Brian Krebs, a respected authority on security and all-things-cybercrime, wrote a cautionary post earlier this week. “If you receive an email this holiday season asking you to ‘confirm’ an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.”

The trick with any phishing campaign is to make the message or website appear legitimate. Poorly designed scams are often easy to spot, but cybercriminals are getting much better at crafting believable fakes.

“Scammers have become incredibly good at making fraudulent emails look legitimate to the untrained eye,” agrees Craig Young, security researcher with Tripwire. “Attackers will commonly flood the web with spam mail claiming you have a package waiting to be picked up, an order awaiting confirmation, and a plethora of other emails designed to get users to click links.”