you haven’t checked off everyone on your list yet, these are some of the best Christmas deals you can still get. However, be warned, there are still plenty of holiday scams making the rounds online.
The holiday shopping season can be a stressful enough time as it is but becoming a victim of fraud or even identity theft can make things even worse. If you’re doing a lot of your shopping online this year, the three scams below are ones you’ll certainly want to look out for so that you can get your last minute shopping finished safely.
Direct deposit scams
Paying for all the gifts you’re buying this year can be difficult, especially when your paycheck gets deposited into the wrong account. Security researchers at Check Point have observed an influx of phishing campaigns where scammers pose as an employee and ask HR or a manager to change their direct deposit information.
In these emails, the scammers ask to have their bank information or details updated before the next pay period. For most employees in the U.S., that would be on December 15 which would certainly make picking up last minute gifts and the holidays in general, a real nightmare.
There isn’t much you can do to avoid this one, as this scam comes down to the HR departments or managers targeted. However, you should keep a close eye on your inbox and make sure you don’t get any emails about your direct deposit details being changed. It might also be worth letting someone at your company know about this scam if they aren’t already aware of it.
Verification email scams
All of those holiday purchases have to get delivered by companies like UPS, FedEx and DHL, which is why scammers frequently impersonate them in their phishing emails. If you ordered a lot of items on Black Friday or Cyber Monday, your inbox is likely filled with emails from both online retailers and shipping companies.
A holiday scam currently making the rounds involves scammers impersonating delivery companies asking users to confirm their email addresses. While this may seem harmless at first glance, clicking on the link in the email below takes users to a credential harvesting page.
In this case, inspecting the email address closely reveals that the sender address isn’t actually from UPS. To avoid falling for this scam and others like it, always check sender addresses before responding or clicking on any in-body links in an email.
Failed delivery scams
There’s nothing worse than finding out an item you ordered online wasn’t delivered when shopping for the holidays. Scammers are well aware of this feeling which is why they use failed delivery emails in their campaigns.
The email below informs a user that their package wasn’t delivered but they can click on the included link to reschedule the delivery. While the link itself is quite suspicious and comes from “rahuldubey[.]com” instead of from UPS’ official website, a panicked shopper may decide to click on it since the scammers have instilled a sense of urgency due to the fact that they may not get their package in time for the holidays.
If you receive an email like this, the first thing you should do is check the site of the retailer where you ordered the item from to see if there really were problems with the delivery. This way you can easily find out if you’re dealing with a scam without putting yourself at risk by clicking on any of the links included in the email.
How to avoid falling for holiday scams
There are quite a few steps you can take to stay clear of scams this holiday shopping season to ensure you get all of the items you order without giving up your financial or other personal information in the process.
First off, you should only buy items from authentic and reliable sources. This means shopping at known retailers and avoiding following any deals sent to you via email or text message. Instead, you want to navigate directly to the retailer’s site yourself where you can look to see if a great deal is really available.
At the same time, you want to be aware of the domain names of the sites where you’re shopping. Lookalike domains acquired through typosquatting may appear to be legitimate at first glance but upon closer inspection, you may see that the company’s name is misspelt or that the site is using the wrong top-level domain (.tv instead of .com for instance).
Password reset emails are another thing you want to look out for in your inbox. With so many purchases being made over the holiday season, scammers like to try and trick users into giving up their credentials by making them think their passwords for Amazon, Best Buy, Walmart or other popular retailers have been reset.
The holidays are one of the busiest times of the year for scammers but if you shop carefully and keep a clear head when doing so, you can avoid being tricked into falling for a holiday scam.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.