Scams to Watch for This Holiday Season

Read More

Do you know what scams to watch for this holiday season?

As December comes to a close, businesses are going into overdrive to cater to the shoppers' frenzy. This comes fraught with potential cybersecurity pitfalls: In 2021, almost 75% of North Americans faced at least one type of holiday scam; businesses, too, faced a significant increase in ransomware attacks. Across 2022 and 2023 these upticks in cybercrime only grew, with industries seeing an increase anywhere from 30% - 73% (and retail being the hardest.hit.)

Today, our ethical hackers cover the common holiday scams businesses should watch for... and preventative measures to ensure these scams are not successful. 

Scams to Watch For This Holiday Season

During the holiday season, scammers leverage a host of vectors like social engineering, dubious discount vouchers, and viruses to inflict financial and reputational damages.

  • Business Email Compromise (BEC): Scammers will gather data about small and medium businesses through social media, websites, and email address books. They also mine the personal data of employees through previous breaches. They use this data to construct genuine-looking emails that make employees believe the email is from a colleague, boss, or a client. The attractive word choice often lures them into clicking malicious links. Such attacks are called social engineering scams

  • Fake mobile apps: Many companies offer extra discounts when customers shop using their mobile apps. Scammers often try to create fake apps to exploit customers. Raising customer awareness of your apps and helping them distinguish between authentic and fake apps can help avert an attack

  • CEO email scam: Many businesses get company-wide holiday greetings from their CEOs during the holidays. Scammers take advantage of this and disguise phishing emails as messages from CEOs to lure employees into clicking malicious links. Training employees to spot a phishing email is crucial to ensuring they do not fall for these tricks

  • Credit card testing: Retail businesses experience a surge in activity during the holidays, making them one of the busiest times for this sector. Credit card testing is a scam aimed at eCommerce or retail websites on which customers purchase using credit cards. Scammers often gather this information from the dark web. They test the credit card on an eCommerce website to see if it is active. If the card is active, they exploit it to make large purchases. Retail businesses should monitor suspicious purchases on their site to protect their customers. Besides causing losses to customers, such scams damage a business's reputation.

  • False chargebacks: In the era of easy returns, businesses, especially in retail, face another major scam: false chargebacks. This happens when scammers get a hold of your customer's account. They make a purchase and then file false chargebacks. Retail businesses should monitor all orders, especially those with higher-value purchases, to detect fraudulent activities

The holiday season is an important time for organizations of all sizes, as it brings a surge in customer activity and new opportunities. However, it is also a time of heightened vulnerability to scams.

To protect your business from holiday cybercrime, there are several preventative measures you can take:

  • Prioritize cybersecurity: Do a risk analysis of your company's security health to fix gaps and prepare for new security threats. Ensure that all security measures are in place before the holiday season

  • Educate your staff: Ensure all employees know what constitutes a phishing or malicious email. Train them to spot potential scams and know how to report any suspicious activity. Regular security training can help prevent a cyber attack during the holiday season

  • Enable MFA: Multi-factor authentication is a great way to ensure customers are who they say they are. It can also be used to verify purchases and protect against data breaches

  • Monitor for suspicious activity: Monitor all orders and activities on your site or app, especially during the holiday season. If any suspicious activity is detected, take necessary measures to shut it down immediately

  • Secure domain: Secure the organization's domain so scammers cannot easily spoof your websites

  • Create a contingency plan: Have a contingency plan and ensure that your employees are aware of it and know what to do in case of any security incidents

By taking these preventative measures, businesses can protect their customers from holiday scams and avoid any potential losses or financial damages. Monitoring for suspicious activities and training staff about security protocols can help avert a cyber-attack during the holidays.


Holiday scammers are looking for more than just individual shoppers. They prey on businesses, too. With remote work and the growth of BYOD models, the risk of a scam affecting enterprises is even higher. As the world prepares for the upcoming holidays, scammers are ready to breach your organization's security. 

At Packetlabs, we help companies strengthen their security posture by identifying vulnerabilities within your infrastructure and providing a detailed attack narrative to help evaluate the impacts of each finding.

Interested in learning more? Contact us for a free, no-obligation quote today.

Featured Posts

See All

- Blog

London Drugs Gets Cracked By LockBit: Sensitive Employee Data Taken

In April 2024, London Drugs faced a ransomware crisis at the hands of LockBit hackers, resulting in theft of corporate files and employee records, and causing operational shutdowns across Canada.

- Blog

Q-Day And Harvest-Now-Decrypt-Later (HNDL) Attacks

Prime your knowledge about post-quantum encryption and risks it creates today via Harvest-Now-Decrypt-Later (HNDL) attacks.

- Blog

The Price vs. Cost of Dark Web Monitoring

Learn more about the price vs. cost of Dark Web Monitoring in 2024, as well as the launch of Packetlabs' Dark Web Investigators.