![white-logo.png]](https://www.livingsecurity.com/hs-fs/hubfs/white-logo.png?height=40&name=white-logo.png){kind=logo}
During the holiday season, threat actors double down on new and creative ways to deceive
people both online and offline—and succeed. An Experian survey revealed that 1 in 4
respondents reported being a victim of identity theft or fraud during the holidays. From holiday related phishing emails to illegitimate shopping websites, there are many ways cybercriminals
exploit the hustle and bustle of this time of year.
Luckily, with the right security know-how, you can fight holiday fraud and help your coworkers,
friends, and family stay safe too!
Here are some of the biggest holiday frauds to look out for:
1. Charity Scams
Special holidays may remind us of all we have to be thankful for. As we reflect on our blessings,
it’s often a nice time to share our good fortune with others—and many of us do! In 2020,
Americans alone gave $471.44 billion, a 5.1% increase from 2019, according to the National
Philanthropic Trust, which is just a fraction of the worldwide giving totals.
Cybercriminals know that major holidays like Thanksgiving, Christmas, and New Year’s Day are
the prime times for donating. That’s why they create sneaky scams to take advantage of our
giving spirits!
Be on the lookout for fraudulent emails that appear to be from charities and websites that look
a bit “off.” Online, criminals will often mimic similar names to reputable charities, so look extra
closely at the URL for misspellings or inconsistencies. For example, you may get an email from
“The European Salvation Army” when really, the real Salvation Army leaves off “European” as an
international brand. Or the link may be a .com extension instead of a .org.
Don’t assume phone calls are any safer than emails ー search for the organization online yourself;
never assume a URL a telemarketer shares with you is legitimate. A website like
https://www.charitynavigator.org/ can help you understand where your money could be going.
And when you are comfortable making a contribution, do the following:
- Check your web browser for a secure site padlock
- Pay with a credit card, not a debit card, whenever possible
- Avoid cash donations, which are harder to trace
If you’re still uncertain, follow these additional tips from the FCC for avoiding holiday scams as
well as additional resources from European ENISA and U.K. NCSC.
2. Delivery Scams
If you’re shopping online this year, there are some extra ways to keep yourself and your family
safe. From physical item theft to sneaky phishing campaigns, delivery scams are on the rise—
with non-payment and non-delivery scams the second most prevalent threat reported by the
FBI’s Internet Crime Complaint Center.
One of the most popular forms is the “package wasn’t delivered” scam, wherein the threat actor
sends a phishing email imitating your shipping sender, claiming they were unable to get a
package to you on time. These emails may contain infected links or attachments that download
malware. Work-related emails may use urgency to trick you to take quick action, saying an
important delivery is held up and will be rerouted if you don’t click a link to validate the
shipping address or send over the final payment.
To avoid these scams, hesitate before clicking any links, opening attachments, or sharing
personal information with the contact. Verify through the actual source, like Amazon, or your
vendor directly. Here’s more advice for avoiding delivery scams to dig deeper.
3. Travel Scams
Hopping on a plane this year? Cybercriminals know this and often craft phishing messages with
fake deals or promotions right before the holiday season. For example, you may get an email on
an incredible deal on flights or an all-inclusive resort that seems too good to be true. Chances
are, it is! Always verify the deal on the real provider’s website.
The holidays are also prime times for threat actors to breach an individual’s system and send
text messages, emails, or social media messages to their contacts, posing as a trusted friend or
family member. They may Facebook message you from your friend’s profile saying, “I traveled
internationally to see family. Someone stole my wallet and I’m stuck here. Can you wire me
money to get a flight home?” or try a similar money transfer fraud. Don’t fall for these travel
ruses!
If they were really traveling, you would know. Remember, if they compromised a Facebook
account, they could post ambiguous pictures looking like they’re traveling. Is your friend actually
in the picture? Even “check ins” can be faked. If you receive a message like this, take a moment
to review these frequent travel scams and, of course, call your friend directly.
4. Shopping Scams
Big sales can make shopping feel irresistible around the holidays. From substantial discounts to
free shipping and payment plans, stores offer extra incentives to buy before, during, and after a
major holiday. During these prime windows, many get hit with a slew of emails or online
advertisements — but not all are legitimate.
The FBI and other governing bodies receives complaints all the time about shopping scams,
which it compiles in its annual Internet Crime Report. Common reports include:
- Not receiving their product after paying.
- Websites copying information from legitimate websites to deceive.
- “Contact Us” information mimicking a geographical address in one country when the
company is located elsewhere. - Vouchers or gift cards in exchange for filling out a survey.
- Holiday contests shared through a link by an unsuspecting friend.
Before purchasing anything around the holidays, stop and think. If you see a targeted
advertisement on social media, go directly to the website yourself to purchase it without
clicking on the ad. If a deal looks too good to be true, remind yourself that it probably is!
5. “Out-of-Office” Help Scams
Many organizations offer extended time off or variations from normal business hours during the
holidays ー and cybercriminals are expecting this.
One common out-of-office scam involves the “I have no service,” trick, wherein someone claims
to be traveling for a holiday and can’t get Wi-Fi or a data signal from where they’re staying. They
may ask you to do something for them. Proceed with caution. When receiving correspondence
around a major holiday—always verify the request by calling or video chatting with the person on
a known, legitimate channel to hear or see if it's really them. If they claim they can’t, let them
know you can’t help them until they can prove their identity.
Stay Scam-Free With Better Security!
Knowing how to react to these five major scams is a great way to begin preparing for the tricks
cybercriminals use to manipulate during holidays.
Check out these helpful links to learn more:
