Skip to product menu
close
  • Recent Launches
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Recent Launches

New

Payroll software with automated tax payments and filing.

Try now
New

Robotic process automation software to automate high-volume, rule-based tasks.

Try for free
New

Low-code IoT platform and solutions for connected businesses.

Try now
New

Business formation service to launch and grow your businesses.

Try now
New

Privacy-friendly application analytics solution.

Try for free

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce and POS

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
NEW
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
FREE
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
NEW
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace
Skip to main content
  • HOME
  • Common holiday email scams and how to avoid them

Common holiday email scams and how to avoid them

The holidays are a time for people to celebrate, spread cheer, and connect with their loved ones. It's also the season when online purchases and gifting are at an all-time high. This increased online spending is a prime opportunity for hackers to target people with cyber attacks. They don't necessarily come up with new forms of cyber attacks during the holiday season; instead, they tweak their threat attempts to fit the context of the season.

Email attacks work particularly well during the holiday season because people are already receiving an abundance of emails. So when a threat actor sneaks in a fake email amongst the many legitimate emails, the recipient may fail to detect it. Most people are in a generous mindset around the holidays, so it's easier for hackers to extract money from them by convincing them they're donating to a noble cause.

There are many reasons that make the year-end a prime time for hackers to exploit for their monetary benefits. While it may be inevitable for these emails to land in your mailbox, being prepared to handle them safely may save you a lot of trouble and ensure that your holiday experience doesn't get ruined. In this article, we'll discuss the reasons why holiday email scams are common, some of the common types of email scams, and a few tips that can help you avoid these scams and stay safe online.

Why are holiday email scams common?

Users are bombarded with a multitude of emails about discounts, charities, flash sales, and shipping information about their orders during the holiday season. Threat actors make use of this opportunity to propagate attacks because the abundance of emails helps them penetrate and blend into users' mailboxes. They simply tweak their email content to fit the holiday context and use it to extract money or personal information from the recipients.

By making use of the year-end holidays such as Halloween, Thanksgiving, Christmas, and New Year, threat actors send emails that can exploit the high volume of online orders, shipping information, or discounts that are used during the holiday.

Types of holiday scams

There are different ways in which threat actors try to trick users into believing them. Some of these scams have become common over time. Understanding how these holiday scams occur over email and learning to spot such fraudulent emails will go a long way in protecting your mailboxes from fraudsters and threat actors. Let's take a look at the prevalent types of holiday scams.

Fake online stores

The volume of consumer shopping increases drastically during the holiday season. The number of emails sent to consumers informing them about brand offerings, discounts, and other such information is higher than at any other time of the year. This makes it easier for threat actors to deceive email recipients by posing as a legitimate store.

Under the pretext of being a genuine store, fraudsters create online stores using look-alike domain names of reputed stores. With AI capabilities, they can create websites and product listings that look exactly like the brand they're trying to emulate. They even use email templates, logos, and other creatives that are exact replicas of the original brand. Using this brand name, they send emails that nudge users to take an action.

If the email recipients make purchases from the online store, they either receive counterfeit products or no product at all. After a while, the owners become unresponsive or they close the store altogether and go on to launch other stores that they use to scam people.

Charity requests

The holidays are a time when people are more generous and goodwill flourishes across the globe. Many charitable organizations request donations during this period to contribute towards holiday clothing, toys, or to arrange festive feasts for those in need. But sometimes, fraudsters with ill intent also pose as legitimate organizations and request donations from people.

They create a domain that appears authentic and send emails that nudge the recipients to support a specific cause. This taps into the goodwill that most people tend to have during the holidays, and they sometimes go ahead to make the donation without verifying the authenticity of the sender or the organization. Threat actors send these emails either by emulating a reputed organization or by creating an organization that's completely new.

Many email recipients just perform the preliminary step of verifying the website. But hackers these days are performing elaborate schemes with the help of AI, and they go to the extent of creating a website that looks authentic. So, if a user simply checks the website, they'll tend to believe that the email is authentic and donate money. The money goes towards making the threat actors rich, definitely not to those in need.

