Friday, May 23, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Careers Security Awareness Security Bloggers Network Social Engineering 

Home » Cybersecurity » Careers » Be Wary of Scammers in the Holiday Season

SBN

Be Wary of Scammers in the Holiday Season

by Social-Engineer on December 21, 2022

As 2022 comes to a close, stress can be at an all-time high. This time of year, many have planned holiday vacation time, relatives may be coming in from out of town, or there may be end-of-year time crunches at work. Due to these stressors, we may become lax in our judgement when it comes to how we view security. However, we must be wary of scammers during the holiday season and not let our guard down. These conditions are the perfect storm for malicious actors. In 2021, the FBI and CISA saw an increase in highly impactful ransomware attacks occurring on holidays and weekends. We should not expect things to be any different at the end of this year either.

In October, Cybersecurity Awareness Month taught us the importance of safe practices such as the use of multifactor authentication, strong passwords, and VPNs. Even though that month has since passed, the holiday season is perhaps one of the most crucial times to keep those same practices at the forefront of our mind, along with other useful tips to keep ourselves safe. Let us consider a few of them.

Caution on Vacation

Many find themselves travelling during this time of the year. We may be very excited to finally get some time off after a very busy twelve months. However, never let yourself become too comfortable when letting people know that you’re away! One instance to be careful of is when posting on social media. If we were to post too much about going on holiday mentioning dates away, destinations, etc., we could run the risk of being targeted by a malicious actor. How so? They could pose as your hotel or airline by sending you convincing phishing emails. Or even worse, plan out when you will be away so as to gain access to your personal estate.

Techstrong Gang Youtube
AWS Hub

When on vacation, the last thing you want to worry about is work emails, right? You may set up “Out of Office” automatic replies to let people know you are not available, and to reach out to someone else. Though these may be useful, they may be more of a security risk if they are not worded properly. It is recommended that “Out of Office” replies should NOT include the following:

  • Specific dates of your vacation (e.g., December 23-27)
  • Corporate information you would normally include on a regular email (e.g., job title, company roles, chain of command details, etc.)
  • Personal contact information such as a cell number

What would happen if an employee were to include all this information in their “out of office” automatic replies? A malicious actor could use this information to impersonate the employee while they are away! An attacker can easily find these types of automatic replies by means of mass phishing campaigns.

Deals and Promotions

This time of year also brings a surge of promotional scams. With the increase of malware related scams mentioned at the outset, it is important to be on guard when searching through our inbox. Scammers may include details about “jaw-dropping” holiday discounts to entice their victims. These may come in the form of phishing emails, text messages or advertisements while online shopping. Also, beware of fake in-app purchases or shared links on social media.
Scammers during the holidays
ALWAYS be wary of any links found in emails or text messages from unknown or unexpected senders. The link may have misspellings of a brand or have nontraditional characters embedded in it. If it is believed to lead to a reputable website, visit the site directly yourself instead of using the link. You can also try using free link checkers on the web to see if it is in fact malicious.

When deals seem too good to be true, it’s likely because they are. If you’re not sure whether an offer or deal is legitimate or not, always search and fact check first before taking any action. Always make sure you are shopping on the correct website as well. If you mistype a website by accident, there may be a scam website deliberately misspelled to catch accidental web traffic.

Beware of Delivery Scams! With the increased traffic of online shopping and package shipping, scammers are given another avenue to take advantage of. They may send out phishing emails and texts disguised as reputable companies like UPS, FedEx or Amazon. The message may claim to be a notification about incoming or missed deliveries. However, links attached to the phony messages may lead to sign-in pages asking for personal information or may be infested with malware.

Fake Charities

Scammers will exploit any possible situation and circumstance. They do not “play nice” or fair, regardless of what time of year it is. December is the most popular month for charitable giving. Scammers are aware of this and take advantage of it by creating fake charities, GoFundMe campaigns, and other charitable activities. These types of scams may also use current events, such as the war in Ukraine, to trigger an emotional response and click on a link.

In some cases, a charity may not be fake at all, however scammers can make a passable “lookalike” website to trick users. Because of this, always check the URL and charity name before donating. Be wary if a charity seems to be pressure you into a specific dollar amount, or if the details on how the money will be spent are vague. These may be signs of something nefarious taking place behind the scenes.
Scammers in the Holiday Season

Securing Your Business

If you own or manage a business, what steps can you take to ensure that you and your employees navigate safely through the holiday season?

As mentioned previously, phishing emails are rampant throughout the holidays. Remind your employees to be extra careful about any emails promoting holiday offers and deals. Remind them of the added risk that comes with using a work computer for non-work-related activities such as online shopping or reading personal emails. This is especially the case for remote workers. Such actions put the security of a company at higher risk, more than the employee may realize.

