Holiday Scams: Avoiding the 12 Hacks of Christmas

Holiday Cyber Crime the 12 Hacks of Christmas

The holiday season is filled with joy, family… and, unfortunately, cyber crime. Along with all the pleasant reasons to look forward to the season, there is increasing cause to be wary as cyber crime ramps up every year right alongside holiday spending.

Unfortunately, cyber criminals know people are spending more time online and are rushed to get their shopping done, so they capitalize on the opportunity to target unsuspecting consumers.

That means it’s a great time to highlight common attacks so you know what to avoid through the holidays and into the new year.

How Scams Work: The Tactics

Cyber criminals don’t have to pick and choose tactics. They can throw everything at you at once in the hopes that you let your guard down (or click before you think) just once and open the door. But here are the most common tactics in use today:

  • Phishing. These are fake emails with a variety of messages designed to entice you to click through to a fake website or other link that steals your credentials (username and password) or downloads malware onto your computer. Common examples include prompts that your order has been delayed or canceled or high-cost purchases that will have been charged to your card with a request to contact them if the purchase is fraudulent.
  • Vishing. These are fake phone calls – sometimes robocalls, but also real people who seemingly just want to help. Their actual goal is to get you to reveal personal or financial information they can use to exploit your accounts.
  • Smishing. This is similar to phishing but involves texting instead of email. People sometimes drop their guard with texting, forgetting that it’s easy to spoof a phone number and that malware can be loaded onto phones as well as computers. 

Learn to avoid phishing, vishing, smishing and more with our free checklist.

12 Common Scams To Avoid

While the tactics remain pretty much the same, cyber criminals get very clever and devious with their approach. Here are some common scams to watch out for:

  1. Greeting card scams: This older scam is making a comeback. After all, who doesn’t receive e-cards from people from time to time that they are not quite sure how they know.  Like other fake emails, a single click could lead to malware installed on your device.
  2. Gift card scams: The hooks here vary: They need you to pay for something by putting money on a gift card or even that they need you to do this to catch hackers who accessed your account. Whatever the reason, you’re asked to buy gift cards then call them with the codes on the back. Don’t do it… ever. There is no valid reason why someone would need you to take these steps. Report the scam to ftc.gov/giftcards.
  3. Charity scams: Don’t let anyone rush you into a donation and don’t pay by cash, gift card or wiring money. Research your charity first, including how much of your donation goes to charity and check out the charity by searching its name along with terms like “complaint” or “scam.” You can also use the BBB site Give.Org to research charities.
  4. Package scams: You may receive emails telling you there is an issue with your shipment or “There’s a package waiting for you, click to schedule delivery.” This scam has been around for years, but with the supply chain issues resulting from COVID 19, there are a lot more people waiting for packages who could potentially get caught up in this net. There is always an uptick in this scam during the holidays.
  5. Student loan scams: With student loan payments set to resume January 21, 2022, criminals are taking advantage of the confusion. They pose as representatives of your federal student loan and ask for things ranging from verifying information to payments. They’ll even promise quick loan forgiveness. Never give out your Federal Student Aid ID. If you have concerns, go “out of band”, contact your lender directly with the information posted on their site or on your loan documents.
  6. Small business scams: These range from offers to promote your inventions to listing your business in a “Yellow Pages” like directory. There are even scams around business consulting and office supplies. If an offer seems too good to be true, it most likely is.
  7. Google voice scam: Scammers respond to postings on Craigslist or Facebook marketplace but say they’re wary that YOU might be a scammer. Their solution? They’ll send you a text message with a Google Voice verification and then ask you for that code. Once they have it, they use the code to set up a Google Voice phone number and then use that number to scam other people.
  8. Amazon scams: Seems like everyone uses Amazon nowadays, which is why impersonating an Amazon representative has become a go-to scam for criminals. If you get a call from Amazon, hang up, then go to the Amazon website. Same is true for other retailers.
  9. Crowdfunding and social media fundraising scams: Crowdfunding campaigns are growing in popularity with reputable sites like GoFundMe and Kickstarter making it easy to set up, run and donate to a campaign. Many crowdfunding campaigns are not tax-deductible charities, but still worthy causes. Then there are the actual scams – donations don’t make it to the people that they are supposed to help, the people they are supposed to help aren’t even real and a variety of other common tricks. Do your research before donating with these tips from the FTC.
  10. Employment scams: As if people out of work aren’t stressed enough, now they have to worry about employment scams. Some are as simple as posting fake jobs to get you to share personal information. Others are more involved, including sending you payments (which eventually bounce) and then asking for you to send a portion of that somewhere else. Don’t trust posts on sites you’re not familiar with, people who give you a job without meeting you (in person or on the phone), request payment for training or equipment that will be repaid once you start, or send you a check before you start.
  11. Social Security scams: These are usually phone scams, but can take other forms. Perpetrators pretend to be from the Social Security Administration (SSA) and often ask to “verify” your Social Security number (SSN). The SSA will NEVER call and ask for your SSN. This type of scam may impersonate other government agencies as well. Go “out of band” and go directly to the agency’s website or look up their number and call them.
  12. Health scams: We may not have salesmen peddling tonics to cure every ailment anymore, but the spirit of the snake oil salesman is still alive and well in modern health scams. Be skeptical of guarantees or promises. Remember that “natural” does not mean either safe OR effective. Look at any claims carefully and don’t share personal information to learn about a treatment “they” (government or pharma companies) don’t want you to know about. This combination of hope and fear is a hallmark of health scams.

It’s the holiday season, so we had a little fun with the title. Unfortunately these holiday scams and others are happening year ’round and are increasing. You can protect yourself with some awareness and vigilance. You can also protect your business the same way. Awareness training that includes everyone on your team – from the CEO to the intern – is a critical part of your overall cyber security plan. As an Intrust IT client, this training is included in your IT service management agreement.

Not a client yet? Contact us or book a meeting to learn about our managed care services for businesses of all sizes and budgets.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...