Ho-Ho-Holiday Shopping Scams: Top 5 Lures Phishers Use

by | December 7, 2021 | How to, Cybersecurity

With the holiday shopping rush in full swing, scammers will hop on every chance they get to steal your money. And it’s much easier for them to scam you during the season to be jolly, with all the holiday events, get-togethers, and the gift-buying marathon we run every year.

In this article, we’ve compiled a list of the top five holiday shopping scams to brace for during the most wonderful time of the year.

Beware of holiday shopping scams

Keep your guard up, especially during the holiday season, for this is the most profitable period of the year for scammers. Not only will they try to steal your payment information, but your precious data could end up in the wrong hands, making you a target for further attacks.

Here are the most common five holiday shopping scams to watch out for this season.

1. Free Vacation Scams

Be cautious of emails or phone calls letting you know you’ve won a ‘free vacation!’. Best-case scenario, you’ll find the accommodations less than luxurious once you reach your destination. In the worst-case scenario, the offer was entirely fake, and you’ll end up giving away your personal information and payment details to fraudsters.

Do not provide your credit card details to a company you’re unfamiliar with.

Holiday shopping scams will often use the 'free vacation' lure.

2. Postal Delivery Scams

Be cautious of postal services alerts claiming that a package has been delivered to your home or office.

These can be phishing attempts in the form of a text message (smishing) or an email and look like they are coming from UPS, US Mail, FedEx, and others. They often include a phishing link that will direct you to a credential-stealing page.

If the message asks for personal information, do not give it away. If you are actually expecting a package, check with the postal service via phone call using the numbers you can find on their official website.

3. Charity Donation Scams

During the holiday season, non-profit organizations see a significant increase in donations. But, unfortunately, scammers prey on people’s generosity and run elaborate schemes to steal their money.

Here’s what you can do if you get a phone call from a charity and are in doubt:

  • Use a website like CharityWatch or even Google to do your research on a charity and learn how whether it is legit.
  • Pay close attention to the organization’s name and website. Fake charities often mimic popular charities. If it’s too similar in name to another, chances are it’s a fraud.
  • Don not give provide all your personal information. While it’s expected to provide your card details, don’t give away your Social Security number or bank account number.
  • Avoid making cash donations. Unless you’re 100% certain about a charity’s legitimacy, don’t donate cash, gift cards, or cryptocurrency.

4. Gift Card Scams

This time of the year, scammers often create fake promotions on social media platforms, using lures along the lines of “you’ve won a gift card!” or that “the first 50 people to sign up will win!”. Once you claim your non-existent prize, you will be asked to enter your personal information, which can be then sold and used in further attacks, such as identity theft.

Be careful what you click on at all times. Also, stay away from pop-ups when surfing the web.

5. Freebies and Crazy Deal Scams

We’re in the middle of a shower of discounts and sales, and scammers know how to take advantage of the situation.

If a deal sounds too good to be true, that’s probably the case. Be sure to make purchases only on trusted websites of reputable brands.

Don’t fall for complimentary accessories and appliances.

The best defense against phishing scams is proper security awareness training, especially for businesses. Make sure you keep cybercrooks at bay with ATTAK Simulator’s comprehensive Security Awareness Training Program.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irremediable damage.

Keep your company safe from Cyber Monday scams with ATTACK Simulator.

Would your employees take the bait? Put them to the test with our free security awareness training trial and know where you stand against a phishing attack now!


Photo by krakenimages on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.