Updated on Dec. 2 with a new Apple Mail warning to add into the mix, and additional advice from the FBI on avoiding malicious scams this holiday season.
Just days after the FBI warned your financial accounts are now at risk from hackers, with $262 million already stolen this year, there’s a new alert from the bureau. You may escape an account takeover, but this new threat is more likely to get you.
This is already a record holiday shopping season. Not just for retailers and shoppers, but also for criminals. “As you shop this holiday season,” the FBI warns, “beware of deals that seem too good to be true! Scammers are out in full force.”
Advice includes to avoid buying from any website that you can’t absolutely verify is legitimate. The surge in AI-fueled attacks makes fake sites impossible to tell apart from the real ones. You need to access websites directly and check the URL.
But the FBI’s first warning is aimed at email users. While Gmail and Outlook both filter threats and spam, plenty of dangerous messages still get through. And so you need to be very careful, especially at this time of year as you bargain hunt through Black Friday, Cyber Monday and into the end of year holiday season itself.
“Do not click,” the FBI warns email users. That means not just on attachments, but on links as well. “Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number. In some cases, you may unknowingly download malware to your device.”
While all email platforms are at risk, VIPRE’s most recent threat report warns that more than 90% of all the phishing attacks it detected were targeting either Gmail or Outlook. “This indicates that attackers are prioritizing access to the two largest business and personal email ecosystems and hoping to save time in the process.”
It’s too easy for criminals to exploit this time of year. We are all hoping to find deals that are “too good to be true.” The FBI says that’s because those deals are too good to be true. When you find them, avoid them. Otherwise you’ll get stung.
Never shop using an email link. If you like the deal, access the website directly. If the deal is real, you’ll find it. And never click on attachments you’re not expecting or where you can’t verify the sender. This is especially true with PDFs, which now account for “three out of four of all malicious attachments.”
While most malicious emails target Gmail and Outlook per VIPRE’s report, Apple Mail users are far from immune. And while scattergun phishing emails will swamp all else by volume, it’s the highly targeted ones that present the greatest danger.
The FBI issued a recent warning to citizens to beware account takeovers that come at them by way of incoming phone calls. Often spoofing real numbers, the callers pretend to be from banks or support desks or even law enforcement. These attacks have already netted cyber criminals $260 million this year alone.
Email usually plays a key role in such attacks, and a new headline scam wraps Apple support emails and calls into a single attack. Even if emails seem to come from Apple (or Google or Meta or Microsoft), you must treat it with the same suspicion as you would a discount offer under a major retail brand with a link.
“Be suspicious of unknown ‘banking’ or ‘company’ employees who call you,” the FBI warns. “Don’t trust caller ID. Hang up, verify the correct number, and call it yourself.”