Time to remind staff about seasonal scams

07.10.2016 |


Time to remind staff about seasonal scamsOK, we know it is only October but everyone seems to be gearing up for Christmas already and this can only mean that the scammers are putting the final touches to their campaigns of seasonal misery.

It is a sad fact of life that scammers target people when their guard is down or when they are at their most vulnerable. The thing to remember is that staff getting caught out by online and email scams will not only affect them but it could also damage your business. If you allow your staff to surf the internet in their lunch breaks, receive parcels at work, use their work emails to order goods and services from the internet or just access their personal emails at work then this is a great time to give them a refresher on safe use of the internet and what to do with that unsolicited email.

Below is far from an exhaustive list, but these are the kind of Christmas scams you should ask your staff to look out for.

Bargain gifts

We all want to get the ideal gifts for our loved ones over the festive period, and at the best price too. But, if the advertised price for the latest designer watch or must have toy seems to good to be true, then it probably is. Just a single visit to a malware infected website could spell disaster.

Even advertised links from legitimate websites can lead to trouble. Don't forget that adverts are usually placed on websites by third parties so you shouldn't assume that an advert has been vetted or approved by an organisation you usually trust. Remember that browsing habits change in the run-up to Christmas so you and your staff should be extra vigilant when visiting unknown corners of the internet.

Parcel deliveries

Fake parcel delivery emails can often slip through the 'common sense' net when you are expecting a deluge of packages from numerous delivery companies. As with all emails of this type, just delete them and never click on any links inviting you to order a re-delivery or track your gift.

Bank or PayPal notifications

Christmas is the busiest time of year for the banks and payment providers as consumer spending rockets. The scammers know this and often send very convincing 'phishing' emails designed to trick people into believing that there has been 'suspicious activity' on their account and that they should log in to update security details. These types of email are most definitely scams and should be deleted straight away. Remind staff to never click on links or fill in any online forms asking for password resets. If in any doubt, they should visit the provider through the channels you usually use to put their minds at rest.

Mobile app scams

Company mobile devices are often a weak point for company security and novelty or discount shopping apps can be a tempting download for unsuspecting users. Our advice is to have a secure MDM (Mobile Device Management) policy in place but, if you don't, perhaps remind staff with company devices that downloading apps they don't know anything about is definitely not a good idea!

E-Cards & novelty websites

E-cards and novelty websites seem to spring up everywhere over the Christmas holidays. But, what might seem like a laugh to share around the office, can have serious consequences for your precious company systems and data. If in any doubt, e-cards and emails with links to seasonal frivolity should be deleted immediately.

Fake charities

It's no joke that the vulnerable need our help even more over through the winter period and we would absolutely encourage businesses to help where they can. But scammers know that fake charity emails can get the 'best' response when sent at Christmas. Remind staff to be vigilant for emails claiming to be from even well known charitable organisations.

And why not help your staff to make a difference by selecting a nominated charity that you will work with over the holidays?


Christmas can be a tough time for people who don't have anyone to share the festivities with and the cyber criminals know this. Scammers can use photos, emails and even text messages to pretend to be a member of a dating website. Messages may contain phishing scams where the person can access personal information such as usernames and passwords or infect a device with malware.

This might be a sensitive topic to cover but it is worth advising staff to only use recognised and reputable dating websites.

Always remember that your staff can be the weakest link in your defence against cyber criminals. But they can also be your most effective resource for keeping your business safe. A little education and refreshing the key messages around IT security can enable staff to help in the fight against online threats.

If any of the scams mentioned here are a concern and you would like some practical advice in securing your business against online threats then please contact us today to discuss your online security with one of our experts.

If you enjoyed this article and would like to read more – why not sign up to our mailing list? You'll receive all our best advice, straight to your inbox.



Send us an email

Your message has been successfully sent, thank you.