I cannot believe that it is that time of the year already. I, of course, am talking about that it is time for the holidays. With all the holiday spirit and cheer, attackers are certainly near. With that being said, here are two phishing tactics commonly seen around the holidays.

That's not my package!

One of the best scams for this time, in my opinion, are the fake notifications from UPS, FedEx, DHL, USPS, etc...

Many of these scams rely on the fact that you've probably ordered something these holidays. Generally, the email will state that there has been an issue with delivering your parcel and that you should print a receipt or unzip a zip file containing your information, or that you need to go to the handy link in the email for more information.

Don't fall victim to these, please.

  • DO NOT click links like these in emails. Try tracking the package from the actual provider site.
  • Generally speaking, a carrier will NEVER send you a zip file.
  • As mentioned, track you parcel via navigating to the provider's actual site.
  • Inspect the email address of the sender!
That's not my order!

Another tactic to be aware of is that some scammers may pretend to be places such as Target, Amazon, Best Buy, etc... An attacker may, for the sake of example, send you an email such as:

Dear Customer, 

There has been an issue processing your recent order. Please login to manage your orders. We apologize for the inconvenience.


Thank you,
Random Company You Buy Things From.

Just as mentioned above, don't go all willy nilly and click random links in emails. First, check to see who the email is coming from; is the domain correct? Also, actually go to the store's website and login to view your orders; don't believe everything you receive in your inbox.

Heck, sometimes you should not even open what may seem like a phishing email. Why? Well, if your email loads remote content, you may have just signaled to an attacker that you just opened the email.

Scammers and phishers are always changing tactics, keep vigilant and follow standard guidelines.

I don't want to bore you with a post on how to remain vigilant against phishing and the like, instead, I will point you to some posts on the topic: