Skip to Main Content

Boise State Cybersecurity Department

Holiday present inside a bear trap.It’s the Most Wonderful Time of the Year

Especially for internet scammers. Cyber criminals take advantage of the holiday season to target online shoppers with a plethora of scams that advertise deals that are too good to be true (and it’s because they are.) There’s one thing all attackers have in common and that is the desire to steal your personal information. Online, criminals often use a “phishing” scam to acquire sensitive passwords, banking, and identity information.

What Is Phishing?

“Phishing” refers to an attack that uses email or a messaging service that tricks or fools you into taking an action, such as clicking on a link or opening an attachment. Attackers work hard to make their phishing emails convincing. For example, they will make their email look like it came from someone or something you know, such as a friend or a trusted company you frequently use. They will even add logos of your bank or forge the email address so the message appears more legitimate.

How to Recognize Phishy Emails

Having you sensitive information taken can be frightening. Fortunately, there are ways to identify false emails.

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks.
  • Avoid opening links and attachments. Even if you know the sender, don’t click on links that could direct you to a bad website. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender’s e-mail address to make sure it’s legitimate. Official organizations shouldn’t be sending emails from personal addresses such as,, or If in doubt, just delete the message.

Be conscious of the links you click on and don’t input passwords or other important information into websites you don’t know.

Identity Theft

Identity theft can be extremely damaging to its victims. Even if you protect yourself online there are precautions you should take in real life to avoid anyone getting your information as well.

  • Read your monthly statements carefully. Review bank, credit card, and pay statements, as well as other important personal accounts (e.g., health care, social security). If a statement has mistakes, charges you don’t recognize, or doesn’t arrive when expected, contact the business.
  • Shred outdated documents. Make sure you shred any documents that show sensitive financial or medical information before you throw them away.
  • Be careful when sharing personal info: Avoid texts or phone messages that ask for personal information such as your Social Security number, password, or account number. Legitimate companies don’t ask for information in this way.
  • Keep personal information private. Limit what you share on social media. For instance, don’t share your vacation pictures publicly until you return home (so thieves don’t target your empty home).

As we move into this holiday season keep these tips in mind to make sure you stay safe and secure.

 Information provided via SANS and US-CERT

SANS Institute Newsbites

Mixed logo stay safe