Back to Resources

Top 4 Holiday Cyber Scams and How to Avoid Them

Top 4 Holiday Cyber Scams and How to Avoid Them

Top 4 Holiday Cyber Scams and How to Avoid Them

As we approach this holiday season, both individuals & businesses find themselves especially vulnerable to holiday cyber scams. This time of the year is especially lucrative for businesses, but the spike in online activity and last-minute orders provides cybercriminals a window of opportunity to attack. To help you prepare, we’ve compiled the top five holiday cyber scams you need to watch out for and actionable tips to keep yourself safe this holiday season.

Fake Shipping Notifications and Delivery Scams

With the surge in online orders and shipments during the holiday season, and recently with the Canada Post strike, fraudsters will impersonate major shipping companies and send emails with bogus tracking links or forms requiring “verification” of personal details. SMBs may also see fake invoices or payments requested related to end-of-year shipments. How Individuals Can Protect Themselves:

  • Centralize Package Tracking: Use official shipping portals or the carrier’s mobile app to track shipments rather than relying on emailed links.
  • Use DNS Filtering: Free solutions such as CIRA Canadian Shield can block malicious links before they cause harm.

CIRA Canadian Shield How Businesses Can Protect Themselves:

  • Regular phishing simulations, which encompass a wide range of scenarios, can train employees to recognize similar scams. WatchDog Security’s Phishing Simulations automatically send a range of phishing emails to your employees, including scenarios such as holiday scams.
  • Implementing a DNS Firewall can block employees from visiting malicious URLs. WatchDog Security’s DNS Firewall can block the vast majority of malicious phishing links at the DNS level before your employees can even visit the website.

Fake Holiday Promotion and Phishing Attacks

During the holidays, attackers often pose as well-known retailers, suppliers, or even reputable charitable organizations. They’ll send out “exclusive” promotions, gift cards, or urgent discount offers via email, text, or social media, encouraging recipients to click on malicious links or download infected attachments. These phishing schemes are becoming increasingly sophisticated—complete with polished branding, personalized greetings, and domain names that look nearly identical to legitimate sites. How Individuals Can Protect Themselves:

  • Enable Multi-Factor Authentication (MFA): Even if an attacker steals your credentials, MFA adds an extra barrier by requiring a second verification method (such as your phone number).
  • Verify Links Before Clicking: Hover over links in emails received to confirm their legitimacy before clicking on them. Alternatively, navigate directly to the official website through a known URL rather than an email link.

How Businesses Can Protect Themselves:

  • Training employees to recognize phishing emails can greatly reduce their susceptibility to them. Our Free Cybersecurity Awareness Training can be quickly deployed to your employees to train them how to recognize and respond to cybersecurity threats.
  • An email security firewall can scan incoming emails and filter them before they can get to your employee’s inbox. WatchDog’s Email Security integrates seamlessly with M365 and Google Workspaces to keep out 99.2% of phishing emails.

Free Cybersecurity Awareness Training

Malicious E-Cards and Holiday Themed Attachments

Sending digital holiday cards or festive digital freebies is popular this time of year, and cybercriminals know it. Fraudsters may send infected PDF or ZIP file attachments disguised as e-cards, special holiday menus, or downloadable seasonal graphics. Once opened, these files can install keyloggers, ransomware, or other malware on your company’s devices. How Individuals Can Protect Themselves:

  • Use Trusted Sources: Only download files from reputable vendors and known colleagues, and double-check the legitimacy of these files through another communication channel.
  • Exhibit Extra Caution: Be wary of unexpected holiday greetings – even if they appear to come from a known contact.
  • Use Antivirus: An anti-virus solution can offer protection from malicious files and attachments that may be sent via email. Free antivirus solutions, such as Bitdefender, can help fill in the gap.

Bitdefender How Businesses Can Protect Themselves:

  • While an AntiVirus (AV) solution can be sufficient for individuals, businesses require enhanced protection, such as Endpoint Detection & Response (EDR), which can detect advanced threats businesses face. WatchDog’s Managed Endpoint Detection & Response (MDR) services equip your business with the leading EDR and 24/7/365 monitoring + response.
  • Know in advance how you’ll isolate affected systems, restore data, and communicate with stakeholders if an attack occurs. Our sister company, Mand Consulting Group, offers tabletop exercises which can walk your business through a ransomware attack and ensure your equipped to handle it
  • Keep operating systems, antivirus software, and all critical applications up-to-date with the latest security patches.

Pop-Up Ads with “Holiday Deals” leading to Malicious Sites

During the holiday season, employees may be more likely to shop online during breaks. Malicious advertisers know this and may flood browsers with pop-ups and banner ads offering deep discounts. Clicking these ads could lead to phishing sites or sites hosting malware. How Individuals Can Protect Themselves:

  • Ad-Blocker Software: Deploy reputable ad-blocking extensions on browsers such as AdBlockPlus
  • Manually Navigate to E-Storefronts: Instead of clicking directly on ads to purchase discounted goods, manually navigate to the website shown to ensure the advertisement is legitimate.

AdBlockPlus How Businesses Can Protect Themselves:

  • Implementing a DNS Firewall can block employees from visiting malicious URLs. WatchDog Security’s DNS Firewall can block the vast majority of malicious phishing links at the DNS level before your employees can even visit the website.
  • Training employees to recognize phishing emails can greatly reduce their susceptibility to them. Our Free Cybersecurity Awareness Training can be quickly deployed to your employees to train them how to recognize and respond to cybersecurity threats.

Free Cybersecurity Awareness Training

Turn Your Workforce Into Your Strongest Defense

Your employees are the #1 target — and businesses face constant risk from AI deepfakes, misconfigurations, and more. Start today with our unified trust, compliance, and security platform, free-for-life, and get access to:

  • Cybersecurity training – 50+ animated micro-courses
  • Unlimited employees on the free plan – no credit card required
  • Policy, risk, and vendor management -publish, distribute, and track with ease
  • Inventory manager -track, categorize and organize all your assets

Get started free today – no credit card required.

Government of Canada’s Top 12 Scams of the Holidays Canadian Anti-Fraud Centre FBI Holiday Scams