For most people, the holidays are a time to relax and unwind with family and friends. It’s also when consumers rush to buy gifts for their loved ones.

At this time of year, cyber criminals are innovating new scams to steal the personal information of unsuspecting consumers, from phishing emails to malware infections.

According to a report by Centum, cyber attacks increase by 40% during the holidays. Cyberseason’s latest holiday ransomware study found that organizations suffer higher revenue losses (19%) after experiencing attacks during the period.

This article will look at some of the most dangerous holiday cyber scams and outline some simple steps to protect your information from unscrupulous cyber criminals.

12 Holiday Cyber Scams to Avoid

When it comes to cyber scams, fraudsters will use many different tactics to try and trick you into handing over your information. Below are 12 of the most common scams:

1.   Phishing scams

Phishing scams are one of the most popular scams making the rounds. While legitimate companies send customers last-minute emails promoting their products, a cyber criminal will send you emails advertising fake products at bargain prices to trick you into clicking on a link to a phishing website.

Scammers can also try to trick you into opening malicious email attachments and infecting your device with malware so that they have an opportunity to steal your personal information.

2.   Fake Social Media Promotions

Many consumers like to shop for bargains on social media, and fraudsters know this. They routinely set up fake online account pages and promote goods with prices below market value to lure shoppers into purchasing.

Once the victim hands over the payment details, the owner of the fake store can steal them to make purchases elsewhere. These types of attacks are widespread, with 38.3% of scam reports in 2020 related to online purchase scams.

3.   Fake Shipping Notification Scams

One common type of social engineering scam cyber criminals use is a fake shipping notification scam. During this scam, the attacker will send you an email or SMS message from a shipping provider like USPS, UPS, FedEx, or DHL.

The message will prompt you to “schedule the delivery” of your parcel and provide you with a link that takes you to a phishing website, which attempts to infect your device with malware and hijack your personal information.

4.   Charity/Disaster Relief Scams

As consumers look to support those in need over the holidays, hackers attempt to exploit this kindness by creating charity and disaster relief scams. Fraudsters will invite consumers to make donations to causes and individuals on social media but instead, steal their money and personal information.

5.   Fake Websites

Fake or phishing websites are another top threat to consumers. Cyber criminals often create ‘eCommerce’ websites optimized for search engines and offer goods at competitive prices to mislead consumers into purchasing.

Then, the moment the victim hands over their payment details, the hackers will record them and use them to commit identity fraud and fraudulent purchases further down the road.

6. Gift Card Scams

During the holiday season, when gift card use is rampant, attackers may send their victims emails claiming they’ve won a gift card or received it as a gift. But to claim it, they’ll say you must give your personal information or pay a shipping fee first.

If you receive a message of this sort, remember that legitimate companies will not ask you for payment to receive a gift card.

7. Travel Scams

Holiday cyber scams don’t only apply to online shopping. Attackers are also deploying their malicious intentions for those arranging holiday travel plans.

They usually offer fake travel deals, vacation packages, or discounted accommodations. You’ll get these offers in phishing emails, but some may lead you to a fake travel website to make their offers look legitimate.

8. E-card Scams

During the holidays, it’s common practice for people to send electronic greeting cards. However, be wary of these as attackers have begun taking advantage of this age-old holiday tradition. They may send fake e-cards with phishing or malware links.

If you receive any electronic greeting cards this season, verify the sender and avoid clicking on links and downloading attachments.

9. Wi-Fi Network Spoofing

Attackers can set up rogue Wi-Fi networks in public places like malls and airports, which can get crowded during the holidays. Once a user connects to them, the attack may be able to intercept sensitive information.

Avoid using public Wi-Fi during the holidays, especially when conducting transactions online.

10. Tech Support Scams

Tech support scams are becoming more prevalent during the holiday season. To carry it out, an attacker will send you an email or call you on your mobile device. They’ll pose as tech support representatives from reputable companies and inform you about issues with your device.

To help you resolve the issue, however, they’ll request that you provide them with remote access to your computer. Some might even ask for payment for the service.

Remember that a legitimate tech support company will not contact their customers when they are unsolicited.

11. Package Theft Scams

The holiday shopping spree is a peak period for receiving parcels in your homes or offices. Attackers are taking advantage of this with package theft scams.

They’ll pose as a delivery service and notify you that a package you ordered failed a delivery attempt. To reschedule, they’ll ask for your personal information or ask you to visit a link.

If you receive a message like this, verify it with the courier company and avoid clicking on links provided in the email.

