Although we’ve covered a few of the scams below in our Black Friday scams roundup, a new investigation (opens in new tab) from Check Point Research has found that many of them are still circulating online.  The holiday shopping season can be a stressful enough time as it is but becoming a victim of fraud or even identity theft can make things even worse. If you’re doing a lot of your shopping online this year, the three scams below are ones you’ll certainly want to look out for so that you can get your last minute shopping finished safely.

Direct deposit scams

Paying for all the gifts you’re buying this year can be difficult, especially when your paycheck gets deposited into the wrong account. Security researchers at Check Point have observed an influx of phishing campaigns where scammers pose as an employee and ask HR or a manager to change their direct deposit information. In these emails, the scammers ask to have their bank information or details updated before the next pay period. For most employees in the U.S., that would be on December 15 which would certainly make picking up last minute gifts and the holidays in general, a real nightmare.  There isn’t much you can do to avoid this one, as this scam comes down to the HR departments or managers targeted. However, you should keep a close eye on your inbox and make sure you don’t get any emails about your direct deposit details being changed. It might also be worth letting someone at your company know about this scam if they aren’t already aware of it.

Verification email scams

All of those holiday purchases have to get delivered by companies like UPS, FedEx and DHL, which is why scammers frequently impersonate them in their phishing emails. If you ordered a lot of items on Black Friday or Cyber Monday, your inbox is likely filled with emails from both online retailers and shipping companies. A holiday scam currently making the rounds involves scammers impersonating delivery companies asking users to confirm their email addresses. While this may seem harmless at first glance, clicking on the link in the email below takes users to a credential harvesting page. In this case, inspecting the email address closely reveals that the sender address isn’t actually from UPS. To avoid falling for this scam and others like it, always check sender addresses before responding or clicking on any in-body links in an email.

Failed delivery scams

There’s nothing worse than finding out an item you ordered online wasn’t delivered when shopping for the holidays. Scammers are well aware of this feeling which is why they use failed delivery emails in their campaigns. The email below informs a user that their package wasn’t delivered but they can click on the included link to reschedule the delivery. While the link itself is quite suspicious and comes from “rahuldubey[.]com” instead of from UPS’ official website, a panicked shopper may decide to click on it since the scammers have instilled a sense of urgency due to the fact that they may not get their package in time for the holidays. If you receive an email like this, the first thing you should do is check the site of the retailer where you ordered the item from to see if there really were problems with the delivery. This way you can easily find out if you’re dealing with a scam without putting yourself at risk by clicking on any of the links included in the email. 

How to avoid falling for holiday scams

There are quite a few steps you can take to stay clear of scams this holiday shopping season to ensure you get all of the items you order without giving up your financial or other personal information in the process. First off, you should only buy items from authentic and reliable sources. This means shopping at known retailers and avoiding following any deals sent to you via email or text message. Instead, you want to navigate directly to the retailer’s site yourself where you can look to see if a great deal is really available. At the same time, you want to be aware of the domain names of the sites where you’re shopping. Lookalike domains acquired through typosquatting may appear to be legitimate at first glance but upon closer inspection, you may see that the company’s name is misspelt or that the site is using the wrong top-level domain (.tv instead of .com for instance). The holidays are one of the busiest times of the year for scammers but if you shop carefully and keep a clear head when doing so, you can avoid being tricked into falling for a holiday scam.