Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun.
December 21, 2021

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun. Whether you celebrate Christmas, Hanukkah, Kwanzaa, or simply want to celebrate your employees with an end-of-year party, we spend the better part of December shopping and giving to others. It's critical to keep ourselves safe online and not fall for prevalent scams this time of year.

At Abnormal Security, we see thousands of scams and phishing attacks each holiday season, as cybercriminals look to take advantage of our lowered defenses this time of year. Here are a few tricks they use to steal your money and joy.

Charity Scams

We tend to be charitable throughout the year and according to the Giving USA Foundation, Americans contributed more than $471 billion to charity in 2020. That said, over 30% of the annual total given comes in December, when people are more likely to be appreciative of the things they have—and thus, more likely to give to others.

Scammers and cyber thieves know that fact and go out of their way to capitalize on that reality. Be on the lookout for fake online charities, where criminals will set up a “charity” specifically to steal your money. You should also be wary of landing on typo-squatted domains pretending to be your favorite charity. For example, is a great charity, but may be glad to take your money, without donating it to animals in need.

If the charity you supported last year reaches out with a text or vague email asking for your generosity, avoid clicking on any links. Instead, visit their website by directly typing it into your browser and make sure you spell it correctly so you don't accidentally land on a malicious site. This is a great time to give, but make sure it ends up where you intended it to go.

Delivery Scams

There are two flavors to the delivery scam. The first one is when you purchase something, and the criminal takes your money with no intention of delivering a product. To avoid this situation, check the website's reputation through a service like Better Business Bureau before entering personal information, especially credit card or banking information.

The second one takes advantage of the busy person that has a daily visit from the Amazon delivery van. This attack poses as a delivery alert in your email or a text message with a link to track the order. We all fear the dreaded porch pirates that steal packages when we are away, so the sense of urgency to click the link and check the status of that treasured gift is too hard to resist. By doing so, you could accidentally provide login credentials or personal information that cybercriminals can use to target you again.

Instead of clicking unsolicited links, leverage the vendor's app or website to configure updates and alerts. You can also set up apps like Amazon, UPS, and FedEx to provide a push notification when your package is delivered.

Phishing and Look-a-like Websites

And finally, be wary of emails that ask for you to click a link, perhaps to check on the status of an order or to provide additional delivery instructions. This is a stressful time of year for many people, and cybercriminals take advantage of that fact to socially engineer victims into clicking on links where they can then steal credentials.

A common trick by cybercriminals is to provide a Google or Microsoft authentication page that looks real and upon completion, forward you directly to the intended link. The part you miss is where the criminal captured your user name and password as part of the scam. Making matters worse, we tend to be creatures of habit, so your email password is likely similar, if not the same, as your Amazon or PayPal or bank password.

Security for Individuals and Employees

While many of these scams target individuals, companies often participate in the celebrations throughout December and employees often purchase customer or employee appreciation gifts from online retailers using their corporate email accounts. To help protect employees and customers, organizations should re-evaluate their technical email controls in place to prevent these scams and attacks—throughout the holidays and beyond.

Modern solutions that leverage machine learning and behavioral data science as part of the solution are highly effective at mitigating these risks, blocking charity scams and phishing emails before they reach inboxes. As the CISO of Abnormal Security, I rest assured my employees and customers are well protected from these threats.

To see how Abnormal can protect you from charity scams, delivery scams, and more this holiday season, request a demo of the platform today.

Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

B Health Care
Email attacks like BEC against the healthcare industry are on the rise in 2023. Protect yourself with sophisticated cloud-native email security.
Read More
B AI Series
Discover how Abnormal's advanced AI models are used to detect abnormalities in email behavior and protect organizations from the most sophisticated email attacks.
Read More
B Insights from Clemson University CISO
John Hoyt, CISO at Clemson University, shares his take on the unique cybersecurity challenges of higher education and how Abnormal Security can help.
Read More
B Nigerian Prince
Scams about the Nigerian Prince that promise millions have been around for decades. But they are transitioning, now using ChatGPT and similar tools to seem more convincing.
Read More
B 9 12 23 ATO
Learn why account takeovers are successful, how to detect and remediate them, and how to better protect yourself from cybercriminals in the future.
Read More
B 9 8 23 Incident Response
An effective incident response plan is crucial to minimizing the effects of an email attack and preventing future breaches.
Read More