6 Phishing scams you’re likely to encounter during the holiday season

6 Phishing scams you’re likely to encounter during the holiday season

The holiday season is when we get together with family and friends to celebrate. But it's also a time when scammers come out in full force to take advantage of unsuspecting victims. Phishing scams, in particular, peak around the holidays, soaring by 52% in December. In fact, there were reportedly eight million phishing attempts every day during the holidays in 2021.

What is phishing?

Phishing is a scam wherein cybercriminals trick people into disclosing personal information, such as credit card details and Social Security numbers. They do this by sending emails or text messages that appear to be from a legitimate individual or company, such as a bank or retailer.

The message often includes a link to a spoofed website that asks victims for their personal information. If victims input their information, scammers can use it to commit identity theft or make fraudulent transactions.

What are some common holiday phishing scams?

Phishing scams happen all year round, but during the holiday season, they usually adopt the following themes:

1. Fake party invitations

In this scam, the cybercriminal poses as the victim's friend and sends holiday party invites. The victim is then instructed to confirm their attendance by clicking on the link in the message and providing their personal information on the linked website.

2. Gift card or coupon scams

Victims receive a message that says a loved one or known company has given them a gift card or coupon. The message includes a link that takes victims to a website where they can purportedly claim their gift card or coupon. But to claim these, they are first asked to provide their personal information.

3. Fake online orders

Posing as a legitimate online retailer like Amazon or eBay, cybercriminals send a message claiming the victim made an online purchase. The message includes a link to a supposed order confirmation page.

When the victim clicks on the link, they are directed to a spoofed website that looks identical to the legitimate retailer's website, making it difficult for the average user to suspect anything is amiss. To dispute or cancel the order, the victim is prompted to input their personal information in order to prove their identity.

4. Fraudulent holiday vacation promos

Many people search online to book a holiday vacation, so it's no surprise that scammers send out messages posing as a travel agency, resort, or hotel that offer enticing holiday travel deals. Their messages usually include a link to a spoofed website where victims must input their personal information to take advantage of such offers.

5. Bogus delivery notices

Pretending to be a logistics company like FedEx or UPS, scammers send out messages informing victims of a delayed shipping or failed delivery attempt. These messages contain a link to a website where victims can input their personal information to supposedly track their package.

Charity frauds

To take advantage of people's generosity during the holidays, cybercriminals send out messages posing as a legitimate charity or donation drive. The message includes a link to a website where victims can input their credit card information to make a donation.

How can you avoid falling victim to phishing scams?

The first step in safeguarding yourself and your business from phishing scams is learning how to spot one. Look out for the following telltale signs of a phishing message:

  • Has misspellings in the sender's email address (e.g., @amazoon.com instead of @amazon.com)
  • Uses a generic greeting (e.g., Dear customer) instead of your name
  • Has poor grammar or spelling in the message
  • Creates a sense of urgency
  • Contains a link leading to a website that requests your personal information

Related reading: What should you do if your business falls for a phishing scam?

Moreover, never click on links in suspicious emails or text messages. If you want to verify the message’s authenticity, do not use the contact information included in the message. Instead, go to the supposed sender’s official website and use the contact details listed there.

Want to further boost your company’s cyber defenses? Start by learning the common cybersecurity mistakes small businesses make in our FREE eBook.


Improve your overall cybersecurity posture by empowering your workforce to recognize and prevent social engineering attacks. Our FREE eBook will teach you how to design and implement a cybersecurity awareness training program that works.LEARN MORE HERE