Hackers and scammers know that email inboxes are frequently flooded with many kinds of messages. In November and December in particular, attackers recognize email users are likely to see an influx of order confirmations, shipping notifications, special offers and charitable requests.
They take advantage of this increased traffic and pattern their malicious messages after legitimate emails, which makes it easier to trick recipients. They may use name brands and logos like Amazon, Apple, PayPal and FedEx to make things look legitimate.
These people with malicious intent capitalize on human emotions like excitement, fear, empathy and curiosity to trick email recipients into clicking malicious web links, revealing sensitive information or downloading dangerous attachments. Attacks like these commonly give cybercriminals access to payment card information, account login credentials and other sensitive pieces of data.
Cybercriminals often try to cash in on tragic events by creating fake donation websites and sending fraudulent messages that ask for donations.
However, don’t let the risk of charity scams discourage someone from lending a helping hand. Right now, the employee giving campaign is running. It is a well-recognized and legitimate event helping the community. United Way campaign emails will be from epledge@uwmidlands.org, and it will have a legitimate URL link customized for employees to fill out their digital pledge form.
Before interacting with a message that prompts someone to click a link to a website, download a file or log into an account, review it thoroughly.
If unsure whether a message is safe, it’s always better to err on the side of caution. Logos, from addresses and signatures are not proof of legitimacy; look deeper for confirmation.
Here are some tips and questions to ask about emails:
- Do I definitely know where this message came from?
- Does this message look — and sound — odd compared to others I’ve gotten from this sender in the past?
- Is this message confusing or does it mention an account or purchase that is unfamiliar to me?
- Is this message urging me to act quickly or trying to frighten me by mentioning problems with an account, purchase or shipment?
- When I hover over the from address and web links, do I see something unexpected or something that seems suspicious?
- Only deal directly with known, established charitable organizations and their websites.
- Use caution when clicking on donation links in messages. Instead of clicking a link, type a trusted web address into your browser.
- Use official sources to help you identify legitimate charities and aid programs.
The best way to avoid falling for online imposters is to restrict online interactions to known, trusted websites and non-profit organizations, preferably those with past personal experience. If deciding to stray from the beaten path, be sure to do research. Ask for a friends’ recommendations (online reviews can be faked) and shop only on sites that offer secure, authenticated checkout.