For businesses: 4 tips to avoid email scams in the holiday season

Updated at: Dec 03, 2020
By Gatefy

Warning sign representing scams in the holiday season.

We know and you also know that the holidays are an awesome time for everyone, including cybercriminals.

It's when people are lowering their guard, thinking about the year that is about to end, receiving emails with discounts and promotions, and also preparing for shopping.

Inside the companies, the scene repeats itself.

Employees are finalizing the last obligations of the year and receiving various emails with requests, offers, gift cards and thank you messages. It’s precisely at these festive times of the year that the volume of phishing and spear phishing emails usually increases.

How to prevent email scams in the business

Every year we hear of companies and people who fall into email frauds during the holiday season. What we say here at Gatefy is that there isn’t such a thing as a best time of the year to protect yourself.

You need to be protected year-round no matter what. This means that your business also needs to be protected all the time.

Here we have a list to help you avoid email scams during the holiday season. Share some of these tips with your employees and coworkers.

1. Gift cards scams

To get started, beware of free gift card emails. Most of the time, this is a phishing scam to get sensitive information.

Now think of another typical example of gift card scam: an employee receives a request from a director to buy gift cards for business reasons.

The employee buys gift cards, but he doesn't realize that the message didn't come from the director. He was lured and deceived by a cybercriminal who compromised and spoofed the director's email and impersonated him.

This is a BEC scam (Business Email Compromise), a type of advanced and targeted scam.

2. Spoofed websites

Thousands of phishing sites are created daily. They are replicas almost identical to the original ones. Then the hackers use email campaigns (or phishing) and social networks to spread them.

So beware of fake domains. Just to give you a real example: www.ray-ban.com isn't the same as www.rb6.us.

When it comes to companies, a fraudster can create a fake website of a partner and send an email to an employee requesting him to update the company's data and the payment information.

3. Shipping scams

This is another popular type of phishing attack. Criminals use the name of well-known companies, such as UPS, FedEx, Walmart, and Amazon, to apply scams in the shopping and shipping season.

In general, they send an email with a malicious URL or attachment under the pretext that the victim needs to update delivery information, needs to download a shipping label, or even track a package.

The result is a data breach, a malware infection, or both.

 4. Awareness training

We've been talking a lot about security awareness. It's critical to keep your business protected.

Most cyberattacks begin with human failure. That said, gift card scams, spoofed websites, and shipping scams will only succeed if someone falls into the fraud.

So train your team to recognize the main characteristics of threats.

Bonus: email security solution for companies

To add new layers of protection, you should also look for email protection solutions. Take a look at Gatefy Email Security and Gatefy Anti-Fraud Protection.

As we say, it is always good to be prepared and protected. The whole year, of course!