By Ali Sawyer   /   Dec 10th, 2014

Holiday Cybersecurity | Hackers Try to Profit from Holiday Shopping

Hackers will try to capitalize on the wave of holiday spending this month by launching phishing scams against consumers. Security firm We Live Security reported on their blog that they observed a couple of new phishing emails purporting to come from popular retailers Costco and Home Depot. Each email discusses a supposedly recent purchase and includes a link where users can apparently see more details about their order. These emails represent a trend of phishing scams that take advantage of the holiday shopping frenzy, which we can expect to see more of this month.

How can I identify a phishing email?

Most phishing emails contain clues indicating their inauthenticity, and these newly discovered emails are no exception.

Home Depot phishing email (via We Live Security)

Home Depot phishing email (via We Live Security)

The Home Depot email contains a big giveaway in the upper righthand corner: “SIGN” is misspelled “SING.” The email ends with “Our blessings to you,” an awkwardly personal farewell for an order confirmation email from a retailer.

Costco phishing email (via We Live Security)

Costco phishing email (via We Live Security)

Again with the Costco email, the sign-off “Truly yours” is more personal than you would see in a legitimate order confirmation email.

Both emails use the strange phrasing that the company has received an order whose personal data matches your personal data, something an authentic order confirmation email would never need to explain. Both emails also express a sense of urgency by giving a time constraint: “Home Depot” says you can receive your order within 5 days and “Costco” says you can reserve your order within 4 days. This is a commonly used phishing trick to try to get you to click fast.

What should I do if I receive one of these emails?

If one of these emails lands in your inbox, your best move is to delete it immediately. If you clicked on a link in one of these email and entered your credit card or other personal information, make sure to monitor your credit card activity and reset your passwords if necessary.

How do I protect myself and my employees from emails like this in the future?

If these emails are slipping into your inbox regularly, it’s a good idea to set up a stronger spam filter. Beyond that, the best way to combat phishing emails is education and training. With LMG’s social engineering tests, you can gauge how likely your employees are to fall for a phishing scam and train them about the dangers of phishing emails, protecting your company from future attacks like these.

CONTACT US