Enterprise Solutions [Go to GAT Labs for Education solutions here]

5 Sly Phishing Emails ‘Dashing Through your Inbox’ this Holiday Season

See GAT Labs
in action

Table of Contents

Tis the season to be jolly and weary of phishing emails 🔔

Every year, phishing soars and roars around the holiday season. After all, it’s the most wonderful time of gift-giving and celebration all the way. 

Cybercriminals typically wait for this time of the year to tap the seasonal trend and prey on eager festive shoppers by launching even more sophisticated phishing campaigns — and sadly, many people, and even organizations, fall for it. 

But don’t worry, we’ve been out there doing all the digging to bring you the news you need to protect your data from phishing this season. 

We also recommend that businesses share this list with their staff to avoid accidental data breaches or leakage that could kill everyone’s holiday spirit. 

So grab your eggnogs folks and let’s go through this list of trending email phishing scams making the rounds this year 

5 Phishing Emails to Lookout for During the Holiday Season


1. Christmas Themed Emails:

Email security might not exactly be the main thing on your mind as you wrap up work (and gifts!) for the end-of-year festivities, and cybercriminals are more than aware of that.

“During the festive period, not only does the number of phishing scams increase but also the quality,” said Jan Oetjen, CEO of GMX.

With all the holiday-themed emails you’re receiving, you want to pay close attention to those Christmas email event invites, fake charity requests, flyers, deals, and surveys packed with information-stealing malware. 

Such emails are less suspicious than you’d expect them to be, making you think they’re totally legit at first glance. 

However, many carry malicious executable files or embedded links artfully named things like ‘Christmas menu’, ‘Shopper’s survey’, etc. to lure you in and steal your data.

** Using the right Data Loss Protection (DLP) tools like GAT Shield can be a real lifesaver during those peak times for Chrome environments as it monitors all activity and provides real-time DLP on all sites, in all locations, and at all times.


2. Fake Payroll Emails:

As we all patiently wait for December’s much-needed paycheck, payroll-themed phishing emails prey on our charged sense of anticipation. 

In fact, these emails not only target employees but payroll officers as well.

Employees should look out for suspicious emails titled things like, ‘Annual bonus’, ‘Christmas incentive’, etc. These emails do not come with attachments, instead, they include links to what appears to be a Google document containing concealed malicious files hosted on Google Drive.

Payroll officers, on the other hand, should watch out for spoofed emails with signature blocks of staff asking for a change of employee bank details. These emails usually come from attackers providing fake details to steal your staff’s salaries.


3. Fake Delivery/ Post emails:

Expecting multiple packages for Christmas? Well, you’d want to be extra careful then.

These ones are super easy to fall when you are actively doing your Christmas shopping online.

These emails look highly legit and trick you into disclosing personal information, account credentials, or credit card details.

Keep your eyes wide open for the following tell-tell signs:

  1. Delivery emails ask you to pay a particular customs fee that you weren’t notified about when placing an order.
  2. Customs and import tax scams
  3. Order confirmations with tracking links for items you don’t recall ordering.
    **Leading Tech giant Amazon warns customers to be extra careful of this particular scam this week.
  4. Order cancellation emails with suspicious links that install harmful malware into your system when you click on them and then steal your data.  
An Post Phishing Scam
(Image: An Post)


4. Typosquatting, Please:

That is a brilliant mind gaming scam, but not too brilliant for us to detect. You might just need to recall a bit of those ‘Where’s Waldo?’ attention skills.

Typosquatting (also known as URL hijacking) is a form of cybersquatting, where attackers register a domain name that mimics a popular website (eg. Nikee instead of Nike or PayPaI instead of PayPal). 

Before clicking on any links or providing sensitive information, you always want to confirm that an email is in fact from the entity you believe it is. Don’t fall for those visual illusions.


5. The ‘You Won’ Scam

The typical ‘Congrats you won!’ phishing emails aren’t exactly new to the scene, yet people are still falling for them, especially when combined with typosquatting. 

These scams always phish for things like credit card details or banking information to rip you or your company off some good money.

The best way to detect them is by applying the ‘’Too good to be true’’ rule. I mean things like £2 for an iPhone 13 is highly far-fetched.


Finally, here’s a little Christmas bonus from our side to help you spot those phishing emails:


  1. Ensure the email address and the sender’s name match.
  2. Check that the email is authenticated.
  3. Be wary of alarming emails requesting immediate action, such as “Your account will be suspended”, “Update your payment details” or “Contact us immediately.”
  4. Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
  5. Check the message headers to make sure the “from” header isn’t showing an incorrect name.
  6. Check for communication gaps: emails that don’t provide an alternative method for communicating the requested information (i.e. telephone, mail, or physical locations)
  7. Check for peculiar email formats and typos in the names of well-known companies.
  8. Invest in a good DLP solution for your company.
  9. Most importantly, avoid opening emails from unknown senders when using devices that have access to important and sensitive data.

Finally, as Santa makes his list and checks it twice, follow his lead and double-check files, links, typos, and dodgy websites to tell the naughty ones from the nice!

To learn more about how to spot a phishing email check out our post 5 Tell-Tale Signs of a Phishing Email.

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Don´t miss any updates!

Enter your email address to be kept up to date with content that helps you manage, audit and secure your entire Google Domain.