The holidays are here, which means full plates, full hearts, and for cybercriminals, plenty of ways to attack your data.
Every year, holiday scams skyrocket between November and January. Why? Because we’re distracted. We are busy wrapping up year-end projects, shopping for the holidays, checking shipping updates, and juggling family plans. Hackers know this and they use it to their full advantage.
At Diverse CTI, we protect Oklahoma businesses from cyber threats year-round. We also like to protect our friends and family as they navigate the holidays safely and securely.
We’re going to discuss the most common scams we’ve seen (some we’ve been a part of) and how to spot them before it’s too late.
The Elusive Fake Shipping Notification
This type of notification can hit your inbox or your cell phone, usually with the same urgent message: “Your package is delayed. Click here to update your information.”
The first thing I ask myself when I get one of these texts is, “How did you even get my cell number?” Especially if I never provided it when placing the order. That’s my first red flag.
My second? I’ve never once received a legitimate shipping notice saying my package wasn’t delivered. Let’s be honest, UPS and FedEx aren’t personally calling to break the bad news. If a package goes missing, it’s on the receiver to do the legwork, not the carrier.
So, what actually happens if you click the link and fill out your information? You’ve successfully installed malware or handed over your credentials to a hacker!
IT Pro Tip: Always check tracking numbers directly on the carrier’s official site, never through an email link. Be wary of “Your package will be returned in 24 hours” requests. These are designed to make you panic-click!
Bogus Gift Card Requests
This email usually comes from a spoofed manager address (ask me how I know 😅) with an urgent request for a specific number of Amazon or Target gift cards for a “bonus gift.” It sounds harmless because your “boss” asked you, right?
Fast forward: you’ve purchased the cards and reply, “I got your cards!” The next email says, “Scratch off the back and send me the numbers and codes.”
Wait… what? Why would your boss need the codes? That’s because they don’t, the scammer does. Once you share those codes, the money is gone. You won’t be able to recover those funds.
IT Pro Tip: Watch for misspelled names, incorrect email addresses, unusual wording, and urgent requests with short deadlines (like “must be today”). When in doubt, call your boss directly to confirm. Never share cards codes via email or text!
Black Friday Social Media Sales
We’ve all seen these. You’re scrolling through Instagram, and suddenly - there it is! A site offering exactly what you’ve been looking for, at 80% off. Woohoo, a deal, right?
Not quite. Social media retail scammers create fake ads, storefronts, and even mimic legitimate brands to make you think you’re scoring a bargain. In reality, they’re just after your personal and payment information. And the chances of you actually receiving what you ordered? Slim to none.
It Pro Tip: Do your homework, if you’ve never heard of the company do yourself a favor and do some research. Avoid buying through DMs or links in Ads. Go to the retailers verified website to purchase!
Nothing says “Happy Holidays” like staying one step away from the bad guys! This holiday season, slow down, check twice and don’t let a fake FedEx alert ruin your festive spirit.