12. Job Offer Scams

December is a peak season for job seekers. Scammers are exploiting this by offering fake job opportunities. They’ll pretend to be a recruiter, requesting personal information or sometimes even payment for training materials.

If you receive a job offer during this season, verify its legitimacy by contacting the company in their official channels.

11 Ways to Stay Safe Online During the Holidays

With so many scammers lurking online, security awareness is the key to protecting your personal information from cyber criminals this holiday season. Below are some basic steps you can take to make yourself a much harder target for fraudsters:

1. Don’t click on links or attachments in emails from unknown senders

If you receive an email from an unknown sender, never click on any email links or attachments, as these can direct you to a phishing website or infect your device with malware.

If you’ve clicked on a link to an unfamiliar website, be careful about sharing information. Never enter your passwords or other sensitive data into websites you aren’t sure about. If you want to visit a particular business or retailer online, type their website address manually instead of clicking links.

2. Beware of smishing attempts

Attackers will often send SMS messages with links to phishing websites to try and trick you into giving up personal information. If someone sends you an SMS message with a link, don’t open it, as this is likely a smishing attempt.

You should also be careful not to provide any sensitive information through SMS.

3. Watch out for vishing attempts

Vishing is when a scammer engages in phone scams, calling their victims to trick them into making a payment, visiting a fake website, or revealing sensitive information.

If you receive an unsolicited phone call, don’t trust the caller! If you’re in doubt about the legitimacy of the call, hang up and call the company or agency using their official customer service numbers.

4. Only shop with trusted retailers

Searching for deals through social media and search engines can help you find better prices, but you have a much higher chance of running into a scam than if you only shop with trusted retailers. Shopping with trusted retailers will reduce the likelihood of a fraudster harvesting your details.

If you’re unsure about the company’s reputation, conduct a quick search on BBB’s Scam Tracker. You can also browse Reddit for complaints about the retailer or scam warnings.

Additionally, try to avoid buying gift cards from auction sites. Purchase them directly from a reputable vendor, even if it means paying more. Just think of it as a payment for your security.

5. Practice identifying phishing emails with phishing simulations

Phishing attempts are one of the biggest threats to your personal information, so learn how to identify them with phishing simulations to spot scams independently and protect your personal data.

6. Create Strong Passwords for Your Accounts

Many hackers will try to guess or break into your account via your username and password to access your personal and credit card details.

You can make this more difficult for them by creating strong passwords for your accounts with a mixture of lowercase letters, uppercase letters, numbers, and symbols.

It’s also worth it to use different passwords for each of your online accounts so that access to one won’t give an attacker access to all your profiles.

7.   Use Multi-Factor Authentication (MFA)

You can also make your online accounts more difficult to hack with multi-factor authentication (MFA). Using MFA is crucial because even if an attacker manages to get hold of your password, they won’t be able to log in, as they won’t have access to the passcode sent to your trusted device or email address.

8.   Install malware protection and antivirus software on your devices

Installing anti-malware and antivirus software on your devices and the latest security patches is critical for ensuring that they don’t have any vulnerabilities that an attacker can exploit.

9. Learn how to identify a fake or unsecured website

Legitimate websites typically have security markers, such as a padlock beside the URL, that signify a site has a valid security certificate. However, it’s not enough to check for these as attackers have found a way to receive fake security certificates.

When visiting a website, always check for red flags like poor spelling, bad design, strange formatting, and a lack of contact information.

10. Monitor your bank statements

The holiday season is the time to become more vigilant of the transactions that reflect in your bank statement. Check your accounts regularly so you can easily spot any suspicious activity. If you notice any discrepancies, report them to your bank immediately.

11. Use your credit card when purchasing online

Whether you’re booking flights and accommodations for your holiday travel or buying gifts from online retailers, we recommend using your credit card. These don’t give the attacker direct access to your money and come with security features that protect you against fraudulent transactions.

If you use a credit card and get scammed, you have a better chance of getting your money back.

Protect Yourself From Cyber Security Scams During the Holidays

As a general rule of thumb, you should trust your gut. If something seems too good to be true, it probably is. So, if you see someone selling products on social media at below-market-value prices, it’s best to move along, as there’s a strong chance they’re trying to scam you.


The retail industry is a hotspot for cyber scams, especially during the holidays.

Learn the root causes of cyber security concerns in the retail sector and more in Fortra’s Terranova Security’s retail eBook.

Stay vigilant, learn how to protect yourself, and have a happy and peaceful holiday season.