Skip to Content

5 holiday scams to watch out for

by Sherri Davidoff, LMG Security

The holidays are coming up, but cybercriminals aren’t taking a vacation. In fact, businesses can expect to see an increase in cybercrime attempts as bad actors change their tactics to take advantage of employees. This time of year we may be a little less careful about what we’re clicking on, as we plow through lots of emails about promotions, discounts, or package deliveries, and when we’re pulling out our credit cards more often.  Here are five threats organizations should warn employees to watch out for: 

  1. Infected e-cards. Holiday cards can spread cheer—and also malware. Criminals love to send cute Thanksgiving, Christmas and New Year’s e-cards which entice you to click a link—but once you do, your computer is infected with malware that can steal your online banking credentials, credit card numbers, and more. Always think before you click.

  2. Gift card scams. Scammers impersonate your CEO or another executive, and send emails or text messages to the office manager, executive assistant, or other staff asking them to purchase gift cards. The cards are supposedly a “reward” for employees or a surprise for the office—which means the victim is usually asked to keep the purchase secret. The victim sends the card details to the scammer, who steals them and cashes out.

  3. Fake retail deals. Do those Black Friday and Cyber Monday deals sound too good to be true? Cybercriminals love to lure consumers into clicking on fake offers. Often, these phishing email perfectly mirror real email blasts sent by Amazon or other big names. To be safe, don’t click the link—instead, type the store’s address directly into your browser's address bar, and then look for holiday offers on their web site.

  4. Point-of-sale and ATM skimmers. Look carefully at that ATM or point-of-sale terminal before you insert your credit card. Criminals can place “skimmers” to steal your credit or debit card number as you swipe. They can also overlay a keypad to capture any PIN numbers you enter. Look carefully at card readers and PIN pads for unusual signs such as cracks, loose parts, or scratches. If you notice anything suspicious, don’t use that machine. 

  5. E-skimming. Modern criminals target ecommerce sites—and in many cases, they break into into third-party software providers in order to inject malicious code into thousands of web sites at once. The code is designed to steal customer payment data as it is entered. Merchants can defend against this by carefully vetting third-party code that is included in their site. Customers need to carefully consider whether the online shop they use is reputable and report any incidents to www.ic3.gov.


Additional Resources

Forcepoint, Thanks for Giving, Emotet!

PaymentsJournal, Cyber Criminals Targeting Holiday Spirit with New Gift Card Scam

FBI, Common Fraud Schemes: Skimming

NICCS, E-Skimming

Sherri Davidoff is the CEO of LMG Security, which provides cybersecurity testing and audit services, digital forensics, and training. Sherri is a frequent columnist for Beazley’s “Ask the Cybersecurity Expert” and presenter for Beazley’s Cybercrime Spotlight webinar series. These services are available to Beazley cyber policyholders. 855.LMG.8855, www.LMGsecurity.com.