By BECKY RUTHERFORD
So everything this year is a bit of a dumpster fire and it turns out you can’t even trust that jolly old elf himself, Santa. Er… that is to say Santa is probably still legit, but if you get an unsolicited email in your inbox offering to sell you a “handwritten letter from Santa” for $19.99, don’t click the link!
The latest phishing scam is an offer for a lovely, handwritten letter from Santa, the “perfect” gift for all. The Los Angeles City Attorney’s office was the first to warn about this scam, “Don’t click on the link,” City Attorney Mike Feuer said last week. “In the best case, you’re simply out $20. In the worst case, you just shared your credit card information with potential scammers who can now use it for identity theft,” Feuer said, according to KTLA’s website.
Click the link, and you are sure to be “grinched”. Victims are taken to a website for payment. You will never receive a letter, and your credit card and personal information will likely be stolen.
Curious about this new scam, I searched my Google spam folder and found the below email:
It’s always exciting when I get a phish, though they usually end up in my spam folder (Huzzah, Google!).
A little investigation revealed some fun facts:
- The email’s “from” address is spoofed, using a customer service email for a railroad enthusiast’s website.
- Had I replied to this email, it would not have gone to that spoofed address. It would have gone to the “reply-to” address, which was a random Gmail address.
- The link that I was directed to for the purchase was an oddball website hosted in Brussels.
The best thing to do with any unsolicited email is to assume it is suspicious and delete it. Don’t reply or click the link and do not click “unsubscribe.” Clicking unsubscribe lets the sender know that your email account is active, and they can keep sending you spam, or it might even be a malicious phishing link. Your goal with any unsolicited, suspicious emails should be zero interaction.
Want your kid to get a letter from Santa? Please don’t click the link, do it the old fashioned way and send it yourself via snail mail. Have a safe and happy holiday season, and remember to keep an eye out for scams!
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.