The GCHQ’s National Cyber Security Centre (NCSC) has issued a warning to online shoppers to be aware of scams ahead of Mother’s Day this weekend. While it gave no specific details of particular scams to look out for, research shows that 91% of cyber attacks start with a phishing email.
Nic Sarginson, Principal Solutions Engineer, Yubico, has offered the following tips on protecting yourself and your loved ones from these Mother’s Day scams:
5 Things to Look For Before Clicking on a Mother’s Day offer
- The Sender: Always treat an email with suspicion, especially if you don’t know the sender. Even if you do know the person or the brand, always double check the actual email address, as often, phishing emails contain just a slight variation in the address or show you a name you recognise.
- The Subject: While something like, ‘Claim your Mother’s Day gift now!,’ can be an obvious sign of a phishing email, the far more successful subject lines are those that don’t raise any suspicion at all. Thoughtful or funny Mother’s Day subject lines can all be ploys to weaken the email recipient’s defences through seemingly ordinary alerts.
- The Body: The body of the email can hold a whole new set of clues, including misspelled words and confusing context. For example, does the email promise a luxury offer but has nothing in it other than a short URL? Does the content make sense based on the context of this year’s locked down Mother’s Day?
- The Attachments: Golden rule #1 is – do NOT open any “Mother’s Day”-related attachments until you verify that the purported sender meant to send them, especially if any other aspect of the email seems suspicious. Attachments often carry malware and can infect your entire machine.
- The links: Golden rule #2 – do NOT click on a link if anything else about the email seems suspicious. This is usually the attacker’s ultimate goal in a phishing scam — to lure you to a malicious site and trick you into entering login credentials or personal information, or worse, your mum’s – allowing the attacker full account access.