Phishing Scams You Should Watch Out This Holiday Season

The holidays are a time for celebration, but unfortunately, they’re also prime time for cyber grinches.

As online shopping reaches its peak, scammers ramp up their efforts to trick unsuspecting victims. Phishing emails are one of the most common tactics these digital con artists use. 

In this article, we’ll unwrap the most common holiday phishing ploys and give you all the how to spot and stop them. Consider it our gift to you!

Why Scammers Love the Holidays

Think about it: from Black Friday through the New Year, we’re all doing more online shopping, tracking packages, and looking for deals.

They know we’re feeling more vulnerable and distracted trying to find the perfect gifts, so we might be more likely to fall for their tricks.

According to the FBI, Americans lost over $309 million to online shopping and non-delivery scams last year. The data suggests these scams surge during the busy holiday season.

Scammers have gotten especially sneaky, personalizing their attacks and capitalizing on seasonal trends. In fact, AARP reports, over 80% of Americans experienced at least one type of holiday scam last year.

The hustle and bustle of the holidays creates the perfect environment for these schemes to thrive.

So, while you’re making your list and checking it twice, scammers are working overtime to exploit your distraction and generosity.

Scams to look out for this holiday season

1. “You’ve Got a Delivery! (Just Kidding)”

Remember how we used to get a simple notice in our mailbox when we missed a delivery? Well, things are different now.

Scammers are sending fake delivery notifications that look just like they’re from USPS, FedEx, or UPS. Last year, there was a huge USPS scam that caught many people off guard, and it’s still going strong in 2024.

Mark Inglett, the USPS Strategic Communications Manager states: “The Postal Service does not reach out to our customers about anything that’s missing or a package that may not be coming to you. So please be on guard about that.”

2. “Congrats, You’ve Won! (Not Really)”

Scammers prey on that excitement by sending emails announcing you’ve won a contest you never entered. They’ll usually request your personal info to claim the reward.

But much like that “free” vacation timeshare, this giveaway is too good to be true.

This one’s a classic bait and switch. To the untrained eye, it seems like you’ve scored a grand prize. But a few key details give it away as a scam.

3. “Tis the Season…For Fake Charities”

Scammers love to prey on our generosity during the holidays.

At first glance, this email looks like it’s from a well known charitable organization. However, a closer look reveals some major red flags.

If you were to click that “Donate Now” button, you’d likely be taken to a convincing but fake website. 

Here, scammers would collect your credit card info and maybe even login details if they request that you “sign in” first.

Tip: Before donating, use charity watchdog sites like Charity Navigator or GuideStar, or the Better Business Bureau to ensure they are legitimate.

4. A Fake Scam Alert Scam

Just when you thought you were getting savvy about spotting online scams, the scammers found a new way.

In this sneaky scheme, you receive an urgent message claiming to be from your bank, a government agency, or a well-known company warning you about suspicious activity on your account..

You may receive an email that appears to be from a retailer confirming an order you never placed. The message includes a link or attachment supposedly containing details about the phantom purchase.

Clicking is a one-way ticket to trouble. The link likely leads to a phony site designed to harvest your login credentials or financial info.

5. Holiday Bonus Bait

In this scam, you receive an email or text message that appears to be from your employer, announcing that you’ve qualified for a special holiday bonus. The message often looks legitimate, with details like:

• Your company’s name and logo
• A personalized greeting (e.g., “Dear [Your Name]”)
• A realistic-sounding explanation for the bonus (e.g., “In recognition of your hard work this year…”)

Sounds great, right? Who wouldn’t love some extra cash around the holidays? But here’s the catch: to claim your “bonus,” you’ll need to click a link and provide sensitive information like your:

• Bank account details for a “direct deposit”
• Social Security number for “verification purposes”
• Login credentials to “confirm your identity”

Of course, there is no bonus. It’s just a clever ruse to get you to hand over valuable data to scammers.

6. Who Wants Free Gift Cards?

During the holidays, be especially careful about anyone asking you to buy gift cards as presents for others.

In 2023, there were over 245,000 gift card scams reported!

If someone you know asks for gift cards through email or social media, call them directly to verify – even if it seems to be from someone you trust..

Scammers may send fake emails or texts claiming you’ve won a gift card from a popular retailer. They’ll often ask you to provide personal information or pay a small “processing fee” to claim your prize.

7. Military Imposters

Scammers may pose as deployed military members on social media, often claiming they need money to travel home for the holidays or buy gifts for their kids.

They may have a profile picture with a military dress. A few patriotic posts on their timeline. And no other pictures of them or their family.

Some even create fake charities claiming to support service members.

Don’t send money or gifts to someone you’ve only met online, and research military charities thoroughly before donating.

8. A Shady Holiday Event

As people look to attend holiday events like shows, sports games, or New Year’s Eve parties, scammers create fake event listings or ticketing websites to steal money and info.

Only buy from the venue’s official site or trusted resale platforms to avoid getting fake tickets.

9. Service Offer You Can’t Miss

During the busy holiday season, scammers may pose as representatives from utility (electricity, water, gas) or delivery companies, claiming you owe money or need to update your account info.

They may threaten service interruption during holidays creating the pressure for you to act urgently.

You may get subjects like: “required holiday maintenance” or “end of year inspections”. Some even pretend to be offering special holiday bonuses or refunds to get banking information

Scammers Have Upped their game:

As technology has advanced, scammers have found new ways to fool you. Here are what’s new in 2024 holidays you need to know:

Multi-Channel Attacks

These days, scammers don’t just send you an email. They might follow up with a text message and then show you an ad on Facebook. All this to make their scam seem more legitimate. It’s like they’re surrounding us from all sides!

