By REBECCA RUTHERFORDLos Alamos
The holidays are over; you’ve probably put your tree away, taken down the lights, but … scammers aren’t ready to call it quits just yet.
If you are anything like most American shoppers, you probably spent a lot of money on gifts over the holidays, and likely earned reward points through your retailer for shopping.
According to a warning issued from the BBB (Better Business Bureau) crooks are sending phony emails and texts that look similar to messages from big retailers urging you to redeem reward points accrued from all that holiday shopping.
How it Works
First, you receive an unsolicited email or text message that appears to be from a major retailer. There have been reports that scammers are frequently using retailers like Amazon, Kohls, and Costco, but any company with a rewards program can be spoofed. The subject line frequently reads, “You have a new reward to claim” or something similar.
When you open the message, it looks real- it is shockingly easy to create a realistic phishing message.
The bad guys can emulate the company’s logo, colors, and spoof a link to the company’s website without breaking a sweat. These guys play on your emotions, your curiosity, and they are hoping that you will click the link. When you click, they can take you to a phishing landing page they created (if you look closely you will notice the URL is wrong) and steal your credentials, install a backdoor (a backdoor is a type of malware that will give them full access to your computer) to access your computer, or do pretty much whatever else they want. Do. Not. Click. Delete!
According to BBB, these scams frequently pop up after major shopping events, like the holidays or Amazon Prime Day.
How can you avoid falling for a phish, hook, line, and sinker?
- Do not click on links or download attachments from unknown emails. These may be a scam, and they will try to download malware onto your computer and/or steal your personal information.
- Got an unsolicited email? Do not take it at face value. Scammers frequently send out mass emails that include little personal information. If the email does not address you by name or include any other identifying personal information, be cautious.
- Links can be spoofed. A link might say “kohls.com” but in reality, the link will take you to something totally different like “badsite.malware4u.com”. Not good. Before you click ANY links, hover your mouse over them so you can see the true URL (uniform resource locator) and see where the link will take you.
- Go directly to the source. I frequently get emails for my favorite shopping sites, letting me know there is a huge sale. Do I click these? Nope, because I am perhaps a wee bit paranoid. Instead of clicking the link, go directly to the source whenever possible. Type in “amazon.com” and go to your account, do not click the link in any emails that pop into your inbox.
Do you have a story about a phishing email you’d like to share? Email cyberbeckyla@ gmail.com and let me know, I might feature your phish tale in a future article.
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.
