(405) 919-9901

by Dave Moore, CISSP

12/05/2021

“You may be eligible to receive some of the education stimulus bill!” “Did you suffer a Gallbladder injury while using Birth Control?” “We want to buy your home for Christmas! Sell Your Home Today!” “Make $10000 for Christmas!” “Bounci36D sent you a Holiday picture!”

As the holiday season moves in, many people will notice a huge increase in unwanted email. The message subjects listed above are a very small representation of what’s in store. The Internet bad guys make a huge effort every holiday season to scam as many people as possible, and this year will be no exception. While some spam is from legitimate marketers, most of it is not. Experts say at least ninety percent of all email worldwide is spam.

Many spam emails will have subject lines that simply read, “Christmas.” Upon opening the message, the reader finds a link leading to a shopping website that has unbelievably good deals on all sorts of fabulous merchandise. This is where things start to go downhill. The website is probably bogus, and you’ll never get anything out of the deal other than a big, fat credit card bill and the displeasure of knowing you have become a victim of identity theft.

Some dangerous spam emails contain links to alleged shopping websites, but when you click on the link, a message pops up telling you that you need to install a special “viewer” or some other file in order to see all of the good deals on the website. When you install the viewer, guess what you’ve really installed? A virus, of course.

Another way that spam emails sucker in their victims is the promise of E-cards, or electronic greeting cards. You may receive an email claiming that “a friend” has sent a Hallmark holiday greeting card. Click on the greeting card attachment, and, bam, your computer is infected with a virus. My rule for opening email attachments is as follows: the email has to be from someone I know, and they have to tell me, in the text of the email, something like, “Hey, Dave. I am sending you an attachment. Here’s what it is (include description). The attachment’s file name is (include file name).” If I do not have that information, then the email and its attachment go in the trash.

It also pays to be wary of emails coming from unknown, but official-sounding sources. Pennsylvania State University once issued an alert stating that bogus emails were being sent to students and faculty from email addresses such as administrator@psu.edu, webmail@psu.edu. and helpdesk@psu.edu. The official-looking emails were asking students and faculty to provide their user IDs and passwords, but the messages were fraudulent. They were also warned against holiday spam messages selling fake Rolex watches, offers to win gift cards or bogus electronic greeting cards. After all, what student could resist an email that said, “The Dean of the School of Architecture has sent you a greeting card?”

Messages like this are called “phishing” emails, as if someone was by the side of a lake with a pole and bait, “fishing” for victims. Some more devious, targeted scam emails are called “spear phishing,” as they contain personal details like your name, hometown, employer, etc. “Whaling” emails are even more insidious, attempting to trick ignorant company bosses or high-end managers (the “whales”) into giving up company secrets, like passwords, corporate bank accounts, etc.

Most holiday spam scams can be thwarted by using a little common sense. Keep your antivirus/antispyware programs updated and running. More than anything, though, be suspicious of everything and be careful what you click on. For a very good, in-depth discussion of scam emails, visit www.avg.com/en/signal/what-is-phishing. Happy holiday emailing.

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org