Republished on December 20 with a new warning for iPhone users about an email attack mimicking Apple's branding and style, including how you can detect the scam.

'Tis the season to be worried -- at least when it comes to the alarming rise in attacks targeting Gmail, Outlook, Apple Mail and other email users. So, little surprise that the FBI has launched a new campaign warning email users how to stay safe. The only trickster you should see this holiday season, the bureau says, is the Naughty Elf.

"Scammers," the FBI warns, "often offer too-good-to-be-true deals via phishing emails or ads. Such schemes may offer brand-name merchandise at extremely low prices, offer gift cards as an incentive, or offer products at a great price, but the product you receive is different than ordered."

Their advice drills down to three key things to check for with every unsolicited email that arrives in your inbox before you click your way into trouble: Check the sender's email address; check any URL before you click or certainly before you engage; and check the spelling and grammar of the email itself, as well as the URL.

We have seen a surge in phishing and fraudulent web domains this holiday season, with all threats on the rise. Aided by AI, it's now easier for attackers to create compelling emails and websites, mimicking logos and other product imagery, even polishing their copy to make it more convincing and compelling with less mistakes.

The best advice remains to ignore marketing emails -- especially when holiday season research suggests most of these are now either scams, fraud or worse. If you see an offer you like, navigate through to it by accessing the website directly or using a search engine. Albeit you also need to watch for SEO poisoning. It has become a more dangerous online world than ever, and you really do need to be careful.

All that said, the FBI's phishing attack advice hasn't changed:

Google's Gmail team has just issued its own advice, warning that "since mid-November, we've seen a massive surge in email traffic compared to previous months, making protecting inboxes an even greater challenge than normal." The team says it "blocks more than 99.9% of spam, phishing and malware in Gmail" for the platform's more than 2.5 billion users. While security has improved, the company has issued its own advice for users:

With perfect timing, one such email attack made headlines of its own yesterday, with the Daily Dot reporting that "a tech expert is warning his followers to be on the lookout for the latest Apple email scam." Initially posted on TikTok, Scott Polderman warns other users that "the reason this is working so good for hackers is because they catch you unexpectedly. And, unfortunately, it's really working well with those who are less tech-savvy." That last point is critical -- while those reading this article might be savvy to such attacks, in reality most users are not and remain vulnerable.

In his TikTok video, Polderman shows an email purporting to come from Apple with instructions as to how to keep your account. safe and secure. The format of the email closely resembles an Apple original, and it seems the kind of email users might receive to check their settings. The email even includes details as to how you might set up a legacy contact after death, such that someone will then be given access to your account. Polderman notes that even the fine print at the foot of the email "is basically verbatim what you would see on the Apple website."

But just as the FBI advises, checking the actual email sender quickly outs the scam. "This shows me it is not from Apple.com." This is always the first thing to check. Click on the name that is likely all you'll see in your email app and which is easy to mimic. But the underlying full email address is the tell.

Scammers are clever and will come up with a form of words that could be an email address from a genuine business, but it will be complex and will not come from the genuine domain. While it's possible to mimic even this, it's usually not done. Most of the mass of phishing attacks can be detected with this simple check. Never treat any email as genuine until you've done at least that.

But beware -- while this is an easy phishing tell, more sophisticated attacks find ways around this. That even includes hijacking real email addresses, such that emails are sent from actual addresses making the scam much harder to detect. But if the email purports to come from a global brand like Apple or Microsoft or Meta, then their basic email domain will not have been hijacked.

I did a spot check of the last 25 phishing emails I had received, and all fell foul of this test, albeit the copy and imagery are now very difficult to detect per the FBI's AI warning. Scammers are getting better at tricking email users, that much is as clear as the Apple logo and typography in Polderman's video. And AI is critical to making everything look and feel more real. You can't take any single test for sure. And so the advice not to click links or open attachments in any of your emails remains.

All that said, the FBI's simplest message is still its best: "If it looks like it's too good to be true, that's because it is."