Watch Out For These 6 Christmas Internet Scams

Every year, as Christmas draws near, cybercriminals tend to ramp up their nefarious activities. They trundle out the same tried and tested tactics that they use all year long, but trick them up with Christmas, Thanksgiving, and holiday themes to draw in more victims. And, they capitalize on the fact that, during the holiday season, people are buying more products online, searching for more gifts, and may be spending more time on their computers.

Here are six common cyber scams to watch out for this holiday season:

1. Package Delivery Malware Emails

Criminals regularly send out bogus 'failed package delivery' notifications as a means of distributing malware. The emails claim that, because of an addressing error, a parcel could not be delivered and you should therefore click a link or open an attached file to retrieve shipping details. The links open websites that harbour malware. The attachments generally contain the malware in a .zip file.

And, as Christmas approaches, the
frequency of these scams tends to increase. The criminals know that, near Christmas, more people are expecting packages from friends and family or sending packages themselves.  Thus, the criminals tend to trick more people into infecting their computers than at other times of the year.  The criminals often try to create a sense of urgency in their bogus messages by warning that a package will not be delivered in time for Christmas if you do not follow the instructions in the email immediately.  Be very wary of any email that claims a package delivery has failed and you must click a link or open an attachment to fix the problem.  

2. eCard Malware
Christmas eCards can be a fun way to send holiday greetings to your friends and family. But, cyber crooks often use fake eCard notifications to trick people into visiting sites that contain malware. The notification emails may look like they are from a genuine eCard provider but, when you click the link in the hope of viewing your eCard, you may be tricked into downloading and installing malware.  Remember that genuine eCards will contain the name and email address of the sender, which should be somebody you know.

3. Gift Card Survey Scams
Survey scammers also exploit the holiday season. Typically, the scammers will create fake Facebook Pages that falsely claim to be associated with well-known brands. Via these pages, they will offer you the chance to win Christmas gift cards and vouchers. But, to enter, you are required to like the fake Page and share its bogus promotions with all of your friends. Then, you will be told that you must participate in various online surveys or offers as a condition of entry or to verify your identity.
In reality, the promised gift cards do not exist and the personal information you provide on the bogus survey sites will be used to inundate you with unwanted marketing material and phone calls. You may also be tricked into subscribing to very expensive SMS 'services'. As well as gift cards and vouchers, survey scammers may also offer 'Christmas Promotions' that supposedly allow you to win expensive prizes such as luxury cars or game consoles. Be wary of any 'promotion' that claims that you must like and share material and participate in online surveys to enter.

4. Charity Phishing Scams
Many charitable organizations hold Christmas or holiday appeals to raise extra funds. And, with the Christmas spirit upon them, people may be more likely to give to those less fortunate. Again, criminals are aware of this. Carefully vet messages asking you to donate to Christmas or holiday appeals. Scam messages may contain links to bogus websites designed to emulate the sites of genuine charities. Once on the fake site, you will be asked to donate by providing your credit card details and other personal and financial information. Criminals can collect the information you submit and use it for credit card fraud and identity theft. When donating, always ensure that you are giving to a genuine charity.

5. Customer Reward Phishing Scams
Another Christmas themed criminal tactic is to send out emails claiming to be from well-known banks or companies that offer 'customer rewards' such as cash bonuses or vouchers as part of a Christmas promotion. The emails will instruct you to click a link to claim your bonus. The link will take you to a website that looks just like the targeted bank's real website. Once there, you will be asked to login and provide personal and financial information, ostensibly to allow you to claim the bonus. But, again, the criminals will collect the information you provide and use it to hijack your account and commit financial fraud and identity theft.

6. Fake Shopping Websites
Criminals also capitalize on the holiday shopping frenzy by tricking people into 'buying' items on fake retail websites. They launch spam campaigns that offer seemingly unbeatable 'Christmas Deals'. Links in the messages lead to sites that look like the websites of well-known companies. They may use logos and formatting stolen from genuine company websites. But, you will never receive any items you 'buy' on these fake sites. And, via the phoney purchase pages on the scam websites, criminals can harvest your credit card details and other personal information.

Stay vigilant and don't let scammers ruin your Christmas! And, keep in mind that cyber crooks use variants of the tactics described above every month of the year, not just at holiday time.


There are a number of emails flooding email systems at the moment that you need to be aware of. They may appear to come from one of many different sources including for example Companies House, FedEx, Wells Fargo, City Bank,, and many more. The one thing that they all have in common is that there is a 'zip' file attached and the nature of the email message will encourage you to open that file. Typical examples are shown below.