Blog

Since 2010, AppRiver's security research team has noticed a spike in spam and malware traffic the Tuesday and Wednesday before Thanksgiving--often in the tens of millions. The messages, such as the ones below, are almost always related to the holiday season, trying to trick consumers into opening their "enticing offers" on the latest Christmas deals and steals.

However, instead of signing up for a Christmas tree delivery or sending a cute gift from Santa, the Grinch is actually out to steal Christmas. According to Jonathan French, a security analyst at AppRiver, "Sometimes, cybercriminals look to get personal information and credit card information that they can exploit. Other times, it's spammers using photos of legitimate products/services to trick users in to going to a fake website, that either is infected for malware or is phishing for those credit card numbers."

So why the spike the Wednesday before Thanksgiving? Email traffic is already on the rise with Black Friday and Cyber Monday deals, so it only makes sense that cybercriminals follow suit and try to imitate these legitimate emails. French adds, "The cybercriminals aren't trying to stump consumers with Christmas spam and malware in July. They're sending these messages at a time when every store in America is also sending holiday discounts to their customers. That makes it a lot harder for consumers to weed out the good emails from the bad."

It's not impossible, however. French offers these tips to consumers:

If the message sounds too good to be true, or if it looks fake, it probably is. Just junk it. Or if you're an AppRiver customer, send it to spam@appriver.com. A consumer should ask herself if she's ever received an email from that particular store before. If she's never signed up for an email list or shopped there, she should be wary of how it got into her inbox. A common email campaign we see this time of year involves "shipping confirmations" from UPS, FedEx, and USPS that must be opened via a .zip attachment. DO NOT OPEN THIS ATTACHMENT. Big postal and package delivery services will never send you a shipping confirmation in a .zip attachment. They will send it in the body of an email, or ask you to login to your account to view it. Toggle over all of the URL links within the email. If Amazon sends you a Black Friday sale alert and there's a link to a gadget, take two seconds to hold your mouse over the link before clicking. If it shows amazon.com or smile.amazon.com, feel free to click on it. If it shows akljfaasedaf.com, Amazon didn't send you that email. Don't click on it. Use good judgement. It can be easy to get wrapped up in all of the merriment and excitement of Christmas shopping. Don't let that put blinders on you when you're being prompted to enter your credit card number or open email attachments from an email prompt.