Phishing with Santa

Evelyne Pintado
DiagnoPhish Hackers IT Security Awareness Phishing Sensibilisation à la sécurité IT
Cybersecurity Blog

With so many messages, legitimate and otherwise, arriving in our mailboxes at this time of year, it is best to keep an eye out for malicious e-mails.

Find out for yourself how well you can distinguish Santa's legitimate messages from those sent by a malicious impersonator!

Below you will find are 5 tips
and at the bottom of the page a quiz "Can you recognise Santa Claus?"

Hacker or Santa?

Christmas is around the corner. We will take advantage of Santa's shipping and messaging service to illustrate a few phishing methods commonly used by hackers.

Santa Claus sent you a message to announce that a gift is on its way.
Of course, you know that Santa Claus exists, and you are familiar with his celebrated shipping service, but you'd like to make sure that the message comes from him, not from a hacker. How can you do this?

Usually, when a hacker designs a phishing e-mail, he will take advantage of any features that allow him to go unnoticed. And there are quite a lot of them, that are used quite legitimately the rest of the time. His favourite tools are:

  • Falsified sender addresses
  • Internet links, either concealed or complex to read
  • Switched or duplicated letters in well-known domain names
  • Use of different extensions

Tips to recognise Santa

Here are 5 tips that will keep you safe from hackers and let you identify without fail any legitimate messages (and presents) Santa might send you this season.

  1. Take a look at the sender's e-mail address

    • Does it look legitimate? A legitimate-looking sender's address in itself is NEVER proof that a message is legitimate because any hacker can fake it easily.
    • Does it look fake? Then it is proof that the message is malicious.

  2. Identify the links' destinations
    Simply move your mouse over the links in an email (without clicking) to see what lies behind them.
    An internet link always points to a website - but not always to the one you might expect!
    By taking a good look at the information in the link, you can check if its destination seems to be consistent with the email's context.

  3. Look for anomalies
    A hacker will often move, duplicate or replace some letters in the name of a known site. This works well because it isnt easy to spot when speed-reading an email. Hackers know it.
    Examples: commmande.com / cooopathome.ch / gooogle.com / digltech.ch.

  4. Look at the extension!
    Hackers also frequently add an unusual extension to a well-known domain name.
    Example: shop.com and shop.co are very similar but may have entirely different owners (and purposes).

  5. If in doubt, check suspicious emails on a sufficiently large screen
    Checking a message on a mobile phone is hard work. Because of the small screen, only part of the relevant information is visible by default. Links or sender's emails are hidden. It is easy to miss important details.
    To check what's behind a link, you should long-press it (=2 seconds or more). However, if the link is long it might not display fully on the screen, which will make it difficult to check.
    And if you are unsure about an email, better wait until you can check it on a larger screen.

And now... Take the quiz!

Click here to play: Can you recognise Santa Claus?

Share this post around! You will help protect your friends and family!

The Navixia Team wishes you a safe and happy holiday season.