With high stress and mental fatigue that comes with closing out a work year, it is important that no corners are cut when it comes to security infrastructure. This includes making sure all company software and applications are updated, scanned, and patched. Vulnerability assessments and testing are crucial all the time and should be no different even in the holiday season.

Implementing an Identity and Access Management (IAM) system will also help mitigate the chances of undetected cyber-attacks. It may be hard to keep tabs on all staff at once. During a time that mental fatigue may affect many, IAM systems will help manage your user access ecosystem.

Lastly, it may be very important to have on-call IT Security staff. With holiday breaks or general IT staff on vacation, there may be fewer eyes to attend to all systems and possible anomalies. Therefore, it would be worthwhile to have IT staff on call in the event a security incident occurs.

Moving Forward with Peace of Mind

We have learned about many ways scammers can take advantage of the holiday season to deceive their victims. We also considered ways to keep ourselves safe, whether we’re vacationing, online shopping from home, or looking after our company.

Of course, all these tips are not ONLY applicable to this time of year. In fact, they heighten our senses and can help us spot scammers well through the new year and the years to come. Only through learning about the tactic’s scammers use can we truly continue to improve our own personal security.

At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:

https://www.Social-Engineer.com/Managed-Services/.

Images:
https://www.hippopx.com/en/banking-buy-computer-credit-card-keyboard-macbook-online-shopping-355474
https://unsplash.com/@frantic

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/social-engineering/be-wary-of-scammers-in-the-holiday-season/

December 21, 2022December 21, 2022 Social-Engineer Charity Scams, d, delivery scams, General Social Engineer Blog, Holiday Scams, Phishing, promotional scams, scammers, security awareness training, smishing, social engineering
  • ← Governance and Process Automation
  • 2022’s Top Phishing Attacks →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Experience at Qlik Connect 2025

Upcoming Webinars

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Tracking Accusations May Have Roblox Back in Court 
EU Stakes Out Digital Sovereignty With Vulnerability Database 
Signal Gives Microsoft a Clear Signal: Do NOT Recall This
Survey: Too Much Time Being Spent on Managing Cybersecurity Tools
Strategic Defense Innovation: Israel and South Korea’s Technological Partnership 
SK Telecom USIM Data Compromise: Millions of Customers at Risk
The State of AI in Cybersecurity 2025: What’s Working, What’s Lagging, and Why It Matters Now More Than Ever
Adapting to New Security Challenges in the Cloud
10 SaaS Security Risks Most Organizations Miss | Grip
Application Security Testing: Security Scanning and Runtime Protection Tools

Industry Spotlight

Signal Gives Microsoft a Clear Signal: Do NOT Recall This
Application Security Cyberlaw Cybersecurity Data Privacy Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

Signal Gives Microsoft a Clear Signal: Do NOT Recall This

May 22, 2025 Richi Jennings | Yesterday 0
Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches 

Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty

May 16, 2025 Jeffrey Burt | May 16 0
Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)
Analytics & Intelligence Cloud Security Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)

May 15, 2025 Richi Jennings | May 15 0

Top Stories

U.S. Authorities Seize DanaBot Malware Operation, Indict 16
Cloud Security Cybersecurity Data Privacy Data Security Endpoint Featured Identity & Access Malware Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

U.S. Authorities Seize DanaBot Malware Operation, Indict 16

May 23, 2025 Jeffrey Burt | 1 hour ago 0
Survey Surfaces Limited Amount of Post Quantum Cryptography Progress
Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Survey Surfaces Limited Amount of Post Quantum Cryptography Progress

May 23, 2025 Michael Vizard | 5 hours ago 0
Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer

May 22, 2025 Jeffrey Burt | Yesterday 0

Security Humor

Randall Munroe’s XKCD ‘Baker's Units’

Randall Munroe’s XKCD ‘Baker’s Units’

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×

Security in AI

Step 1 of 7

14%
How would you best describe your organization's current stage of securing the use of generative AI in your applications?(Required)
Have you implemented, or are you planning to implement, zero trust security for the AI your organization uses or develops?(Required)
What are the three biggest challenges your organization faces when integrating generative AI into applications or workflows? (Select up to three)(Required)
How does your organization secure proprietary information used in AI training, tuning, or retrieval-augmented generation (RAG)? (Select all that apply)(Required)
Which of the following kinds of tools are you currently using to secure your organization’s use of generative AI? (select all that apply)(Required)
How valuable do you think it would it be to have a solution that classifies and quantifies risks associated with generative AI tools?(Required)
What are, or do you think would be, the most important reasons for implementing generative AI security measures? (Select up to three)(Required)

×