Holiday Phishing Scams are Coming! What to Teach Employees

Holiday Phishing Scams are Coming! What to Teach Employees

Unfortunately, 2020 has been a banner year for phishing scammers, with attacks taking advantage of the pandemic skyrocketing over the last several months.

In the first quarter of this year, there was a 350% increase in phishing sites. And now those COVID phishing emails are about to be joined by the seasonal holiday scams.

Holiday phishing scams often catch users off guard because they target the types of emails that are seen more often during this time. You’ll see spoofed tracking notices, fake holiday party emails, the “false Amazon order” scam, and more. 

It takes a combination of both email security strategies and employee awareness training to ensure your Fresno area business doesn’t fall victim to an attack.

Employee Training Tips for Holiday Phishing

Don’t underestimate the power of well-trained employees when it comes to the prevention of malware, ransomware, and data breaches.

Studies show that after implementing an employee security awareness program, companies can see:

  • 40% decrease in phishing email clicks
  • 75% decrease in employee susceptibility to phishing 
  • 70% lower data breach risk

It’s time to prepare your employees now, because those seasonal phishing emails may already be hitting their inboxes. Here’s what to do.

Study Phishing Examples

Employees can be much better prepared to avoid falling for a phishing scam if they’ve already seen what it might look like. Put together some examples of holiday phishing scams that they can keep as a reference. You can find several samples on this site, and we’ve also got one below.

This is an example of a popular scam which is the fake order email. This phishing scam is designed to get the users to immediately click the link to try to figure out what this order is about. It uses a common tactic, which is to spoof the look of a legitimate company’s email.

Common scam emails seen around the holidays include:

  • Fake orders and invoices
  • Holiday party survey
  • Gift card scam
  • Fake charitable donation requests
  • Fake tracking notifications

A fast way to uncover a phishing scam is to hover over a link without clicking it. This will cause the hyperlink to pop up, and if the URL doesn’t match the company that the email is supposedly coming from, it can immediately alert the user.

Don’t Trust the “From” Email Address

Phishing scammers will often spoof an email address in the “from” line of an email as a way to fool a user into believing it’s legitimate. For example, a scammer might use the company’s own domain ( to make someone believe an email came from a co-worker.

It’s important not to trust the from address by default. If an email is unusual or unexpected and looks like it comes from a legitimate domain, double check it.

Here are a few ways to do that:

  • View the source code of the message and look for the sending domain information
  • Call the recipient to ensure the email is legitimate
  • Run the email by your IT support partner to get their advice

Visit Sites Directly Instead of Using an Email Link

88% of phishing emails use a malicious URL rather than a file attachment. This often can get a phishing email past an antivirus filter that is looking for malware in a message.

The URL itself doesn’t have malware, but it can take the user to a page that does a drive-by download of malware or to a spoofed login form designed to steal their password.

Employees should get in the habit of going to websites directly instead of using a link in an email. For example, if you get a tracking email from USPS and you’re unsure whether or not it’s legitimate, go to the USPS site directly instead to look up the tracking number. If there is no tracking number in the email text, that’s a red flag that it’s a phishing email.

Don’t Be Taken In By Emotional Tactics

Phishing scams employ the use of emotional tactics to get people to click before they think.

For example, they may send a phishing email that warns a vital account will be shut off if they don’t response, triggering fear.

Another tactic is the promise of a large purchase order that someone opens without thinking because they really want to get a big sale.

It’s important to understand that these tactics are hallmarks of phishing emails and they’re designed to get users to take immediate action.

Instead, employees should always get a second opinion whenever they receive a questionable email and not fall for the emotional bait.

Protect Your Workers from Spam with Email Protection

Unity IT’s Email Protection system offers multiple safeguards to reduce the amount of phishing delivered to user inboxes and keep email secure.

Contact us today to schedule an email security consultation at 559-297-1007 or reach out online.