By Eric Payne, Sr. Security Analyst

Not sure about you, but I think on-line shopping is the way to go: great deals without the hustle and bustle of holiday traffic and crowds. According to Kaspersky Labs annual review of holiday phishing, U.S. consumers need to be cautious. Whether you prefer on-line or in-store shopping, retailers like to communicate via email to convince us they have the best deals for what’s on our lists.  Cyber criminals are aware of this popular advertising platform and they take full advantage of it These emails are an attempt to get you to click on something you shouldn’t, potentially giving criminals access to your personal or financial information. The scams are getting more sophisticated and have become harder to tell from the real thing.

While our blog is directed to a pretty security-savvy audience, I thought I would put together some holiday shopping tips that you can pass on to colleagues, friends, and family this season to help keep them safe as they search for their next great bargain. Below are four tips to help keep you cyber safe this holiday season:

Think before you click. First and foremost, stop and take time to examine emails before you do anything. A quick glance at an email’s content might be all you need to spot a fraud. The old saying, “if it’s too good to be, true it probably is,” is good advice.  If you question any of the information in the email, investigate by reviewing the retailer’s website or taking the time to call and validate the promotion.

Watch for red flags. The great thing about phishing emails is that they typically have red flags that are dead giveaways they’re not real. Attackers are normally less concerned about spelling and grammar than retailer marketing departments would be. Another giveaway is when URL links and email address domains don’t match the retailer it claims to be coming from.  Also watch out for emails that communicate a high sense of urgency, very limited time offers, or risk of losing an award if you don’t act immediately.

It should be personal. Emails are typically to and from someone specific. Not being addressed by name in an email is a warning sign. Most emails are also concluded with a full email signature, which is often missing from phishing emails. But that’s as personal as it should get. Watch out for emails asking you to provide personal information.  Legitimate companies are unlikely to ask for personal or financial information through email.

Delete, delete, delete. If anything seems off in the email, don’t take any chances: use the delete key.  Also be cautious of the unsubscribe link, as it could be another disguised link that executes malware. The possibility of saving a few dollars on your holiday shopping isn’t worth the damage that clicking on a phishing email could cause.  The potential damage to yourself or your employer calls for caution.

Link here to checkout other great advice from KnowBe4 to help you stay safe this holiday season. We wish you a happy holiday season, and as you set out to start knocking items off your holiday shopping list, stay safe and watch out for phishing email scams.