‘Tis the Season for Holiday Phishing Scams

Holiday scams - Types of phishing scams

You can’t stop the flood: the pandemic made online shopping jump to incredible heights, and so did cybercrime. According to the FBI, in 2021, holiday scams cost victms over $500 million in the US alone. The 2022 holiday season will not be different. 

With remote and hybrid work settings becoming the norm, holiday shopping may cross the boundaries between home and work computers. It means that attackers now have even more opportunities to get their hands on corporate data. 

With all these reasons, one can see why holiday scams are a motivation for companies to offer cybersecurity training and awareness to their employees.

The question is: how to keep your shopping pace without compromising corporate data?

Cybersecurity training and awareness to avoid holiday phishing emails


Tessian’s report “Securing the Future of Hybrid Working” found that 75% of IT leaders believe that the future of work will be remote or hybrid. Furthermore, 11% of working professionals said they’d prefer to work solely from home. Last but not least, an average worker prefers to work from home at least two days per week.

However, there are several security risks involved in a hybrid working environment. On the top of the list is putting corporate data at the risk of being attacked. Between March and July 2020, companies have reportedly faced a data breach or security incident during a period of remote working. The majority of the attacks were phishing scams. In addition, companies have repeatedly reported an increase in ransomware attacks delivered via phishing emails, vishing, and whaling attacks.

With the holiday season coming in, the companies are ready to expect a dramatic increase in cyberattacks, especially holiday phishing scams. Therefore, companies must educate and train their employees using customized holiday phishing simulations. This exercise will enable the users to recognize and report phishing emails, decreasing the chances of employees becoming victims and putting the corporate data at risk.

From November to January, people are preoccupied with holiday activities, one of which is online shopping. Therefore, it’s easy to fall for holiday scams. With hybrid work, phishing scams rise because employees are likely to use work computers for holiday shopping. In the holiday season, people are used to receiving more emails, including shipping notices, promotion emails, order receipts, etc. Combining all these factors increases the likelihood of cyberattacks by putting corporate data at risk of exposure.

Cybercriminals spoof these seasonal emails and insert their malicious links and attachments. Because employees frequently check personal email while at work, these holiday scams pose a greater risk to business networks. They could also be receiving scams sent directly to their work email, posing as a business purchase. 

Consider the following types of phishing scams that you and your employees risk seeing this holiday season.

Fake Order Receipt

Phishing scammers will send fake order receipt emails that appear to be from well-known retailers during the holidays. The order link will usually direct the user to a fake sign-in form designed to steal login credentials or a malware-infected website. 

The goal of this phishing scam is to elicit an emotional response from someone who either didn’t place the order and is angry and wants to correct the error or is curious and wants to see what they may have ordered.

Fake Order Receipt - Holiday Phishing Scams

Spoofed Shipment Tracking

People receive order tracking notices at a higher rate during the holidays than during the rest of the year. Cybercriminals take advantage of this by sending holiday phishing emails that appear to be from a legitimate company, such as Amazon, Microsoft, etc. These emails redirect the user to a malicious website to download ransomware, spyware, or other malware, corrupting their systems.

Charitable Contribution Scam

Charities frequently take advantage of the holiday season’s giving spirit to expand their outreach efforts. But unfortunately, phishers send out fake donation requests with heartfelt images to get people to provide them with money and credit card information. 

If employees or businesses want to donate and not fall for this holiday scam, they should do so through a reputable organization. It is imperative to make it a habit and always visit the website directly whether you wish to purchase something or make a donation.

Gift Card Phishing Scam

One of the more sophisticated holiday scams involves impersonating an employee in a position of authority. This employee is most likely to be a part of your company, such as a manager or a supervisor. Scammers can quickly obtain this information by visiting a company’s website or a social networking site such as LinkedIn. Then, they send an email to a lower-level employee that appears to be from the manager.

These scammers aim to take advantage of an employee’s desire to please the boss. This scam uses the unreachable ruse to discourage the recipient from calling to ask any questions. If an unusual request like this comes in, employees should always contact the person using the contact information they have on file for them.

Fake Holiday Sales & Promotions

It’s difficult to resist checking out a rock-bottom price on a new iPhone 12 or another gadget you’ve been eyeing to see if it’s legitimate. Unfortunately, this frequently leads people to click on holiday phishing emails, directing them to sites that perform malware drive-by downloads.

During the holiday season, it’s critical to be extra vigilant and avoid clicking links in emails whenever possible. If the sale is from a reputable retailer, going to their website directly should yield the same results and is safer than clicking a link.

Fake Holiday Sales - Phishing scams

Protect Your Employees Using Holiday-Themed Phishing Simulations

On this 2022 holiday season, cybercriminals will undoubtedly take advantage of the increase in online shopping and travel. The holiday season brings many cybersecurity challenges and an increase in travel and online shopping. Do your users have the skills to recognize phony shipping notifications, malicious links in travel scams, and other phishing scams?

Now’s the time to educate and train your users and employees regarding the cybersecurity threats they may face with the holiday sun rising this year. Only by education and cyber awareness can you get your workforce ready to report all kinds of phishing scams and become the protectors of your corporate data. 

Schedule a Phishing Readiness demo and secure your crew from the risk of falling victim to phishing scams.

Also, meet our newest solution to Fix Security Awareness, Ally.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

More collection from our blogs

Ally is engaging, different, flexible, automated, device agnostic and aligns with our goals to be a cutting edge bank that both finds ways to accommodate and empower our people.

See for yourself how to upgrade your security awareness

Schedule a demo today, and learn how to raise engagement, performance and reduce operational stress with our platform.