By Eyal Benishti on December 03, 2020

Phishing Scams to Watch Out For During an Unprecedented Holiday Shopping Season

Phishing Scams to Watch Out For During an Unprecedented Holiday Shopping Season

‘Tis the season for cybercriminals to launch email phishing scams, as they seek to take advantage of online shoppers for their own personal gain.

With the pandemic looming over the minds of today’s consumers, online shopping has become more of a necessity than a luxury. In fact, according to Deloitte’s annual holiday retail forecast, e-commerce sales are anticipated to grow by 35% during the 2020-2021 holiday season, compared to sales increasing by 15% in 2019.

From a cybersecurity perspective, this surge of online shopping is certain to translate into opportunity for phishers - who never miss out on an occasion to prey on unsuspecting consumers with various types of email phishing techniques.

To better protect shoppers from these threats, IRONSCALES compiled the top 5 phishing scams to watch out for this holiday season.

1. Fake Email Promotions

fake_email_promotionAt the height of the holiday shopping rush, the average email user can easily see a dozen or more advertising and marketing emails in their personal and professional inboxes, as retailers work overtime to connect with both loyal and potential customers. Currently, over one-third of holiday consumers are relying on these emails from their favorite retailers to discover the latest holiday deals and promotions.

This surge of marketing emails serve as the perfect disguise for phishing attacks that look legitimate and advertise a good deal. But in reality, a hacker may be attempting to steal credentials and commence illegal activity, such as credit card fraud.

While sorting through holiday marketing messages, shoppers must be on alert for emails from stores and vendors they have never shopped with before. They should also keep an eye out for fake login pages spoofing your favorite retailers. With greater awareness, consumers can often identify fake login pages because of visual or verbal anomalies or flaws, such as blurred or resized images.

2. Fake Order Confirmations and Receipts


COVID-19 has driven consumers indoors and online, leading to a significant increase in the number of invoices and order confirmations popping up in inboxes. In light of this trend, shoppers should keep track of all email order confirmations and be sure to not open attachments from unfamiliar senders.

To avoid becoming the target of this form of phishing attack, never open an attachment unless you are fully confident that the message is from a legitimate sender. Even then, you should still scan the attachment for suspicious language or images.

In addition, it’s a best practice to stay one step ahead of cybercriminals by consistently monitoring banking transactions to identify any fraudulent activity.

3. Fake Shipping Notifications

fake_orderThe Better Business Bureau recently distributed an alert to warn individuals about package delivery scams and phony shipping email notifications aiming to harvest personal information. In this scam, shoppers may receive an email notification from a mail courier or parcel delivery service saying that they were unable to deliver a package to your home, convincing you to take immediate action.

Since these scams seem legitimate and often create a sense of urgency, it is important to take the time to confirm that the email address of the sender is authentic. To validate a domain name, make sure there are no typos or misspellings in the email address and perform a quick online search of the domain name and company.

If you’re still unsure, contact the service provider directly via phone or visit a store in person.

4. Fake Customer Surveys

fake_customer_surveyOnline surveys have recently received notoriety for being a novel way to earn easy money. With most companies offering between $1 and $5 per survey and some paying upwards of $20 per survey, in the form of cash or gift cards, it’s pretty easy to see why shoppers looking for a little extra cash for gifts are enticed to click on and submit responses.

Scammers have turned to online surveys to harvest personal and financial information in an attempt to steal your identity. Once you begin to complete the survey, you’ll notice the form requests extremely sensitive information, including your social security number and credit card details.

Be wary of surveys that make these odd requests, as they are potentially attempting to compromise personal information. Similarly, if the aforementioned reward is a significant amount of money, remember that it’s probably too good to be true.

5. Fake Virtual Holiday Events


Another increasingly popular holiday phishing scam is attackers taking advantage of the influx of virtual holiday events caused by pandemic social distancing protocols. Phishers are using this opportunity to create phony, copycat holiday events that charge admission in an attempt to obtain victims’ credit card and billing information.

The holiday season has always intrigued hackers, as phishing attacks frequently increase during this time of year. But COVID-19 has further amplified the threats, as shoppers are forced to make purchases online and social distancing guidelines have people in search of digital-world experiences.

To make it through this holiday season safe, it’s essential to remain extra vigilant and aware that the odds of being targeted by a phishing attack are greater than not. 

Wishing you a happy, safe and secure holiday season!

Published by Eyal Benishti December 3, 2020

Join thousands of your peers! Subscribe to our blog.

Ironscales needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.