Skip to main content

Don't be a victim!

Holiday Season Cyber Scams and Malware Campaigns

As we approach the holidays, please be aware of seasonal scams including holiday or shipping themed phishing and malicious software (malware) distribution campaigns. Don’t be a victim!

Every year, cyber criminals take advantage of the increase in online purchases and electronic seasonal greeting cards to trick victims into believing they’ve received packages or personal messages. They often use multiple methods to attract victims, such as posing as legitimate websites and/or using fraudulent emails that are crafted to look legitimate; they steal the logos, email or web templates of legitimate businesses *e.g. FedEx, DHL UPS,, etc.) in an effort to entice victims into clicking links or opening attachments. In addition, be aware of social engineers who may call you on your personal or work phone using a themed pretext (holiday offers, package pickup, etc.).

Phishing and malware campaigns may come in the form of:

  • Fake shipping/courier notifications.
  • Electronic greeting cards or links to holiday screensavers or other forms of media.
  • Request for charitable contributions that may appear to be for legitimate causes but originate from illegitimate sources claiming to be charities.
  • Credit card or gift card applications or enticing discounts in online shopping advertisements that lead to websites you’re unfamiliar with.

Use caution when you encounter these types of email messages or websites by:

  • Looking for tell-tale signs that a website or email is not legitimate:
    • The senders address or website address does not match the organization listed in the content of the message.
    • The grammar in the message or website is poor.
    • Format of the email or website is poor or inconsistent with what you’re used to seeing from the organization.
    • Hovering over the links with your mouse reveals web address inconsistent with the content of the message.Never clicking on links in emails that you’re not expecting.
  • Never opening attachments in emails that you’re not expecting.
  • Never providing your personal information in an email or on a website unless you are completely sure.

Additional Resources: