Skip to Content
holiday phishing scams
© Antonio Guillem |
Security & privacy

Why you keep getting fake emails from Dick’s, Delta and Costco

Phishing emails are a common way for crooks to steal your details or infect your device with malware. Some malicious emails pretend to be from a prominent company or government agency and encourage you to click on a link.

But the link often takes you to a spoofed website where you are expected to enter personal information. Phishing emails have been around forever, and there are no signs of these schemes slowing down.

That leads us to the latest ruse. Thieves are sending emails claiming to be from Dick’s Sporting Goods, Delta Airlines or Costco. But beware. If you get one, there’s a chance it’s part of an elaborate scheme. Read on for details and ways to avoid falling victim.

Here’s the backstory

You need to keep your guard up during the holidays. Scammers are out in full force, looking to find victims to line their pockets, and this year is no different.

Cloud security company Akamai says holiday phishing scams have spiked since September. Thieves are using a sophisticated kit with techniques to bypass email security features. And the malicious packages are made even more dangerous as it uses a token-based system to send victims to a unique phishing webpage.

The emails entice you to click on the link offering holiday specials from companies such as Dick’s Sporting Goods, Delta Airlines or Costco. The email often claims you will receive a reward just for clicking the link.

Akamai explains in a blog post that the thieves use social engineering to find information about you before sending the phishing email. They also take advantage of your holiday spirit and promise rewards for entering your personal information.

How to avoid holiday phishing scams

Crooks behind these phishing emails are using clever techniques to fool victims. Malicious links in the emails are hidden with URL shorteners, making it challenging for email providers to catch them as spam.

If you hover your cursor over the link, you’ll only see the shortened URL, which disguises the fact it’s a fake. That’s why it’s critical always to be cautious with unsolicited emails. You might just be dealing with a scammer.

Here are some safety precautions to take to avoid these types of phishing scams:

  • Avoid the spam folder — Never open an email in your spam folder. Not only do you run the risk of malware being installed on your device, but it can tell the scammer that your email address is active. This will only lead to more spam.
  • Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
  • Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
  • Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information.
  • Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

Watch out for this clever LinkedIn phishing attack

New report: Half of every phishing attempt worldwide impersonates this brand

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook