Cyber Scams to Watch for Over the Holidays

Ron Sharon

Vice President of Information Security


Practicing good cybersecurity hygiene, exercising caution, and being aware of common cyber scams can help protect you and your loved ones this upcoming holiday season.

Women in holiday sweater in from of laptop with credit card.

Cyber scammers are always on the prowl, but it pays to be especially vigilant this time of year. According to Experian, one in four Americans—or 24%—reported that they fell victim to fraud during the holidays.1 And a surge in online shopping throughout the pandemic helped open the door to the rising wave of cyber fraud. Also, people are often distracted during the holidays as they seek the next great bargain, which can make them more vulnerable. According to the World Economic Forum, 95% of cybersecurity incidents can be traced back to human error.2 Practicing good cybersecurity hygiene, exercising caution, and being aware of common schemes can help keep cyber scammers and fraudsters at bay.


Types of cyber scams

While fraudsters will try almost anything—from impersonating a bank representative to making threatening calls about past-due taxes to the IRS—the holiday shopping season is a peak period for various cyber scams:

  • The holiday e-card scam. Leave it to the scammers to try to ruin the festive mood of the holidays by sending you a phony greeting card. The subject line might say, “Happy Holidays from…” but if you follow the link in the email, the gift they’re really giving you is probably malware or a computer virus to steal your personal information.
  • Pre-paid gift card scam. Several different types of scams involve gift cards because they have less protection than credit cards, and scammers are less likely to get caught. The thing to know is, if anyone asks for payment with a pre-paid gift card, then it’s probably a scam. Gift cards are for giving, not for transactions.
  • Fake charities. A phony charity generally pretends to do real work through their social media presence, but the money goes into the pockets of the charity’s creator. Always check to see if the charity is registered, and you should also review for any misspellings in the URL in case the scammer is trying to mimic a legitimate charity organization. Fake charity scams are more prevalent after disasters and during the holidays when people are in a giving mood.
  • Phony delivery notifications. A text message or email saying it’s from the postal service, a retailer like Amazon, or a delivery company could very well be a scammer. When you follow the link and reschedule the delivery for a $1 fee, the scammer steals credit card information.
  • Fake account expiration email. If you receive an email notice that says a password or account has expired, it’s probably a scammer trying to get your personal or financial information once you log in.
  • Identity theft.3 An identity thief takes financial information from wherever they can attain it and commits fraud by taking out a loan, getting a tax refund, or even paying medical bills.


Avoiding cyber scams

Be sure you know who you’re buying from or selling to when shopping online. Ensure a website isn’t fraudulent by checking each website’s URL to make sure it’s legitimate and secure; a site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information. Protecting your identity means using secure passwords and setting alerts on your credit reports. Lastly, to avoid the perils of fake holiday e-cards and other email scams, never click on links unless you’re 100% sure the sender is legitimate.

If you do fall victim to a cyber scam, take decisive steps, like contacting your financial institution and disputing the charges.

Never take things at face value, especially when receiving communications from people you don’t know. Scammers want to trick and deceive you out of information and money. Email addresses, phone numbers, videos, and even your voice can be spoofed. Moreover, Trust But Verify is no longer sufficient in today’s world of rising cybercrime. The better motto is Never Trust, Always Verify.

Mercer Advisors Inc. is the parent company of Mercer Global Advisors Inc. and is not involved with investment services. Mercer Global Advisors Inc. (“Mercer Advisors”) is registered as an investment advisor with the SEC. The firm only transacts business in states where it is properly registered or is excluded or exempted from registration requirements.

All expressions of opinion reflect the judgment of the author as of the date of publication and are subject to change. Some of the research and ratings shown in this presentation come from third parties that are not affiliated with Mercer Advisors. The information is believed to be accurate but is not guaranteed or warranted by Mercer Advisors. Content, research, tools and stock or option symbols are for educational and illustrative purposes only and do not imply a recommendation or solicitation to buy or sell a particular security or to engage in any particular investment strategy. For financial planning advice specific to your circumstances, talk to a qualified professional at Mercer Advisors.

This document may contain forward-looking statements including statements regarding our intent, belief or current expectations with respect to market conditions. Readers are cautioned not to place undue reliance on these forward-looking statements. While due care has been used in the preparation of forecast information, actual results may vary in a materially positive or negative manner. Forecasts and hypothetical examples are subject to uncertainty and contingencies outside Mercer Advisors’ control.

Ready to learn more?