The FBI has issued a stark warning to Gmail and Outlook users as cybercriminals ramp up operations during the year-end shopping season - the time of year when both consumers and fraudsters are most active.

In its advisory, the FBI urged users to be wary of offers that seem “too good to be true,” noting a surge in fake discount websites, many of which are now powered by AI, allowing scammers to build near-perfect replicas of legitimate e-commerce pages.

Users are strongly advised to visit websites directly and carefully verify URLs, rather than clicking on links in messages.

However, the primary concern lies with email scams. Despite strong filters from Gmail and Outlook, many malicious emails still slip through. “Scammers and cybercriminals lure victims into clicking links and revealing personal information such as names, passwords, and bank account details,” the FBI warned. “In some cases, simply clicking a link can trigger malware downloads onto your device.”

According to a new report by cybersecurity firm VIPRE, over 90% of phishing attacks target the two dominant email platforms - Gmail and Outlook. “Cybercriminals optimize their efforts by going where the people are,” the report stated. Alarmingly, PDF files now account for 75% of all malicious attachments.

Even Apple Mail users are not immune, especially from more dangerous spear-phishing campaigns as opposed to general spam. The FBI reiterated previous alerts about account hijackings conducted via fake customer service or bank representative phone calls. These attacks often spoof phone numbers and have cost victims in the U.S. over USD 262 million this year alone.

A new form of attack involves combining fake Apple support emails with follow-up scam calls. Regardless of whether the email appears to come from Apple, Google, Meta, or Microsoft, the FBI urges users to approach such messages with “maximum skepticism” - the same mindset one should have when encountering too-good-to-be-true online deals.

Earlier this year, cybersecurity firm Kaspersky reported blocking nearly 6.4 million phishing attacks between January and October, many of which impersonated online stores, banks, and payment platforms. Notably, 48.2% of these attacks specifically targeted online shoppers.

In the first two weeks of November alone, Kaspersky detected 146,535 spam emails related to holiday discounts, including 2,572 messages referencing Singles’ Day (November 11). Many campaigns reused classic scams, impersonating platforms like Amazon, Walmart, and Alibaba, luring users into malicious websites with promises of “early bird” deals.

Olga Altukhova, a cybersecurity expert at Kaspersky, noted that cybercriminals closely follow users across digital environments - e-commerce platforms, gaming services, streaming apps, and communication tools - constantly adjusting their tactics to blend into familiar settings. She advised users to remain vigilant and practice basic cybersecurity hygiene, especially during peak online activity periods.

Du Lam