Have you planned a compact holiday for the upcoming Easters? A family reunion to build closer connection, a lot of gifts for families and friends to appreciate their company and love, or a trip for somewhere picturesque would all be great.

Of course you might resort to some platforms for service, but be aware of potential holiday scams and cyber campaigns. During the past two years, US-CERT (United States Computer Emergency Readiness Team) has been reminding users to stay alert of phishing campaign during the Easters.

What does a holiday phishing scam look like?

Holiday phishing scams can appear in various scenarios, such as online shopping, holiday traveling, offering help to charity cause, etc.

Let’s take Amazon scam as an example, and you will see what phishing scam look like in the name of the Easters.

Before and during the Easters, you will probably plan to buy some gifts for family members or friends.

Situation I:

You receive an email from Amazon.com with a recommended commodity list as gifts, and more often than not, offering dramatically high discounts.

However, by clicking the links attached to the email, you will be led to a fake website that looks almost the same as the real Amazon.com.

Accordingly, after the purchase, you will not receive any goods but have your personal information (telephone, credit card number, address, etc.) leaked.

Situation II:

You receive an email from a customer service representative from Amazon.com.

It requires you to update your personal information on the Amazon website, or a recent purchase can’t be completed; or even worse, your account would be frozen and not usable for a period of time.

Different from Situation I, it will ask for more PII (person identifiable information), including your social security number, and thus claim your tax returning on your behalf.

Situation III:

You will receive an email from “Amazon.com” – as you can guess. It’s usually a fake advertisement or shipping notification, asking you to open an attachment that includes important information of your goods.

While the fact is, what hides in the attachment is malware that gives scammers access to the data and privacy in your computer. A malware is like the wooden horse in the Trojan War – delicately disguised, heavily dangerous.

How can I tell whether it’s a phishing email?

It’s fairly hard to tell with bare eyes whether it’s a phishing email. Nevertheless, what’s mentioned below is likely to give the scammers away:

  • Emails and ecards from unknown senders;
  • Product advertised at an unbelievably low price or with overly amazing benefits;
  • Immediate payment required, or payment by electronic funds transfer or a wire service required;
  • A lack of refund or returns policies posted on websites;
  • Absence of a closed padlock symbol ahead of the URL;
  • Virtual currencies required, such as bitcoin — they do not have the same protections as other transaction methods, therefore once they’re gone for now, they are gone forever.

When users become more intelligent and vigilant, the scammers have also been evolving their tricks. As a result, it’s high time that you use some help to detect more evidence for phishing scams.

Mr. Post, an add-in for your Outlook, would be a nice option. By checking the meta information hidden in the email, Mr. Post will visualize the email route, unveil the real sender and tell whether it’s legitimate or suspicious, safe or dangerous.

Empowered by state-of-the-art computer vision technology, it can recognize the fake link even under ZeroFont – something popular in dodging Microsoft’s scam filtering.

If you’d like a carefree Easter holiday or any other holidays, Mr. Post is your go-to helper against holiday phishing scams. Currently available on Microsoft AppSource.