Close-up of evergreen tree branches strung with white lights.
The end-of-year season typically prompts a surge of phishing attacks and other online scams. Learn what to look out for.
Monday, December 6, 2021 - 10:03am

Not every holiday tradition brings comfort and joy. The busy, end-of-year season typically prompts a surge of phishing attempts and other online scams.

The University of Iowa has already seen the work of digital Grinches this year. Phishing-related account breaches were up 266% for November versus June.

Keep your guard up as you plan holiday travels, shop for gifts, and complete year-end projects. Look out for the following tactics.

Gift-card requests

Scammers send emails that appear to be from your boss or someone else you know asking you to purchase and relay gift cards. Treat any gift-card request as suspicious, even if it uses a name or email address you know.

Shipping-status messages

Crooks email you about a purchase you’ve supposedly made, advising you to click a link and check order status. These links often lead to bogus login pages designed to capture your passwords.

Such messages can be especially alarming when they reference purchases you haven’t made. Don’t rush to react—odds are you’re being scammed.

If the message claims to come from a site you really use (e.g., Amazon, Walmart, or other big retailers) don’t click the link. Instead, go directly to the site, log in, and check your orders that way.

COVID-19 alerts

Scammers use crisis to create a sense of urgency and play to our fears. Don’t overreact to emails, texts, or phone calls that reference COVID or other crises.

The stronger the whiff of panic in a message, the more likely it’s a scam. Stay calm and careful, avoiding suspicious links and dubious files.

Tax-document communications

The advent of tax season offers another opportunity for crooks. Be wary of any tax- or payroll-related information that arrives via email, especially if it urges you to click a link or open an attachment.

Instead of clicking a link that purports to come from the university, another employer, your bank, etc., go directly to UI Employee Self Service or a similar portal to complete your business.

The university doesn’t email out tax documents, so don’t open anything masquerading as a W2. Legitimate organizations send tax documents via U.S. Mail or make them available through secure online portals.

You can avoid scams

Crooks keep using these tactics because they work. Some of your fellow staff, students, and faculty recently have fallen for all the scams described above.

Fortunately, you can beat the scammers simply by staying alert and trusting your instincts. When in doubt about a message, delete it, ignore it, or report it. You can email about suspicious messages or get complete reporting instructions.

And if you do happen to get scammed, don’t hesitate to ask for help. Contact the ITS Help Desk with any concerns.