Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Top 5 Christmas Cyber Scams

Christmas cyber Scam

Cyber scams are a persistent problem for organisations at all times of the year; however, there is a steep increase in scams at Christmas as cybercriminals take advantage of distracted staff to launch targeted attacks.

When we’re distracted, mistakes happen, and Christmas tends to be the one time of the year when employees let their guard down. During the holiday season, inboxes are flooded with eCards, messages from friends and family, delivery notifications from online retailers, and fraudsters use this flurry of online activity to launch mass phishing scams.

As the festive season approaches, organisations must ensure that staff remain vigilant against phishing attacks, delivered not only through external sources but also through what appears to be legitimate internal communications, such as emails from senior management or the latest updates on office opening hours.

Staff need to be on their guard to ensure that they are prepared to deal with the influx of seasonal cyber scams. The best way to do this is to become familiar with the most frequently used attack methods at this time of year.

Top 5 Christmas Cyber Scams

1. Fake Delivery Emails

Cyber Scam - Fake Delivery email

The most popular type of seasonal phishing attack is linked to logistics. Criminals know that as Christmas approaches, people are sending lots of packages to friends or families or expecting the delivery of parcels themselves.

Victims will receive an email from what appears to be a legitimate courier company informing them that they’ve missed the delivery of a parcel. The email will often be urgent in tone and warn the recipient that their package won’t be delivered in time for Christmas if they don’t act quickly.

To select a new delivery time, they will be instructed to click on a link within the email, and upon clicking the link, they will be taken directly to a phishing website or their computer will be infected with malware.

2. Christmas eCards

Cyber scams - eCards

eCards have become a very popular and inexpensive way to send friends and families a card at Christmas. Cybercriminals have been quick to take advantage of this online format and use it as a guise to trick victims into downloading and installing malware.

As soon as you click on the link to view your card, there’s a good chance you’ll be downloading adware, spyware, or a Trojan virus onto your computer. Red flags that an eCard is malicious include; spelling mistakes, an unknown sender, dubious link, or an attachment that ends with “.exe,”. This can indicate an execute command which may install a virus onto your PC.

3. Seasonal Offers

Cyber scam - Seasonal offer

It can be hard to resist the lure of a cheap bargain online, especially at Christmas, but these too good to be true offers usually are! Criminals will often create a fake page imitating a well-known brand, then pretend to offer a real promotion. These scams are often set up specifically to harvest user data and will require the input of personal information.

4. Gift Card Survey Scams

Cyber scam -Gift card

Fraudsters will often create fake Christmas promotion pages that claim to be associated with big brand names. The pages are full of offers to win expensive prizes, vouchers and gift cards. To be in with a chance of winning, all you have to do is like the page and share the promotion with your friends. This ensures the scam reaches as wide an audience as possible.

The next condition of entry is to complete an online survey to verify your identity. This is just a cunning way to harvest your personal or financial details. Always be wary of any promotion that asks you to like and share material or participate in an online survey to enter.

5. Charity Phishing Scam

Cyber scams - Charity Phishing

Cybercriminals are extremely devious and know that people will tend to be more charitable at Christmas and donate to those less fortunate. To exploit this goodwill, fraudsters will set up fake phishing websites designed to look exactly like the genuine website of reputable charities.

As soon as you enter the fake site, you will be asked to donate by providing your credit card details and personal information. The criminals will then use this data to steal your money or commit identity fraud. When donating to charity it’s always best to go directly to the charity’s website and never follow a link within an email.

How to Avoid Christmas Cyber Scams

  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website.
  • Pay close attention to the spelling of an email address, if there are any inconsistencies, delete immediately.
  • Ignore and delete emails with poor grammar and formatting.
  • If the email is threatening or urgent in tone, do not respond. This is a common tactic used to pressurise a victim into taking immediate action.
  • If you get an email, phone call, or text message about a parcel you weren’t expecting, treat it with suspicion.
  • Be wary of email offers – If an offer seems too good to be true, it usually is.
  • Enable a spam filter on your email account.
  • Back up data on a regular basis.
  • Install the latest anti-virus software solutions on your work devices.
  • Use strong passwords to reduce the chance of devices being hacked.
The Ultimate Guide to Phishing

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations
  • All fields are required. No free emails.

  • This field is for validation purposes and should be left unchanged.