The festive season should be about joy and celebration, but for cybercriminals, it’s prime time to strike. With inboxes flooded by holiday offers and delivery updates, phishing scams surge dramatically in December. In fact, UK businesses saw phishing-related breaches rise by 84% last year, and holiday-themed campaigns spiked 692% in November alone.
So, what should you watch out for this Christmas? Here are the top 10 scams and how to protect yourself and your business:
1. Fake delivery notifications
The scam: SMS, WhatsApp, or email alerts claiming a missed parcel or delivery fee. Links lead to cloned sites that steal credentials or payment details.
How to stay safe: track parcels only via official carrier websites. Never click links in unsolicited messages.
2. AI-generated retail sites
The scam: entire fake e-commerce stores offering “Christmas mega deals,” complete with chatbots and fake tracking pages.
How to stay safe: type retailer URLs manually, check for HTTPS, and beware of domains with typos.
3. Social Media giveaway scams
The scam: posts claiming you’ve won a prize, asking for a small “shipping fee.” Often from accounts created in the last 90 days.
How to stay safe: verify brand accounts, avoid paying fees for prizes, and report suspicious profiles.
4. Gift card payment fraud
The scam: criminals impersonate employers or government agencies demanding payment via gift cards.
How to stay safe: legitimate organisations never request gift card payments. Hang up or delete immediately.
5. Charity & crowdfunding frauds
The scam: fake charities and donation pages exploit festive goodwill.
How to stay safe: verify charities through official registries like Charity Navigator or the UK Charity Commission.
6. Phishing emails disguised as HR or Finance
The scam: emails about payroll, bonuses, or urgent invoice updates trick staff into clicking malicious links.
How to stay safe: confirm requests via a known phone number. Enforce multi-factor authentication (MFA) and approval workflows.
7. Travel booking scams
The scam: fake rental listings or refund emails for flights and hotels.
How to stay safe: book only through trusted platforms and never wire money to individuals.
8. Smishing attacks
The scam: text messages with malicious links, often themed around deliveries or invoices.
How to stay safe: don’t click links in texts; verify directly with the service provider.
9. Business Email Compromise (BEC)
The scam: fraudulent emails impersonating CEOs or suppliers requesting urgent payments.
How to stay safe: apply the four-eyes principle for approvals and use advanced email security tools.
10. AI-powered voice & chat scams
The scam: deepfake calls or chatbots posing as IT support or customer service to steal credentials.
How to stay safe: never share login details over the phone. Verify requests through official channels.
Quick protection checklist
- Enable MFA on all accounts
- Use a password manager for strong, unique passwords
- Keep devices and software patched and updated
- Train staff to spot phishing red flags
- Back up critical data before the holidays
Bottom line: cyber criminals thrive on urgency and distraction. Slow down, verify and stay alert. A few extra seconds can save thousands of pounds, and your reputation.
