Shopping reaches its peak during the holiday season, in particular online shopping.

Unfortunately, that means it’s the ideal time for cyber criminals to take advantage of consumers and businesses. Whether it’s Cyber Monday, Christmas, or Boxing Day, fraud attempts have historically increased during the holiday season.

Australians lost a record amount of more than $3 billion to scams in 2022, and with cyber threats coming in fast in 2023 this amount is likely to have increased substantially by the end of 2023.

To help keep your organisation and their family members cyber safe, here are the 4 most common holiday scams that can negatively affect companies during the holiday season.

Phishing-as-a-service (PhaaS)

Many organisations are victimised by phishing-as-a-service (PhaaS) and this has become an important reason why businesses need to protect themselves against cyber attacks. Purchasing the software for Phishing is cheap and easy for criminals on the dark web, and the benefits are huge.

When it comes to holiday scams, cyber criminals typically target customer information like payment details. With PhaaS, cyber criminals use their skills to assist or recruit others to commit cybercrimes.

Cyber criminals typically aim to conduct business on the dark web and sell their products and services consisting of stolen personal information, card details, target lists, and fake domains.

PhaaS allows criminals to easily, cheaply, and frequently commit cyberattacks against unassuming customers and businesses. These attacks are typically targeted at major brands and are most prominent over the weeks leading up to Black Friday and Cyber Monday.

Businesses can take steps like training employees on how to spot suspicious emails, keeping anti-virus software updated, and authenticating emails to avoid falling victim to PhaaS.

Fraudulent package delivery notices

The holiday season is the biggest time of the year when people send and receive gifts. One of the most significant elements of the season is that there are packages arriving at unexpected times without prior notice.

This is something that cyber criminals are aware of and can even send realistic-looking delivery failure notifications to your customers so that they will contact you and perhaps reveal their personal information in order to reach your establishment.

While your business may not be liable for such scenarios it can create a bad impression about your business to your customer and other customers who may deduct that your business does not have the proper security infrastructure to protect customer details.

This is why your business should have a proper notification system that informs the customer at every step of the delivery process so that they are always informed about the delivery of their goods.

E-card danger

E-cards have made a comeback since 2020 and have seen significant growth over the years.

One of the most inviting aspects of an e-card is that it can be sent to anyone in the world at any time, which is also what makes this a favourite among cyber criminals.

Whether you’re an individual or a business, everyone receives e-cards that spread holiday cheer, but unfortunately, cyber criminals have designed e-cards that can install data-leaching programs on your device and do untold damage without your knowledge.

For businesses, this can be a daunting prospect as many suppliers, clients, and other stakeholders send holiday greetings over emails and fraudulent emails can get lost in the mix. An unsuspecting employee could create a lot of damage by opening the wrong email even though they may not be familiar with the sender thinking that it’s a harmless holiday greeting.

Advising employees to steer clear of emails from unknown senders and identifying emails that seem out of the ordinary can be malicious emails and should be notified to your IT department.

Offering mandatory cyber security training programs that focus on holiday scams can be a great exercise in ensuring that your employees can identify and take the proper precautions to prevent data breaches.  

Mobile device scams

Businesses often provide employees with company-maintained devices like laptops, mobile phones, and tablets that help them perform their jobs from remote locations around the world.

One of the biggest ways that holiday scams can impact you is through mobile games or apps.

For instance, imagine you’re waiting to take a flight home for the holidays and while you’re waiting for your flight to board you open your device and install a game or app to pass time. Mobile games can steal your password and other data from your device.

Doing a quick search about the validity of the app can give you a good idea about whether it’s safe to download.

Additionally, be sure to read the permissions on the app carefully. Some apps may include a clause that requests your permission to send your data to a third party – a step that legitimate apps won’t ask you to take.

With most people using their official mobile devices for personal usage, the risk of this happening is quite large, especially during the holidays when employees tend to browse the web and try out different apps. Protect your employees by putting the education in the palm of their hands with our Mobile phone and tablet education course.  

Preventing holiday scams starts with the individual

The weakest link in any organisation is human behaviour. You can have the best cyber security systems and processes in place, but a business is still only as secure as its weakest link.

The best way to prevent holiday scams from sailing away with your sensitive information is through awareness and education.

Empower your people to be cyber safe with personalised training designed for Australians, by Australians at Phriendly Phishing.

If you would like a confidential in-depth chat about how we can help you, please reach out to our team today on 1300 407 682 or