Holiday scams: Protect yourself and loved ones this holiday season
The holiday season is a time for joy, family, and celebration—but for cybercriminals, it’s also a time of opportunity. With the rush of Thanksgiving, Christmas, and year-end festivities, scammers exploit the holiday spirit and shopping frenzy to trick unsuspecting victims.
To help you stay safe, we’ve compiled a list of common holiday scams making the rounds this season and tips to avoid them.
Fake Late Gift UPS Scam
What Happens
During the holiday shopping rush, scammers know almost everyone is receiving packages through the mail. They use a bulk phishing technique, where they send out mass amounts of malicious text messages to random numbers, and hope someone will fall prey to their efforts.
The scammers’ fraudulent notifications claim to be a well-known carrier like UPS and say a package is delayed or won’t arrive on time. Most importantly, the message includes a link to “resolve” the issue. Clicking the link leads to a spoofed site that collects personal or financial information or infects your device with malware.
Many fall victim to this attack because they are legitimately expecting a package from the carrier, but remember that these are bulk phishing attacks that caught you on an unlucky day.
What to Do
Avoid clicking links in unexpected delivery notifications. Instead, visit the official carrier website or confirmation email to track your package. If you’re unsure, contact the carrier directly.
Spoofed Emails
What Happens
Victims receive an email confirming an order or notifying them of a failed purchase. The trick? The victim never ordered anything to begin with. This immediately creates the fear that there are fraudulent purchases being made on the victim’s credit card and urges the victim to investigate.
In the email, there’s a button to cancel or learn more about the order, but in reality the link leads to a malicious or fraudulent site.
What to Do
Before opening any email, examine the sender’s email address carefully. Hover over links to check the URL before clicking. If you suspect a scam, log into your account directly through the retailer’s official website to check your order history or call the retailer through verified contact information.
Fake Sale Scams
What Happens
Scammers prey on the FOMO (fear of missing out) by sending SMS messages or creating online ads offering unbelievable deals on popular items. They target parents looking to get their children the “it” gift of the year, but typically couldn’t afford to do so and would act out of desperation and hope. However, once the payment is made, the parents never receive the gift.
What to Do
Always shop directly through trusted retailer websites. Be cautious of urgent sales that sound too good to be true. Double-check the URL to ensure you’re on a legitimate site, and never click on links in unsolicited messages.
Fake social media shops
What happens
Cybercriminals take advantage of the demand for trendy holiday gifts by setting up fake social media profiles and stores. These accounts often advertise highly sought-after items at steep discounts but either deliver counterfeit products or nothing at all. The biggest trick? If you message their account, “Customer Representatives” will respond, but they have no intention in helping you at all.
What to do
Stick to shopping on websites of well-known, reputable retailers. If you’re tempted by a deal on a social media account, see if it is verified. Then, go to the company’s website through your own search.
Fake Boss Requests
What Happens
With company gift exchanges and end-of-year bonuses coming into view, scammers target employees with emails or messages impersonating their boss or manager. These fake requests often ask for gift card purchases for “gifts” or to click on a link to receive their “bonus”. In reality, the gift cards get used by the impersonator and the link leads to a malicious site or download.
What to Do
Always verify unusual requests from colleagues or bosses through a separate communication channel, like a phone call or in-person conversation. Be especially cautious of any requests that seem urgent, unexpected, or in a different tone than your boss would typically use.
The holidays are a time to celebrate and share joy, not to fall victim to scams. By staying vigilant and adopting secure online practices, you can safeguard your personal and financial information. Remember to slow down, think twice, and verify, verify, verify.
If you are interested in helping your team spot these scams, reach out to ask about Click Armor’s newest micro-learning course about Holiday Scams.
By being cautious and aware, you can ensure your holiday season remains filled with only the best surprises—the kind wrapped in festive paper!