Fake shipping information

Threat actors rely on creating a sense of panic, causing email recipients to take an action quickly before they can identify the malicious nature of the email. To create a sense of urgency and prey on recipients' panic, fraudsters send emails with fake shipping updates. Most consumers have products that need to be delivered to them during the holiday season. These update emails are sent either by stealing data about products that people have ordered or under the assumption that the recipient will be expecting something.

These emails make claims that their package is being held at a particular place due to a lack of customs clearance, or it's being held because of incomplete delivery information. They'll nudge the recipient to click on a link in the email to view the status or enter an OTP that has been sent to them. The embedded link is most likely a phishing link where they're prompted to enter their address. Other times, the hackers will demand a payment to be made to complete the clearance of customs checks.

Popular delivery services such as FedEx, DHL, UPS, or others are mimicked in these emails. The email template is a convincing replica of these services. If you happen to receive such emails, think about your pending deliveries and take action only from the online platform or seller you've placed the order with.

Gift cards

Gift cards are a popular scam that fraudsters commonly use during the holidays. Sales of gift cards rise considerably during the holidays. Companies present their employees with gift cards, and they're commonly bought as gifts for friends and family. This is one of the most profitable scams for hackers because gift cards can reach high denominations in certain cases.

Because this is a common form of gifting in organizations, this is a scam that can affect people not just personally, but on an organizational level as well. Threat actors may send emails impersonating a company's CEO to the finance or payroll team. They may demand that a certain number of gift cards be bought for people in the organization and the codes be shared with the CEO. This is a common cyber attack at the year-end, with many recipients performing the required action. This is one form of CEO fraud or business email compromise.

In another form of this type of attack, consumers receive emails about discounts on gift cards from prominent brands. If a threat actor has sent the email by assuming a genuine identity, the gift cards are probably fake, or sometimes they completely stop responding and fail to send the gift card once the payment has been made.

Flash sales and offers

During the holiday season, time-sensitive offers and discounts are at an all-time high. Most consumers are excited to use these opportunities to save money. But threat actors also make use of this vulnerability for their own gain. They send emails that mimic authentic brands, informing the recipient about a flash sale or an offer that has to be claimed immediately. They nudge you to click on a link or enter your details to claim the offer. Unfortunately, these mostly end up being bogus.

This scam, like many others, preys on recipients' mentality to perform an action within a specific duration and creates a sense of urgency. In this mindset, people fail to notice and check whether the email is authentic. While flash sales have become increasingly common, when you receive emails about such time-sensitive offers, make sure you perform the action directly from the seller's website, not from the email.

Travel scams

Many people go on vacation or travel to visit their family and friends during the holiday season. Because of this increased traffic, travel scams have reached an all-time high. Threat actors trickle into users' mailboxes under the pretext of being a travel company providing good deals and discounts on travel itineraries, packages, and tickets. The email recipient will be anxious to take advantage of these deals since airfares and hotel prices usually skyrocket at this time of the year.

If these emails are sent by fraudsters, they'll take the recipient to a fake website that mirrors a legitimate website's design, template, and logo. The email recipient, assuming that the email and website are genuine, goes ahead and makes payments to secure their vacation packages and flight tickets. This money, instead of going towards their purchases, ends up in the fraudster's pockets, and the email recipient gets cheated of their money. In return, they receive fake tickets or payment confirmations that are denied when presented at airports, train stations, hotels, and other travel checkpoints.

Tips to stay safe from holiday scams

While it's inevitable that you'll periodically receive holiday scam emails, there are a few tips and tricks you can learn to spot such fraudulent emails and even keep them away from your mailboxes. Let's take a look at some of the ways in which you can protect your email from these scams.

Learn to spot fake websites

Learning the telltale signs of a fake website and using those signs to identify whether a website is fake or genuine can help in many scenarios other than the holidays. These days, the prevalence of AI has made it much easier for hackers to create fake websites that appear authentic. But, there are certain signs that give away if a website is being emulated. Here are some ways you can verify this:

  1. If you're clicking on the website link, ensure that you're redirected to the correct domain and there's no change or difference in spelling from the original domain.

  2. Check whether the website has a padlock symbol in the address bar. This indicates if the site has a TLS/SSL certificate and if the HTTPS protocol is being used.

  3. Check if the website has their shipping, refund, and exchange policy on the website and read through them to see if they're valid.

  4. Check for grammar or spelling errors in the content and see if the logo of the website or brand is correctly displayed.

