logo_lightAlogo_lightlogo_light
  • About
  • Products
  • Pricing
  • Knowledge Base
  • Login
  • Products
  • Solutions
  • Search

Holiday scams: Security lessons for this holiday season

The holiday season is a time for joy, family, and celebration—but for cybercriminals, it’s also a time of opportunity. With the rush of Thanksgiving, Christmas, and year-end festivities, scammers exploit the holiday spirit and shopping frenzy to trick unsuspecting victims.

To help you stay safe, we’ve compiled a list of common holiday scams making the rounds this season and tips to avoid them. 

Fake Late Gift UPS Scam

What Happens

During the holiday shopping rush, scammers know almost everyone is receiving packages through the mail. They use a bulk phishing technique, where they send out mass amounts of malicious text messages to random numbers, and hope someone will fall prey to their  efforts. 

The scammers’ fraudulent notifications claim to be a well-known carrier like UPS and say a package is delayed or won’t arrive on time. Most importantly, the message includes a link to “resolve” the issue. Clicking the link leads to a spoofed site that collects personal or financial information or infects your device with malware. 

Many fall victim to this attack because they are legitimately expecting a package from the carrier, but remember that these are bulk phishing attacks that caught you on an unlucky day.  

What to Do

Avoid clicking links in unexpected delivery notifications. Instead, visit the official carrier website or confirmation email to track your package. If you’re unsure, contact the carrier directly. 

Spoofed Emails

What Happens

Victims receive an email confirming an order or notifying them of a failed purchase. The trick? The victim never ordered anything to begin with. This immediately creates the fear that there are fraudulent purchases being made on the victim’s credit card and urges the victim to investigate. 

In the email, there’s a button to cancel or learn more about the order, but in reality the link leads to a malicious or fraudulent site. 

What to Do

Before opening any email, examine the sender’s email address carefully. Hover over links to check the URL before clicking. If you suspect a scam, log into your account directly through the retailer’s official website to check your order history or call the retailer through verified contact information. 

Fake Sale Scams

What Happens

Scammers prey on the FOMO (fear of missing out) by sending SMS messages or creating online ads offering unbelievable deals on popular items. They target parents looking to get their children the “it” gift of the year, but typically couldn’t afford to do so and would act out of desperation and hope. However, once the payment is made, the parents never receive the gift. 

What to Do

Always shop directly through trusted retailer websites. Be cautious of urgent sales that sound too good to be true. Double-check the URL to ensure you’re on a legitimate site, and never click on links in unsolicited messages.

Fake social media shops

What happens

Cybercriminals take advantage of the demand for trendy holiday gifts by setting up fake social media profiles and stores. These accounts often advertise highly sought-after items at steep discounts but either deliver counterfeit products or nothing at all. The biggest trick? If you message their account, “Customer Representatives” will respond, but they have no intention in helping you at all. 

What to do

Stick to shopping on websites of well-known, reputable retailers. If you’re tempted by a deal on a social media account, see if it is verified. Then, go to the company’s website through your own search. 

Fake Boss Requests

What Happens

With company gift exchanges and end-of-year bonuses coming into view, scammers target employees with emails or messages impersonating their boss or manager. These fake requests often ask for gift card purchases for “gifts” or to click on a link to receive their “bonus”. In reality, the gift cards get used by the impersonator and the link leads to a malicious site or download. 

What to Do

Always verify unusual requests from colleagues or bosses through a separate communication channel, like a phone call or in-person conversation. Be especially cautious of any requests that seem urgent, unexpected, or in a different tone than your boss would typically use. 

The holidays are a time to celebrate and share joy, not to fall victim to scams. By staying vigilant and adopting secure online practices, you can safeguard your personal and financial information. Remember to slow down, think twice, and verify, verify, verify. 

If you are interested in helping your team spot these scams, reach out to ask about Click Armor’s newest micro-learning course about Holiday Scams.

By being cautious and aware, you can ensure your holiday season remains filled with only the best surprises—the kind wrapped in festive paper! 

 

Share this article

[vc_empty_space height=”10px”]
[elfsight_social_share_buttons id=”1″]

Recent Posts

  • 0
    Role-Based Targeted Threats: The Phishing Problem Traditional Training Can’t Solve
    June 16, 2025
  • 0
    Addressing AI opportunities and risks in your cyber security program
    March 13, 2025
  • 0
    What makes cyber security training boring
    March 3, 2025
  • 0
    A Canadian cybersecurity company’s lessons on training
    February 20, 2025
  • 0
    Cyber security training for executives: Why and how
    February 6, 2025
Share
0
[vc_empty_space height="40px"] [vc_row][vc_column width="1/2"][vc_column_text css=""]

Subscribe to our newsletter

Stay up-to-date with the latest news, promotions, and offers from Click Armor.
Follow us on Linkedin

You can unsubscribe at any time

[/vc_column_text][/vc_column][vc_column width="1/2"][vc_column_text css=""][vc_empty_space height="10px"]Subscribe [/vc_column_text][/vc_column][/vc_row]

Click Armor helps business managers battling cyber and compliance risks by using gamified simulations and challenges to engage end-users to avoid breaches and build a strong security culture.

[vc_empty_space height=”0px”]

[elfsight_social_icons id=”4″]

Recent Articles

  • Role-Based Targeted Threats: The Phishing Problem Traditional Training Can’t Solve June 16, 2025
  • Addressing AI opportunities and risks in your cyber security program March 13, 2025

Resources

[vc_row][vc_column width=”1/2″][vc_column_text css=””]
News & Insights
Partner and MSP Program
Gamified Learning
About Click Armor
Our Team
Careers
Pricing
[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_column_text css=””]

Take Assessment
Can I be phished?
Community Forum
Contact

Student Login

[/vc_column_text][/vc_column][/vc_row]

© Copyright All Rights Reserved • Click Armor Corp. | Privacy policy • Terms of use