All I want for Christmas is…no more phishing emails!

It’s the holiday season again, which means family gatherings, good food, and plenty of toasts. It also means a lot of online activity—buying gifts, getting promotional offers, booking deliveries—all of which mean a continuous flow of emails sent to your personal and business accounts. With so much going on, even experienced users can accidentally fall prey to one of the many “hooks” that cybercriminals are putting out there.

This presents an especially great risk for SMBs, where over $3.2 million was lost due to phishing emails in 2022 alone.

In this brief blog, we’ll list some types of emails you specifically want to be wary of around the holidays (but ultimately at all times), and shed light on how N‑able Mail Assure can help you protect your business, and your customers’ businesses, with comprehensive email phishing protection.

The screenshots you will see throughout this article are taken from actual phishing and spam emails blocked effectively by Mail Assure. Therefore, the real domains and PII have been redacted.

Holiday-themed emails

Fake Costco holiday-themed survey invite

Criminals know that people are less likely to double check links and notice dubious wordings when frantically searching for that last-minute gift. So, it is highly recommended you are extra vigilant when receiving any kind of rewards, prizes, or gifts—just like the above.

In this case, the email is an invitation to take a survey for a gift card. Keep in mind that although a survey can seem harmless compared to scams that ask for payments or log-in details, the link here was packed with information-stealing malware, which could easily lead to potential breaches and/or identity theft. Obviously, a $1000 gift card for a mere survey is unrealistic and clearly a way to lure the naivest of users, but even if we were talking about a $10 one, your information can be a much, much greater price to pay for a couple of wrong clicks.  

Shipping-themed emails

Fake DHL shipment tracking email

The holidays mean shopping (usually a lot of it). And shopping means deliveries. Because of this, when you receive an email about your shipment tracking, it may be that nothing raises a red flag at first glance. Most of the time, shipment-themed schemes involve a request for payment before the goods are delivered. Here it’s just a tracking notification.

However, after you click on “Track my shipment Now!”, you are redirected to a fake DHL landing page that asks for your credentials.

Fake DHL login form

In this case, if you were to enter your login information into this form, your credentials would be quietly collected for later use. All you’d get in return would be a blank webpage and a potentially breached business.  

End-of-year emails from HR

Whether it’s about your payroll, an annual survey, or organizing the Christmas party, there’s often an increase in emails from the HR department towards the end of the year. In general, people are more likely to fall for this type of phishing scam—certainly when compared with the fake Costco and DHL type—because they’re less diligent when it comes to “internal” emails.

Surely there’s nothing risky about opening a link from an HR memo, right? Check again.

As you can see, this phishing email is disguised as your usual letter from the HR department. Clicking the enclosed link opens a sign-in form, which is designed to steal your credentials for criminal purposes. It’s important to emphasize here that even if you’re the only person in the organization that gets tricked, multiple accounts can potentially become endangered.

All it takes is one email.

Related Product

Mail Assure

Renforcez la sécurité de la messagerie grâce à l’intelligence collective et à une intégration fluide avec Microsoft 365.

En savoir plus

Mail Assure helps you keep the Grinch (and phishing emails) away

Above you have seen just a few of the countless examples of phishing emails that are most likely to invade your inbox around the holidays. Staying safe amid all this requires some simple but necessary steps, with the golden rule being: when in doubt, do NOT click. However, you can learn more about the general anti-phishing guidelines in one of our previous articles on the subject.

Fortunately, it’s not all about your diligence. A must-have measure to ensure the protection of your business is deploying a reliable, powerful email security solution, such as Mail Assure.

Mail Assure features pattern recognition algorithms that work to identify the latest phishing and malware techniques while requiring little user configuration. However, keep in mind that it is highly customizable, so if you DO want to configure it to your liking, you can.

This threat recognition capability allows for increased security without increased cost, enabling your business to spend more time on billable tasks.

More specifically, Mail Assure helps you prevent phishing, spam, and other threats by providing:

• Protection via collective intelligence with our Intelligent Protection and Filtering Engine that incorporates data from our user base to help prevent both known and emerging threats
• Quarantine management to give users the power to view, release, remove, deny, block, or allow messages
• 24/7 email continuity and encrypted, long-term email archiving with unlimited storage for enhanced compliance
• Complex log-search functionality and email scout reports for greater visibility
• Advanced filtering statistics, such as number of spam messages filtered, viruses blocked, or total email volume
• Many other security-focused features and functionalities

As always, you don’t have to take our word for it. You can simply try Mail Assure for free right now and check it out yourself. This Christmas we say snow thanks to phishing emails… get it?  

Nicolae Tiganenco is product marketing specialist at N‑able