Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Staying Cyber Safe this Holiday Season

Holiday season

about the author

Every time any holiday or event comes around, scammers come knockin’.’ Action Fraud and the National Fraud Intelligence Bureau (NFIB) released figures showing the extent of Holiday scams, with shoppers scammed out of £15.3m between November 2021 and January 2022.

Fraudsters use events like the Holiday season, tax submission season, or Black Friday to take advantage of people’s fear of missing out, excitement, or urgency. MetaCompliance has outlined some basic ways to stay safe this holiday season and stop scammers from spoiling the fun.

Holiday Scams and How They Put you at Risk

Scammers are nothing, if not versatile. However, specific scams come back year after year. Here are some of the scammers’ favourites:

No Such Thing As a Free Gift Email

Fraudsters bank on the fact that everyone loves a gift. With the cost-of-living crisis causing hardship this year, scammers are likely to use freebie offers to entice people into their scams.

How it works: the scammer will create phishing emails or texts that offer free gifts or a gift card. Typical emails will use words that are exciting and enticing, for example:


The message will ask the recipient to click on a link and add their contact details and address to receive the gift. Unfortunately, if those contact details are entered, they will be stolen and used to commit identity fraud.

Social Media Pay-It-Forward Puts You at Risk of Identity Theft

Gift-exchange scams have found the ideal way to propagate using social media sites like Facebook. The ‘secret sister’ scam is an example. The scam works like typical pyramid fraud: fraudsters use social media posts to urge recipients to buy a £10 gift card, then send it to another in the chain to receive many more £££ themselves in return. 

How it works: These scams operate on the principle that you will reap the rewards if you pay-it-forward. Scams will usually encourage you to send money to a friend, and in setting up the exchange, you give the scammers not only cash but your and your friend’s personal details. Typical social media pyramid scams use social media pyramid schemes and come and go, so it is essential to watch out for any new variants on the theme. 

PayPal “Pay a Friend” Fraud

If you need help thinking of a good gift, you can always turn to cash as a present. Sending money to family or friends has never been easier as banking goes digital. However, UK police forces have published warnings about a PayPal “pay a friend” scam involving fake PayPal money request emails. 

How it works: PayPal has a feature whereby someone can send a request for money via email. The recipient can then click on the request button in the email to initiate payment. Variants on this theme include a fake PayPal email saying that a payment has failed and to “click here to try again.” In a time when you may well be sending money as a gift, it is important to be vigilant to these cleverly composed phishing emails.

Fake Deliveries are Awash During Holiday Seasons

Deliveries are at a peak this time of year, and you may be waiting on several parcels to arrive. Unfortunately, scammers use holiday season delivery mayhem to commit fraud. Fake delivery scams tend to increase rapidly over the holiday period, with scammers looking to take advantage of busy people who may be expecting presents in the post. 

How it works: fake delivery scams use text messages and emails. The fraudster will create a spoof message that looks like it has been sent from a trusted delivery company such as Royal Mail, UPS, or similar. The message typically contains details to encourage concern and urgency in the reader.

For example, the message will include instructions to click on a link to pay an unexpected delivery fee before you can receive the parcel. If you click on the link, it will take you to a spoof website that will request (and then steal) personal or financial details.

Royal Mail scam examples can be seen here.

Phone Calls Can End in Identity and Financial Theft

Never underestimate the cybercriminals’ use of all means to scam. Phone scams are still causing grief to many. In 2021, there were 4,623 reported cases of telephone banking fraud. During peak seasons, such as the Holiday season, when people are rushing around and not thinking, fraudsters will turn to any means to steal data and money. While phone fraud may be down on last year’s reported figures, it is still an option for scammers wanting to make extra cash.

How it works: phone scams come in all shapes and sizes; often, the scammers will use tactics such as pretending to be IT support from a well-known manufacturer or impersonating bank security; fraudsters will use social engineering during a phone call to elicit information such as a bank account number or personal details.

Complex phone fraud may also involve several calls, where the target is convinced that their bank account is at risk, and the caller is attempting to rectify this situation. The result is that the target will be tricked into transferring large sums of money to the fraudster’s bank account, believing this will protect their money. Variants on the phone fraud theme exist, so watch out for phone fraud or ‘Vishing’ this holiday season.

5 Ways to Stop Scammers Spoiling your Holiday Season

Fraudsters are always on the prowl for an opportunity to scam. But holiday periods usually experience soaring rates of fraud. However, there are some basic protection measures that you, your family, and your business can use to stay safe from scammers this holiday time, no matter what the scammers try on:

  1. Be vigilant: understand the scam landscape. Share any info you have on current seasonal scams with staff, friends, and family.
  2. Education, education, education: teach your staff and your family about holiday season fraud. In the workplace, use phishing simulations with all staff across the company. Educate your customers and create a policy that sets anti-fraud and security measures in place to address seasonal scams.
  3. Use social media wisely: never give out personal details on social media; cybercriminals trawl social platforms for identifying information. Educate your staff, friends, and family about the dangers of oversharing on social media. Also, educate all on using social media to propagate fraud, such as the pay-it-forward scam.
  4. Be careful what you wish for: don’t fall for gift scams. Scammers work on manipulating emotions such as excitement, fear, and a sense of urgency. Be wary of anything that comes in via email, text, mobile message, or phone call that offers free gifts in exchange for personal information.
  5. Shop safely: be careful where you buy goods from when shopping online. Avoid clicking links in emails to make a purchase based on an “amazing offer!” Check out online reviews from the likes of Google reviews. Use a credit card to purchase, as most credit cards have payment protection.

This holiday season, stay vigilant, know your scam, and stay safe.

Staying Cyber Safe this Holiday Season

you might enjoy reading these

Cyber Secure on Social Media

Staying Cyber Secure on Social Media

In today’s digital age, cybercriminals are becoming increasingly sophisticated, targeting users through various methods on social media. According to a study conducted by Cybersecurity Insiders,
Read More »