The holidays come every year and so do heightened threats of a cyber attack during the shopping season. We are re-sharing this article so that you can learn how to protect yourself (and your organization) from hackers.

With the holiday season upon us, the number of online shoppers increases immensely, with cybercriminals following suit to target their next victims. Unfortunately for holiday shoppers, attackers take advantage of the increased online transactions, emails and financial activity. The more buyers use their credit cards and payment methods, the more chances arise for consumer data theft.

No matter what cybersecurity strategies you set, it’s very likely that cybercriminals are finding ways to abuse your liabilities. These scams aren’t unique to the holiday season, but the higher volume of online activity raises the likelihood that a person will fall prey to a scam or fraudulent endeavor. Avoiding email spam and other phishing attacks applies all year long but consumers should pay special attention during the holiday season.

Past Christmas Phishing Scams

Holiday season makes businesses more likely to suffer a data breach. Phishing emails disguised as communications from retail companies, mailing services, banks, etc. can include links to sham websites that ask for your personal information (bank account numbers, passwords), or to click on malicious download links. Cybercriminals have become more sophisticated, using more refined methods to adjust to shoppers’ growing digital lifestyles. Past Christmas phishing scams still haunt users today, as research indicates that email and text phishing are still very common practices.

But the question remains: How are Christmas phishing scams still a thing? Unfortunately, the more innovative the scam, the more likely it is that you won’t notice it happened until months later. You might not even realize you have downloaded a malicious file until it has already damaged your system or corrupted your data.

Last year there were 7,500 reports of these Christmas phishing scams and $400,000 was reported lost. Some of the most common holiday season scams were online phishing scams, shopping scams and fake parcel delivery.

With the holidays upon us, it is important to remain vigilant and watch out for other types of holiday cybersecurity threats. This article will expand on the most common holiday cyber scams and some helpful tips to avoid them.

Top 4 Cybersecurity Threats You Should Be Aware of This Holiday Season

1) Phishing email scams

Phishing, a form of social engineering, is the act of sending an email under a fake alias to convince the recipient to take certain actions such as open a fake website or click on a download link. This threat takes place all year long, but consumers see a surge of phishing scams during the holiday shopping season. Security teams should keep this threat on top of their minds and figure out ways to mitigate against them. It’s one of the main ways cybercriminals advance in their bad behavior.

Symantec’s 2019 Security Threat Report stated that almost one in every 400 emails is malicious. A typical office employee receives around a hundred emails per day, meaning chances of getting at least one malicious email on a weekly basis are high. Holiday season usually makes office employees visit shopping sites more than usual, while being connected to the company’s network and potentially providing their company email address.

2) Fake Email Accounts Including Ransomware

The difference between phishing emails and ransomware emails is that once the recipient opens a corrupted file or clicks on an infected website, the malware installs on their system and proliferates throughout the network. Once in the network, it encodes the company’s information and data. Although this doesn’t always happen right away, ransomware code can stay hidden until activated by a certain trigger.

According to Security Boulevard, the average ransom payment for Q2 2020 was $178,254, up from Q1’s $111,605 average, making it easy to understand why so many companies pay for it. This is a reasonable investment compared to the price of losing data through a cyberattack.

3) Distributed Denial of Service (DDoS) attacks

A Distributed Denial of Service (DDoS) attack is a way to extort money. Hackers are now searching the two into a type of attack called a Ransom Distributed Denial of Service attack (RDDoS). In an RDDoS, attackers use bots to bombard a company’s website with more traffic than they are intended to handle, draining the organization’s CPU. After the damage is done, the malicious actor requests a ransom to break off the attack.

4) Site Interruption

Miscreants are now using bots to damage retail sites. These bots usually fill the shopping cart and send down inventory, with the intent to sabotage competition and suppress their ecommerce sales during the attack. This holiday cyber threat is particularly popular during black Friday, cyber Monday and Christmas time. When cybercriminals interrupt websites, the website shows like there is no inventory remaining, enabling the competition to increase their prices and seem more attractive to search engines and shoppers.

Recovering from a cyberattack is never easy, but preventing holiday cyber scams is a more viable approach. To avoid ransomware or other holiday cybersecurity threats from spoiling your holiday season, here are some actions you should take right away:

  1. Make Sure Your Employees Are Aware

As many articles will tell you, more than half of all cybersecurity attacks are the result of human error. Every organization should educate their employees, so they understand the risks and how to recognize a suspicious security threat. Employees, spending more time on retail websites than usual, should take added precautions, such as never opening attachments from unsolicited emails or clicking on suspicious links.

  1. Add Extra Security to Your Email Accounts

Email attachments are still a popular attack path. Adding a layer of protection on email accounts can prevent malicious emails from getting through to your employees.

  1. Make Sure You Protect Your Data With the Right Cybersecurity Strategy

Your holiday season doesn’t have to be a cyber disaster if you are taking the proper measures. Organizations following a proactive strategy to protect their data are less likely to suffer a cyberattack than those who are reactive post-attack.

Cybersecurity Solutions to Help Protect Your Business During the Holidays

With a higher likelihood of having personal information exposed during the holiday season, organizations must be aware of cyber threats to protect applications and underlying infrastructure. In order to efficiently manage risk, companies must reduce their attack surface. Threat modeling is the most effective way to visualize an ecosystem, including all the assets, the attack paths and security controls to reduce risk.

ThreatModeler is an automated, next generation platform that enables organizations to identify, prioritize and proactively mitigate threats. ThreatModeler automatically builds a threat model of your architecture and generates outputs for mitigation. DevOps can now come together to threat model, including non-security personnel. To learn more about how ThreatModeler can enable your team to design with security built in, schedule a live demo.



ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >