The holidays are about joy, connection, and giving—but it's prime hunting season for cybercriminals.
While you're finding gifts for loved ones, scammers are crafting fake emails, bogus websites, and malicious links to steal your personal information. From phishing schemes to malware traps, their tactics are designed to catch you off guard.
Cyber scams surge during Black Friday and holiday shopping, with nearly half of online shoppers falling victim each year.
'Tis the season to be vigilant, so read on as this guide explains the 12 biggest holiday scams and how to stay one step ahead of cybercriminals so you can focus on what matters this season.
12 Holiday Cyber Scams to Avoid
When it comes to cyber scams, fraudsters will use many different tactics to try and trick you into handing over your information. Below are 12 of the most common scams:
1. Phishing scams
Phishing scams are one of the most popular scams making the rounds. While legitimate companies do send customers last-minute emails promoting their products, a cybercriminal will send you emails advertising fake products at bargain prices to trick you into clicking on a link to a phishing website.
Scammers can also try to trick you into opening malicious email attachments to infect your device with malware so that they can steal your personal information.
2. Fake Social Media Promotions
Many consumers like to shop for bargains on social media, and fraudsters know this. They routinely set up fake online account pages and promote goods with prices below market value to lure shoppers into purchasing.
Once the victim hands over the payment details, the owner of the fake store can steal them to make purchases elsewhere. These attacks are widespread, with 38.3% of scam reports in 2020 related to online purchase scams.
3. Fake Shipping Notification Scams
One common type of social engineering scam cybercriminals use is a fake shipping notification scam. In this scam, the attacker will send you an email or SMS message from a shipping provider like USPS, UPS, FedEx, or DHL.
The message will prompt you to "schedule the delivery" of your parcel and provide you with a link to a phishing website. The website attempts to infect your device with malware and hijack your personal information.
4. Charity/Disaster Relief Scams
Hackers attempt to exploit kindness by creating charity and disaster relief scams as consumers look to support those in need over the holidays. Fraudsters will invite consumers to make donations to causes or individuals on social media but instead steal their money and personal information.
5. Fake Websites
Fake or phishing websites are another top threat to consumers. Cybercriminals often create 'eCommerce' websites optimized for search engines and offer goods at competitive prices to entice consumers into purchasing.
When the victim hands over their payment details, the hackers record them and use them to commit identity fraud and fraudulent purchases later.
6. Gift Card Scams
During the holiday season, when gift card use is rampant, attackers may send their victims emails claiming they've won a gift card or received it as a gift. But to claim it, they'll say you must give your personal information or pay a shipping fee first.
If you receive a message like this, remember that legitimate companies will not ask you for payment to receive a gift card.
7. Travel Scams
Holiday cyber scams don't only affect online shopping. Attackers are also deploying their malicious intentions to those arranging holiday travel plans.
They usually offer fake travel deals, vacation packages, or discounted accommodations. You'll get these offers in phishing emails, but some may lead you to a phony travel website to make their offers look legitimate.
8. E-card Scams
During the holidays, it's common practice to send electronic greeting cards. However, be wary of these, as attackers have begun taking advantage of this age-old holiday tradition. They may send fake e-cards with phishing or malware links.
If you receive any electronic greeting cards this season, verify the sender and avoid clicking on links and downloading attachments.
9. Wi-Fi Network Spoofing
Attackers can set up rogue Wi-Fi networks in public places like malls and airports, which can get crowded during the holidays. Once a user connects to them, hackers may be able to intercept sensitive information.
Avoid using public Wi-Fi during the holidays, especially when conducting transactions online.
10. Tech Support Scams
Tech support scams are becoming more prevalent during the holiday season. An attacker will send you an email or call you on your mobile device to carry it out. They'll pose as tech support representatives from reputable companies and inform you about issues with your device.
However, to help you resolve the issue, they'll request that you provide them remote access to your computer. Some might even ask for payment for the service.
Remember that a legitimate tech support company will not contact their customers unsolicited.
11. Package Theft Scams
The holiday shopping spree is a peak period for receiving parcels in your homes or offices. Attackers are taking advantage of this with package theft scams.
They'll pose as a delivery service and notify you that a package you ordered failed a delivery attempt. To reschedule, they'll ask for your personal information or ask you to visit a link.
If you receive a message like this, verify it with the courier company and avoid clicking on links provided in the email.
12. Job Offer Scams
December is a high season for job seekers. Scammers are exploiting this by offering fake job opportunities. They pretend to be recruiters, requesting personal information or sometimes even payment for training materials.
If you receive a job offer during this season, verify its legitimacy by contacting the company through their official channels.
BONUS: Rising Cyber Threats
As the year comes to an end, let's examine the new types of cyber threats. The following attacks aren't all holiday-focused, but they have the potential to cause severe damage.
Google Street View Extortion Emails
This is a screenshot of a document attached by a scammer. To protect the recipient's confidentiality, we have redacted the name and address and replaced the original house photo with a stock image.
While this method has been around for a long time, the level of personalization seen recently has made this attack particularly terrifying. The email will claim to have hacked the recipient, saying they have compromising webcam videos and that they will send it to everyone on their contact list.
The kicker is that they will use breach data to tailor the email. For example, a recent case included a Google Street View image of the victim's home.
Hybrid vishing
In this version of vishing, the victim receives an email stating they've been charged for a subscription renewal, often for an anti-virus solution. The email will include a phone number prominently displayed to "cancel."
When victims call, scammers use advanced social engineering tactics to gain remote access to the person's computer. This scam has been around for a few years but seems to gain popularity in the Holiday season.
Subscription bombing
Another twist on a long-standing scam, hackers will gain access to a person's financial account via dark web lists or brute force methods. The next step is to transfer money to another account, but this part usually tips off the victim with alert emails from the bank.
Hackers have started signing their victims to thousands of newsletter subscriptions, flooding their inboxes with confirmation messages, and camouflaging the bank alert emails.
These evolving cyberattack trends highlight the increasing sophistication of threat actors and their relentless efforts to exploit human vulnerabilities and technological gaps. Remaining vigilant, fostering cybersecurity awareness, and adopting robust security measures are critical for individuals and organizations to defend against these threats in the year ahead.
Celebrate Safely: Stay Ahead of Holiday Cyber Threats
As a general rule of thumb, you should trust your gut. If something seems too good to be true, it probably is. So, if you see someone selling products on social media at below-market-value prices, it's best to move along, as there's a strong chance they're trying to scam you.
Strengthen your defenses and enhance your cybersecurity awareness this holiday season by exploring Fortra's Terranova Security CyberHub.
Stay vigilant, learn how to protect yourself, and have a happy and peaceful holiday season.