Coronavirus: Precautions, preparations and prevention - click here for the latest information

Seasonal Phishing

25 Nov 2020   |   Matthew Lindsay

It’s beginning to look a lot like phishmas, everywhere you go, take a look at your five and ten, they’re emailing once again, with spurious haste and bad taste that should show…

Phishing scams are a persistent problem for organisations at all times of the year; however, there is a steep increase in the number of scams at Christmas as cybercriminals take advantage of distracted staff to launch targeted attacks.

When we’re distracted, mistakes happen, and Christmas tends to be the one time of the year when employees let their guard down which can result in a loss of sensitive data.

During the festive season, inboxes are flooded with eCards, messages from friends and family, delivery notifications from online-retailers and fraudsters use this flurry of online activity to launch mass phishing scams.

As the season approaches, organisations must ensure that staff remain vigilant of phishing attacks, delivered not only through external sources, but also through what appears to be legitimate internal communications, such as emails from senior management or the latest updates on the Christmas party.

Most employees will not even think twice opening an email from their boss; however, this is one of the more devious ways the crooks will try to trick staff into opening malicious links. Cybercriminals will often use a familiar internal email address but slightly alter one letter so that it’s extremely hard to distinguish between an authentic company email or a well-crafted fake. As a reminder only open emails from reputable sources, never click on a link that doesn’t seem legitimate and if an email describes an offer that seems too good to be true, it probably is.

Other scams that see an increase around this time of year include charity scams and credential stuffing. Charity scams are what they say on the tin and involve fraudsters impersonating large charities. Always ensure that if you want to make a Christmas donation to your favourite charity that you go via the official website and try to avoid links enclosed within emails. Credential stuffing is when a cybercriminal uses stolen usernames and passwords on other websites in a hope that an individual has used the same combination across multiple services. Over the last two years there has been a spike in this activity around Black Friday. Be extra vigilant around this time of year on all your accounts as if one has been compromised you may notice that other accounts also show suspicious activity.

As always, should you have any concerns or queries please reach out to information services via m.lindsay@ and report all suspicious emails to



View all Latest News View all Vacancies