Skip to main content
Holiday shopper using cybersecurity best practices to not get scammed by phishing emails.

Every year bad actors will try to take advantage of the holiday season with phishing scams that target families buying gifts online from Black Friday or Cyber Monday sales in preparation for the upcoming holidays. The big sales during this season combined with the stress of ensuring your gift arrives in time means the bad guys have a great way to tempt you into clicking a malicious email or text message before you realize it’s a scam. To help you protect your holiday cheer this year, we want to let you know about some of the most common phishing tactics that may come to your inbox this holiday season!

Delivery Notification Phishing

Sometimes the hardest part about shopping for the holidays is ensuring the gifts arrive on time. Many people purchase most of their gifts online, and this means dealing with shipping and delivery notifications more often. Hackers know that late packages will cause a lot of anxiety for last minute shoppers, so they use phishing scams that mimic late delivery notices or shipping errors to steal account credentials or credit card information. Even if you think a late delivery notice is from a legitimate source, always navigate to the carrier’s website without using links in the email or text notification to check on the status of your deliveries.

Sales Emails

With the increase in spending that the holiday season brings, shoppers are always on the lookout for good sales. Malicious actors can take advantage of this and pose a phishing email as a sale or coupon for popular stores. The proposed sale may just ask for a few key pieces of personally identifiable information (PII) in exchange for a discount code, and shoppers would only find out it’s fake when they try to use it later. If you are signed up for mailing lists from your favorite stores, verify the sender information on sale emails and always verify sales on the seller’s website to avoid clicking email links as much as possible.

Malicious Donation Requests

Not every phishing scam over the holidays will focus on purchasing items. Often, hackers will go so low as to impersonate popular charities to trick people into sending them money that was meant for a good cause. These phishing strategies will often use emails that are crafted to look extremely convincing, making it difficult to differentiate between a scam and a real charity. No matter what an email says, it is always best practice to navigate to the charity website yourself to make donations; this way, you can always be sure your charitable donation makes it where you intend it to go.


Shopping during the holiday season is stressful enough without worrying about hackers trying to steal your information with phishing attacks. That’s why Robinett Consulting’s security specialists recommend avoiding links inside of emails and verifying sender information before taking any action. Doing this while staying on top of the latest cybersecurity news will help you stay secure all year round as you know what to expect from the bad guys and the best way to protect your PII!

Robinett Consulting

Author Robinett Consulting

At Robinett Consulting, we are your consultative partner who strives to grow your business and have technology truly enabling you. We aim to understand you and your business so that you do what you do best unhindered by your IT.

More posts by Robinett Consulting