By REBECCA RUTHERFORD
Los Alamos 

I am proud to say that according to my Gmail inbox I have won approximately 300 free Yeti coolers, Le Creuset pots from Kohls, and other great giveaways … over and over … the spam in my inbox won’t stop!

If you have an email account, you have probably also seen these fake giveaway emails in your inbox.  And you might also find yourself wondering, why???

I see so many of these fake giveaways in my Gmail inbox from senders claiming to be Kohls, Dick’s Sporting Goods, Costco and many more. Each email claims I have won a yeti cooler, gift cards, etc. and that this is their second time trying to contact me, etc.

These are obviously scams, one has to wonder why they are so persistent.

Courtesy image

Whoever it claims to be from, the scam is always the same, click a link and take a survey to claim your prize. When you click the link, you’ll go through some survey prompts and likely be asked to enter your credit card info to cover the cost of shipping your free item. Of course the free item will never come.  These are all variations on the same phishing scam, trying to get your personal and financial information with an enticing bait. Usually garbage like this gets filtered out by spam filters, but this latest campaign is remarkably good at evading these filters. These attacks also tend to ramp up around the holiday season. 

So how are scammers getting through email protections? According to a report by the security research company, Akamai these grinches have deployed all manner of technical tricks to get through Santa’s defenses. Some activity observed has included routing traffic through legitimate services, like Amazon Web Services, which hosts the URL for many of these phishing landing sites.

These bad actors have also been identifying and blocking the IP addresses of known scam and spam detection tools, which also helps them bypass those tools. They’ve also been using “fragment identifiers” in a novel way, which can help them to hide the actual website the URL link is taking you to, redirecting you to a malicious one. All of this means that more of these scams are able to make it to inboxes, making it more likely the scam will be a success.

Google is aware of this very successful scam, and is working on ways to keep it out of our inboxes in the future. Google does currently block about 15 billion scam emails per day, which is pretty amazing. 

That said, just be aware some scams are still able to make it to your inbox, and keep in mind that if an offer looks too good to be true, it is!

The usual tips to avoid phishing scams still apply:

• Check the sender’s email address and address the link goes to. You can usually do this by hovering with your mouse over the address, just be careful not to click.
• Never give out personal or financial information, especially your password.
• If something is unexpected, ask yourself if something seems off with the offer. Chances are it does, and it’s a scam.
• Don’t reply to or otherwise engage with the suspect emails, just delete or report to your email provider as spam.

Christmas is a great time for seeing friends and family, drinking eggnog, and not falling for scams! Stay aware, be safe and have a great holiday season.