Holiday Scams: 5 Warning Signs and Essential Do’s & Don’ts To Keep Your Business Safe

by | December 7, 2021 | How to, ATTACK Simulator Guides

Oh, the weather outside is frightful, but the huge discounts are more than delightful.

We’re all on the hunt for the nicest gifts for those we love or for ourselves. Unfortunately, holiday scams blend in with real deals so well, that it’s easy to fall for them.

But not to worry, we’ve got you covered with our list of five red flags to watch out for when shopping online for this Christmas, and valuable do’s and don’ts to help you avoid falling prey to holiday scams.

Holiday scams lurk in all corners of the Internet, so you'd better watch out.

‘Tis The Season For Scams

Following last year’s socially-distanced holidays, things are returning to some degree of normalcy in 2021. Thus, families can gather again, and stores can expect actual crowds. However, we’ve become very familiar with online shopping and doing so many of our activities in the online realm.

Sadly, there are those who made it to Santa’s naughty list – the scammers – and are always on the lookout for potential victims and constantly finding ways to exploit our holiday habits and generosity.

As genuine retailers offer great seasonal deals, phishers sneak their bogus brand-impersonating websites and social media campaigns in to try and ‘spoof‘ bargain-hunting shoppers out of their money. Most of the times, you’ll just pay for a product you’ll never receive. However, on a grimmer note, you can hand over your personal information and payment details to a cybercrook who can use your data in identity theft or spear-phishing attacks.

Things can go to a whole another level when your business is involved. For example, a successful phishing attempt targeted at one of your employees could compromise your entire company and expose it to costly ransomware attacks, which can sometimes result in significant workflow disruptions or even complete operation shutdown.

5 Warning Signs Of Potential Holiday Scams

A recent AARP study found five warning signs you and your employees should be looking for when trying to spot holiday scams:

  • Too-good-to-be-true dealsHuge discounts on hot gift items, especially when touted on social media posts or unfamiliar websites.
  • Maimed grammarSpelling errors or shoddy grammar on a shopping website or in an email.
  • ‘Secretive’ companiesA shopping or travel site does not list a phone number or street address for the business and offers only an email address or a fill-in contact form.
  • And you have no privacyA site does not have a privacy policy.
  • Old-fashioned phishingAn unsolicited email asks you to click on a link or download an app to access a deal or arrange a delivery.

Do’s And Don’ts To Avoid Holiday Scams

AARP also provided recommendations to help you keep holiday scams at bay this year:


  • Hover your mouse over links in emails and social media messages to find the real destination URL. Click through only if you’re 100% sure it’s a legit website.
  • Try to use your credit card whenever possible for online purchases. It has better protections than a debit card.
  • Do your research on retailers, travel companies, and charities you’re unfamiliar with before making any purchase, booking, or donation. Read customer reviews and search their name along with terms like ‘scam.’
  • Read the return and refund policies carefully and make sure they are clear.
  • If you must buy gift cards online, purchase them form the issuing business only. Any other seller could be a scammer.


  • Don’t automatically assume that a website is secure just because it shows a padlock icon or “https://” at the beginning of the URL. Many malicious sites can easily display those signs to fool fraud-savvy consumers who look for them.
  • Don’t use a publick Wi-Fi when making a purchase or a donation. Your payment details can be intercepted by hackers.
  • Don’t make purchases or donations if a website or caller asks you to pay by wire transfer, gift card, or prepaid cash. Nothing screams ‘scam’ more than an entity pretenting to be genuine and reputable, but seeking payment by those means.

Keep Your Company Safe From Holiday Scams With ATTACK Simulator

We’re in the middle of an avalanche of discounts and sales, and scammers know how to take advantage of our habits and generosity.

If a deal sounds too good to be true, that’s probably the case. Be sure to make purchases only on trusted websites of reputable brands.

Don’t fall for complimentary accessories and appliances.

The best defense against phishing scams is proper security awareness training, especially for businesses. Make sure you keep cybercrooks at bay with ATTACK Simulator’s comprehensive Security Awareness Training Program.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irremediable damage.

Keep your company safe from Cyber Monday scams with ATTACK Simulator.

Would your employees take the bait? Put them to the test with our free security awareness training trial and know where you stand against a phishing attack now!


Feature Image: Photo by Markus Spiske on Unsplash

Work illustrations by Storyset

Work illustrations by Storyset

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.