6 Sneaky Phishing Scams To Watch Out For This Holiday Season

The holidays have a way of bringing out the very worst in the type of people who happily profit by preying on others. Phishing scams have been a favorite tool of cybercriminals for years. These 6 scams in particular are wreaking havoc on unsuspecting targets this December.


  • Fake Receipts and Invoices – One of the more popular ways of sneaking malware past IT security measures is to hide the malicious code in an attachment. With so many people doing most or all of their holiday shopping online, there is a noticeable increase in the number of invoices, receipts, and order confirmations popping up in everyone’s inboxes. Normally, an unexpected message from Amazon would raise a red flag, but this time of year many users would open the attached PDF without a second thought.
  • Fake Shipping Status Alerts – Much like phony invoices, fake shipping notifications and updates are finding their way into unsuspecting users’ inboxes. This particular method can often be more effective, as it relies not on a fake purchase, but on making the user worry that there is a problem with a purchase they know they’ve made. A notice from “UPS” letting you know your package is delayed is bound to get a click-through from a user who is in fact expecting a delivery via UPS.
  • Fake Flyers and Deals – At the height of the holiday shopping rush, the average user can easily see a dozen or more emails each day advertising special offers and discounts from websites they have frequented in the past. While skimming through these messages, be on alert for emails from stores or vendors you have never shopped with before. These digital flyers may be advertising a great deal, but chances are the only thing you’ll receive by clicking through is a malware infection, or lost funds for an order you’ve placed and will never receive.
  • Malicious Embedded Links – Embedded links are just as common a tactic as attachments for downloading malware to a system, or redirecting the target to an infected website. Always take a few extra seconds to hover your mouse over any link that finds its way into your inbox. They hyperlink may look legitimate, but the link itself may tell a completely different story.
  • Unauthorized Transactions – It’s always a good idea to keep an eye on your bank accounts, but it’s especially critical around the holidays. Keeping track of numerous purchases can be challenging, but by ignoring changes to your balance, you could be missing the fact that not all of your purchases were actually made by you. All it takes in one website with lax security standards to lose your credit card information to hacker, and leave you footing the bill for someone else’s shopping habits.
  • Fake Customer Surveys – Online surveys offering cash or gift cards as a reward for completing them can often end up being a scam. The difference between a legitimate offer from a legitimate business and a phishing attempt is often those last few questions. If a survey asks for personal or financial information, it’s extremely likely that the survey is a cybercriminal’s way of stealing your identity, or setting up a more advanced phishing scam.

While the bulk of these threats are intended to target individuals, if one of your employees happens to trigger one of these infections or intrusions from their workstation or any device that is connected to your business’ network, it can be disastrous for your business. A hacker that is hoping to get a hold of personal data would be more than happy to instead help themselves to any and all sensitive data stored on your systems and network.

Talk to your IT provider to ensure that you have the right network security measures in place, and that your firewall, antivirus, and antimalware programs are up to date with all of the latest patches.

Want to find out more about the steps you can take to protect your business from cyber threats? Contact us at {email} or {phone}. We’re the IT professionals businesses in Texas trust.