chat
expand_more

Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun.
December 21, 2021

We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun. Whether you celebrate Christmas, Hanukkah, Kwanzaa, or simply want to celebrate your employees with an end-of-year party, we spend the better part of December shopping and giving to others. It's critical to keep ourselves safe online and not fall for prevalent scams this time of year.

At Abnormal Security, we see thousands of scams and phishing attacks each holiday season, as cybercriminals look to take advantage of our lowered defenses this time of year. Here are a few tricks they use to steal your money and joy.

Charity Scams

We tend to be charitable throughout the year and according to the Giving USA Foundation, Americans contributed more than $471 billion to charity in 2020. That said, over 30% of the annual total given comes in December, when people are more likely to be appreciative of the things they have—and thus, more likely to give to others.

Scammers and cyber thieves know that fact and go out of their way to capitalize on that reality. Be on the lookout for fake online charities, where criminals will set up a “charity” specifically to steal your money. You should also be wary of landing on typo-squatted domains pretending to be your favorite charity. For example, humanesociety.org is a great charity, but humansociety.org may be glad to take your money, without donating it to animals in need.

If the charity you supported last year reaches out with a text or vague email asking for your generosity, avoid clicking on any links. Instead, visit their website by directly typing it into your browser and make sure you spell it correctly so you don't accidentally land on a malicious site. This is a great time to give, but make sure it ends up where you intended it to go.

Delivery Scams

There are two flavors to the delivery scam. The first one is when you purchase something, and the criminal takes your money with no intention of delivering a product. To avoid this situation, check the website's reputation through a service like Better Business Bureau before entering personal information, especially credit card or banking information.

The second one takes advantage of the busy person that has a daily visit from the Amazon delivery van. This attack poses as a delivery alert in your email or a text message with a link to track the order. We all fear the dreaded porch pirates that steal packages when we are away, so the sense of urgency to click the link and check the status of that treasured gift is too hard to resist. By doing so, you could accidentally provide login credentials or personal information that cybercriminals can use to target you again.

Instead of clicking unsolicited links, leverage the vendor's app or website to configure updates and alerts. You can also set up apps like Amazon, UPS, and FedEx to provide a push notification when your package is delivered.

Phishing and Look-a-like Websites

And finally, be wary of emails that ask for you to click a link, perhaps to check on the status of an order or to provide additional delivery instructions. This is a stressful time of year for many people, and cybercriminals take advantage of that fact to socially engineer victims into clicking on links where they can then steal credentials.

A common trick by cybercriminals is to provide a Google or Microsoft authentication page that looks real and upon completion, forward you directly to the intended link. The part you miss is where the criminal captured your user name and password as part of the scam. Making matters worse, we tend to be creatures of habit, so your email password is likely similar, if not the same, as your Amazon or PayPal or bank password.

Security for Individuals and Employees

While many of these scams target individuals, companies often participate in the celebrations throughout December and employees often purchase customer or employee appreciation gifts from online retailers using their corporate email accounts. To help protect employees and customers, organizations should re-evaluate their technical email controls in place to prevent these scams and attacks—throughout the holidays and beyond.

Modern solutions that leverage machine learning and behavioral data science as part of the solution are highly effective at mitigating these risks, blocking charity scams and phishing emails before they reach inboxes. As the CISO of Abnormal Security, I rest assured my employees and customers are well protected from these threats.

To see how Abnormal can protect you from charity scams, delivery scams, and more this holiday season, request a demo of the platform today.

Ho, Ho, Holiday Scams… Tips for Staying Safe This Festive Season

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More