Project Description

📖 4 mins read


Tis the season to be jolly and weary of cunning phishing attacks! ?

Every year, phishing soars and roars around the holiday season. After all, it’s the most wonderful time of gift giving, online shopping sprees and celebration jingling all the way. 

That, of course, makes for the perfect opportunity to prey on the eager festive shoppers and merry lads for valuable data hoaxes.

Cybercriminals typically wait for this time of the year to tap the seasonal trend and launch even more sophisticated email phishing campaigns — and sadly, many people and organizations fall for it. 

But don’t worry, we’ve been out there doing all the digging to bring you the news you need to protect your data from phishing this season. 

? We also recommend that businesses share this list with their staff to avoid accidental data breaches or leakage that could kill everyone’s holiday buzz. 

So grab your eggnogs folks and let’s go through this list of trending email phishing scams making the rounds this year ☕

‘Be careful and enjoy a safe and merry Christmas.’ ?

Christmas Phishing

1. Christmas Themed Emails:

Email security might not exactly be the main thing on your mind as you wrap up work (and gifts!) for the end of year festivities, and cybercriminals are more than aware of that.

“During the festive period, not only does the number of phishing scams increase, but also the quality,” said Jan Oetjen, CEO of GMX.

With all the holidays themed emails you’re receiving, you want to pay close attention to those Christmas email event invites, fake charity requests, flyer, deals and surveys packed with information-stealing malware. 

Such emails are less suspicious than you’d expect them to be this year, making you think they’re totally legit upon first glance. 

However, many carry malicious executable files or embedded links  artfully named things like ‘Christmas menu’, ‘Shopper’s survey’, etc. to lure you in and steal your data.

** Using the right Data Loss Protection (DLP) tools like GAT Shield can be a real lifesaver during those peak times for Chrome environments. GAT Shield monitors all activity and provides real-time DLP on all sites, in all locations and at all times.

2. Fake Payroll Emails:

As we all patiently wait for December’s much-needed salary and Christmas bonus, payroll themed phishing emails prey on our charged sense of anticipation. 

In fact, these emails are not only targeting employees, but payroll officers as well.

Employees should look out for suspicious emails titled things like, ‘Annual bonus’, ‘Christmas incentive’, etc. These emails do not come with attachments, instead they include links to what appears to be a Google document containing concealed malicious files hosted on Google Drive.

Payroll officers, on the other hand, should watch out for spoofed emails with signature blocks of staff asking for change of employee bank details. These emails usually come from attackers providing fake details to steal your staff’s salaries.

3. Fake Delivery emails:

Expecting multiple packages at the office for Christmas? Well, you’d want to be extra careful then.

These ones are super easy to fall when you are actively doing your Christmas shopping online. They trick you into disclosing personal information, account credentials or credit card details.

Keep your eyes wide open for the following tell-tell signs:

  1. Delivery emails asking you to pay a particular customs fee that you weren’t notified about when placing an order.
  2. Order confirmations with tracking links for items you don’t recall ordering.
    **Leading Tech giant Amazon  warns customers to be extra careful of this particular scam this week.
  3. Order cancellation emails with suspicious links that install harmful malware into your system when you click on them then steal your data.  

4. Typosquatting?, Please:

That is a brilliant mind gaming scam, but not too brilliant for us to detect. You might just need to recall a bit of those ‘Where’s Waldo?’ visual attention skills.

Typosquatting (also known as URL hijacking) is a form of cybersquatting, where attackers register a domain name that mimics a popular website (eg. Nikee instead of Nike or PayPaI instead of PayPal). 

Before clicking on any links or providing sensitive information, you always want to confirm that an email is in fact from the entity you believe it is. Don’t fall for those visual illusions.

5. The ‘Winning’ Scam ?:

The typical ‘Congrats you won!’ phishing emails aren’t exactly new to the scene, yet people are still falling for them, especially when combined with typosquatting. 

These scams always phish for things like credit card details or banking information to rip you or your company off some good money.

The best way to detect them is by applying the ‘’Too good to be true’’ rule. I mean things like £2 for a sunny Christmas trip to the Bahamas seem highly far-fetched, especially in today’s crazy world of scammers and hackers.

And here’s a little Christmas bonus from our side — a few pointers to help you spot those emails: ?

  1. Ensure the email address and the sender’s name match.
  2. Check that the email is authenticated.
  3. Be wary if alarming emails requesting immediate action, such as “Your account will be suspended”, “Update your payment details” or “Contact us immediately.”
  4. Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
  5. Check the message headers to make sure the “from” header isn’t showing an incorrect name.
  6. Check for communication gaps: emails that don’t provide an alternative method for communicating the requested information (i.e. telephone, mail, or physical locations)
  7. Check for peculiar email formats and typos in the names of well known companies.
  8. Invest in a good DLP solution for your company.
  9. Most importantly, avoid opening emails from unknown senders when using devices that have access to important and sensitive data.

Finally, as Santa makes his list and checks it twice, follow his lead and double check files, links, typos and dodgy websites to tell the naughty ones from the nice!



Thanks for sharing and spreading the word!