Tis' the Season to be Hacked

IT security defenses are being regularly tested. Hackers want data very badly so they can sell it to criminals on the dark web. They also want to encrypt your data so they can collect huge cryptocurrency ransoms. And not a day goes by when hackers are not searching for ways to divert wire transfers to fraudulent bank accounts. The motivation is big money, coupled with a miniscule risk of ever getting caught.

The holidays are particularly lucrative for cybercriminals because people often let their guard down. Hackers will tempt you with offers that are too good to be true, hoping you will open the attachment, click the link, or enter your credentials so they can cash in. Phishing schemes don’t just target emails; they use text messages, too.  

Don’t fall for it! Here are a few tips to thwart holiday phishing schemes at work and at home.

Common Schemes

Beware of:

  • An attachment to claim a prize for a sweepstakes you did not enter
  • Order or shipping confirmations that provide attachments or links to view or track items you did not order – even if they look credible


  • Communications inviting you to rate the U.S. Postal Service or another company by clicking a link
  • Messages that instruct you to reset your password or account information by clicking on a link

If you receive any of these communications, ask yourself these questions BEFORE YOU ACT:

  • How could I win a contest I never entered?
  • Why would I receive notification of a personal purchase on my work email?
  • Would someone attempting to surprise me with a gift risk spoiling the surprise by using my email address for order or shipping confirmation?

    NOTE: Although some delivery companies request a recipient’s email or phone number, confirmation of receipt is triggered after delivery, so you know who to thank.

  • When was the last time I received an email prompting me to reset a password that I did not initiate?

How to Check Credibility

Never assume it is safe to open an attachment or click through a link provided in ANY communication, even if the request appears legitimate. It could infect your computer or mobile device with malware before you realize it. 

When in doubt about the credibility of a message, it’s best to contact the alleged sender using a verified phone number. NEVER trust the contact information provided in an unsolicited communication; it could lead you to a bad actor who is prepared to continue the ruse.

In emails, hover your mouse over the hyperlink to see where it routes you BEFORE clicking the link. Compare that URL to the one you get when you perform a web search for the organization. If they don’t match, the message is fake.

Schemes Targeting Homebuyers

If you are involved in a real estate closing transaction, it’s important to know that CHANGES TO WIRING INSTRUCTIONS ARE EXTREMELY RARE – even if they appear to come from a trusted source, like your title company.

How to Prevent Wire Fraud

If you would like to share our drill with others, you can download our Wire Fraud Prevention Plan Flyer here.

Educating yourself about the latest phishing schemes helps protect your funds and keep your holidays merry and bright. For more information about these and other holiday crimes, visit the Federal Bureau of Investigation’s Common Scams and Crimes page.