
Holiday Scams and Malware Campaigns
Holiday shoppers need to be extra cautious during the holiday season. The US National Cybersecurity & Communications Integration Center issued a warning reminding online shoppers and that holiday scams and malware cyber attacks will emerge. The holidays are a stressful time. People become busier with entertaining friends and shopping. They sometimes become less vigilant which opens up an opportunity for scammers to take advantage of people online.
The goal of most online scams is to steal money from individuals. Hackers do this by sending emails phishing for bank logins and credit card numbers. Baking information is used to transfer money out of the victim’s account. Scammed credit card numbers are used to quickly shop online before the victim realizes what is going on and shuts down the card.
Types of Holiday Scams
- Phishing emails
- Email attachments that appear to be coupons or advertisements, but contain malware instead
- Fake advertisements infected with malware
- Spoofed websites
- Fraudulent charities soliciting donations
- Identify theft scams
- Ransomware attacks
- Phone scams or email scams claiming that a loved one has been arrested on a holiday

All of these holiday scams can result in a cyber security breach. The end results may be the loss of money, identify theft, or a hacked computer system that results in the loss of use of that hardware
How to Avoid Holiday Scams
Online shoppers should be extra cautious when opening emails from the flood of retailers. Even online advertisements can be a danger when the website is not legitimate. It is not difficult to create a website that emulates a legitimate version of a retailer’s sites.
Shoppers need to exercise caution when surfing the internet, shopping online, and or using email. Avoid clicking on links or opening attachments in unsolicited emails or where you don’t recognize the sender. Make sure you take a good look at the sending email address and not just the friendly name. If you don’t know the difference, then see our guide to phishing emails. Be wary of fraudulent social media posts, SMS text messages, spoofed websites, and appeals for donations to charities. See How to Donate Wisely and Avoid Charity Scams for more information.

I’m the victim of a holiday scam, what should I do next?
If you are the victim of a holiday scam including identity theft, malware, phishing email, or other data breach consider the following actions:
- Contact your credit card or bank immediately
- Close any compromised accounts
- Freeze your credit bureau files to prevent new accounts being opened in your name
- Add credit monitoring to your name to pick up any suspicious activity
- Be on the lookout any fraudulent charges on your accounts
- Immediately change any passwords on affected accounts. See our guide to Choosing and Protecting Passwords for more information
- Report data theft and identity theft to the police. Your bank may require you to do so
- File reports with the Federal Trade Commission and the FBI’s Internet Crime Complaint Center