  5. When making the payment, look at whether the brand uses secure payment gateways. If you spot non-traditional methods, avoid making the payment.

  6. Read through the brand's reviews to see if the brand is authentic. If people complain about counterfeit products or issues with receiving the product, proceed with caution.

Shop only with trusted vendors

Especially around the holiday season, hackers set up new scam websites, send phishing emails to people from different emailing lists, make a good amount of money, and close shop after they've reached their target. Always shop only with vendors with whom you've had a good experience with before. if you're making a purchase on a new website, go through their reviews to ensure that people have had a good experience buying with them.

Subscribe to mailing lists mindfully

Many websites claim to provide a discount if you subscribe to their mailing lists. This is one way for them to market their brand and gain traction. However, not every brand is careful about storing these email addresses safely. Some brands even sell these email addresses on the dark web for a certain amount of money. It's not easy to decipher which brand has shared your addresses because most likely you've subscribed to multiple brands.

To avoid these scenarios, subscribe only to email lists of brands that have a good reputation. Don't share your email address on mailing lists unless you absolutely want to keep up with their updates and discounts.

Use credit cards for online purchases

Using your credit cards for shopping or booking travel online offers a certain level of security and immunity. Credit card transactions are equipped with security features that can protect from fraudulent transactions. Because the payment works on a credit system, the attacker doesn't get direct access to the money. Even if a suspicious transaction goes through, the probability of the victim getting their money back is higher with credit cards than it is with other modes of payment. Stay away from non-conventional payment methods, and make sure the payments go through a secure payment gateway.

Set strong passwords and MFA

Apart from hackers trying to make their way into mailboxes through emails, they may also attempt to use your email address to try to break into your account to gain access to sensitive information. Always configure strong passwords with a mix of upper and lowercase letters, numbers, and symbols. Make sure you also have multi-factor authentication enabled for your account. This way, even if your password gets leaked through a data breach, the additional layer of security will prevent hackers from getting into your email account.

Watch out for smishing and vishing attempts

Email accounts generally have an additional layer of security that spots certain patterns present in emails and filters them out. However, because these functions aren't available in text messages or voice calls, attackers like to use these methods to scam people. Smishing refers to the practice of attackers using SMS to create phishing attacks. Similarly, vishing refers to using voice calls to phish for information. Because there aren't any means to moderate these modes of communication, the onus is on the recipient to ensure safe practices when handling such messages or calls.

Monitor bank statements regularly

While the first line of defense is to make sure your credit card information or other such sensitive data doesn't get leaked, this may not always come to your attention. Therefore, you must monitor your bank account statement regularly. Set up periodic auto-generation of statements and have them sent to your email address so you don't miss reviewing them. Go through them meticulously to spot any discrepancies. In case you come across any issues, immediately report them to your bank and block your credit card if needed.

Avoid using public Wi-Fi

Public Wi-Fi is very easy to hack. Try not to use public Wi-Fi for your shopping needs. Hackers deploy man-in-the-middle attacks to intercept the data you enter. This includes email addresses, usernames, passwords, credit card information, and other such sensitive data. They could use this data for their monetary benefit or to hack your account. Use your mobile network to access the internet ,or if you have to use the public Wi-Fi, make sure you use a VPN to stay safe from hackers.

Don't engage with emails that looks suspicious

If you come across an email that arouses suspicion, tread with caution. Avoid interacting with the email or responding to it. If it elicits a response, check all sources of information and view the legitimate information, order history, or shopping deals on the relevant website before you proceed with taking action on the email.

Deploy email security solutions

The best way to prevent such scam emails from entering your mailbox in the first place is to use an email security solution that can detect such emails. Security solutions use advanced algorithms to spot suspicious patterns in emails and process them accordingly. Because human error is always possible, the best solution in such scenarios is to keep these emails away from your mailbox entirely.


eProtect is a cloud-based email security and archiving solution that provides an additional layer of security for email accounts. The solution offers advanced threat detection mechanisms that can secure on-premise and cloud email accounts from evolving email threats. eProtect is the security solution powering Zoho Mail, a platform trusted by millions of users.  

Related Topics

Leave a Reply

Your email address will not be published. Required fields are marked

By submitting this form, you agree to the processing of personal data according to our Privacy Policy.