AI-Powered Scams

You’ve probably heard about artificial intelligence in the news. Well, now scammers are using it to create very convincing fake emails and websites. They can even make fake voice calls that sound just like your loved ones or authorized company.

Facebook Groups Attacks

Scammers love to be a part of your interests, such as the Facebook groups you’ve joined. They often join as a page and message you privately. They use highly engaging posts, and as soon as you reply, they slide into your DMs.

You might have noticed a few comments like:

“XMAS BLESSING GIVEAWAY Dm me with your cashtag or PayPal and kindly send me a friend request. I will give you some money ASAP”

“Someone is about to write you a big check to take care of everything. Just pay me.”

I manage a Facebook group for grandparents, and the number of scam alerts I get this holiday season is overwhelming. I have to be on the lookout 24/7 to protect my members from these scammers.

These scammers often target vulnerable groups, such as seniors or those in financial need, by offering false promises of easy money or gifts.

They may also impersonate well known brands or organizations to gain trust (Elon Musk Foundation, Ellen Degeneres giveaway, etc).

It’s crucial to remain vigilant and educate group members about these tactics to prevent them from falling victim to these holiday scams.

How to Spot a Phishing Email: 5 Telltale Signs

Now that you’ve seen some real examples, let’s break down the key things to look for:

1. Check the sender’s email address and domain name. If it looks suspicious or doesn’t match the organization the email claims to be from, it’s likely a scam.
2. Look for spelling and grammatical errors. Legitimate businesses proofread their emails. Scammers, not so much.
3. Be wary of generic greetings. If it says “Dear sir or madam” or “Dear valued customer,” proceed with caution.
4. Hover over links before clicking. (On desktop.) If the URL looks strange or doesn’t match the context of the email, don’t click.
5. Never share sensitive info via email. Legitimate organizations will never ask for your Social Security number, credit card details, or login credentials over email.
6. Question attachments you weren’t expecting. Treat unsolicited attachments with a hefty dose of skepticism. When in doubt, leave them unopened.
7. Be cautious of promises of high value money. If you’re offered a large sum of free money, think twice. It’s likely too good to be true.
8. Watch out for a false sense of urgency. Scammers want you to act quickly without thinking. Any time-sensitive phrases that threaten dire consequences for not taking immediate action should raise suspicion.
9. Be on the lookout for unfamiliar and suspicious file types. Legitimate businesses generally won’t send you emails with strange file extensions such as .zip, .exe, or .apk. Opening these risky files could download malware onto your device.
10. Keep an eye out for unprofessional design and formatting. Reputable companies generally use polished, professional-looking emails. A sloppy layout with mismatched fonts, colors, and low-resolution logos could indicate a scam.
11. Be aware of AI-generated content. As artificial intelligence advances, scammers are using AI tools to create more convincing phishing emails. These messages may have a natural flow and error-free grammar, making them harder to spot. However, they might lack specific details, use overly generic language, or fail to capture the company’s authentic voice and branding.

You’ve Received a Suspected Phishing Email. Now What?

First, take a breath. You haven’t fallen for the scam simply by receiving the email. Here’s what to do next:

1. Resist the urge to click any links or open attachments. Curiosity may tempt you, but don’t give in. It’s not worth the risk.
2. Contact the company directly to verify. If the email claims to be from a business you know, reach out to them through an official channel (like the customer service number on their website) to inquire about the message.
3. Report the phishing attempt. Forward the email to the Anti-Phishing Working Group at [email protected]. You should also alert the organization the scammer was impersonating.
4. Delete the email. Once you’ve reported the message, send it to the trash. No need to let it clutter your inbox or tempt you to click.

What to Do If You Think You’ve Been Scammed

Don’t panic! Just like dealing with a lost wallet. There are clear steps to take if you think you’ve fallen for a scam.

Immediate Actions (Do These Right Away!)

1. Disconnect from the Internet : Unplug your internet cable or turn off your Wi-Fi. Think of it like shutting off the water when you spot a leak
2. Call Your Bank or Credit Card Company : If you’ve shared any financial information, contact your bank or credit card provider right away. They have teams ready to help protect your accounts.
3. Scan your devices. Run a full scan using your antivirus software to detect and remove any malware that might have snuck in through the phishing site.
4. Change Your Passwords: Start with changing your email and banking passwords.Make them long and complex, and consider using a password manager to create and store truly secure credentials. Remember: don’t reuse any old passwords.

Next Steps (Within 24 Hours)

1. Document Everything: While the details are fresh in your mind, write down what happened, including times and dates. Save any suspicious emails or messages, and take screenshots if possible.
2. Report the Scam: Notify the appropriate authorities, such as the FBI’s Internet Crime Complaint Center and the FTC.
3. Monitor Your Accounts :Keep a close eye on your bank statements and credit card bills, watching for any unfamiliar charges.

Long-Term Protection

1. Set Up Alerts :Ask your bank to notify you about unusual purchases. Set up credit monitoring (many banks offer this for free). Consider freezing your credit if you shared sensitive information
2. Consider identity theft protection services. If you shared a lot of sensitive personal info, these services can help monitor your accounts and credit for suspicious activity.
3. Stay Vigilant: Keep checking your accounts regularly. Watch out for any unusual emails or phone calls. Be extra careful with future online purchases
4. Share Your Experience : Let your friends and family know what happened. Your experience could help them avoid similar scams in the future.

Remember, you don’t have to be a computer expert to stay safe online. Just like you taught your children or grandchildren to be careful in the physical world, the same common sense applies online:

• If something feels wrong, trust your gut
• Never rush into clicking links or sharing information
• When in doubt, ask a family member for help

The holiday season should be about joy and family, not worry about scams. By staying informed and careful, you can shop with confidence and keep those scrooges from stealing your holiday cheer!