As we gear up for the American Thanksgiving and enter the winter holiday season, we must all be extra vigilant in our security efforts. This is the time of year that criminals like to take advantage of our distracted minds. As we’re worrying about how to afford all the kids’ gifts this year or whose house we have to go to for the big family dinner, we’re often stressed, anxious and easily distracted – which is exactly what the bad guys are hoping for! So we must increase our awareness in order to protect our families and our bank accounts.

Here are some common holiday scams to keep an eye out for this holiday season.


Ikea Phishing Scam:


This one is brand new this season and has already claimed tens of thousands of victims, mostly in the UK (but has spread to Europe and the US). It’s a pretty basic phishing email: an email that looks like it came from Ikea thanking you for your order drops into your inbox containing an attachment which looks like a purchase receipt. When opened, a script is run that allows attackers to download all sorts of personal details from the victim’s computer. Never open attachments from unknown sources — in this case, if you don’t remember buying something from Ikea, you probably didn’t! So delete it right away!

Secret Sister Gift Exchange:

It’s starting to take over Facebook. It seems innocent and fun enough. Send one gift valued at $10 to the first person on a list to begin a pyramid of gift giving and receiving. Below is the gist of the text being shared:

1) Send one gift value at least $10 to secret sister #1 below.

2) Remove secret sister’s name from #1; then move secret sister #2 to that spot.

3) Add your name to #2 with your info.

4) Then send this info to 6 other ladies with the updated name info

5) Copy the secret sister request that I posted on my wall, to your own wall. If you cannot complete this within 1 week please notify me, as it isn’t fair to the ladies who have participated and are waiting for their own gifts to arrive. You might want to order directly from a web-based service (Amazon, or any other online shop) which saves a trip to the post office. Soon you should receive 36 gifts! What a deal, 36 gifts for giving just one! Be sure to include some information about yourself … some of your favorites. Seldom does anyone drop out because it’s so much fun to send a gift to someone you may or may not know … and of course it’s fun to receive. You should begin receiving gifts in about 2 weeks if you get your letters out to your 6 people right away.


This scam is just an updated form of an old-fashioned pyramid scheme and chain email. And it’s important to note that chain letters are illegal “if they request money or other items of value and promise a substantial return to the participants.” So don’t fall for this one! Delete any requests you get to participate in said exchange – and tell family members and friends not to fall victim either!

Gift Card Scam:

Some websites, such as, claim to only accept gift cards as payment. The Better Business Bureau has received many complaints from customers claiming that the website accepts payment via Amazon gift cards, will not deliver the purchased good, and will not respond to customers after the order is placed. Why aren’t they responding? Because it’s a scam!

If you or someone you know have fallen prey to this con, contact Amazon immediately, as they can lock the gift card you sent to keep it from being used and send you information on how to get your money refunded.

(EDIT: It appears the site has been taken down for the moment, but this is still a good opportunity for you to see how these types of scams work so that you can look out for them in the future.)

Charity Scams:

Who doesn’t like to help the needy during the holidays? Just be sure you’re not helping the greedy! Some bad guys prey upon people’s kindness by posing as a charity to take your money. A good example of this are email charity scams that might sound legitimate and even link to a website where you can make a donation. But unless you have signed up to be on a charity’s email list, do not respond to these solicitations! If you want to help a specific charity, visit their website directly.

Holiday Job Scam:


Many jobs start popping up on Craigslist and other job posting sites around the holidays but sometimes scammers pose as hiring managers and try to steal your PII (personally identifiable information) so that they can use your identity in fraudulent ways. If a job posting asks for ANY personal information – such as your address, social security number or bank account number – do not respond!

If a job offer comes from someone using a free email service (such as Gmail, Hotmail, AOL, etc.), it could possibly be a scam. If a job posting is offering a high pay gig that requires no experience, it’s definitely a scam. Use common sense. Never deposit a check from a company before you begin working. Never wire an “overpayment” back (this is big with phishing scams of all types, not just job postings). Never pay upfront costs for training or any kind. If you see the same job posting in many different cities or by many different companies, this is a red flag – probably a scam!


Phishing is not going away anytime soon, and scammers are only going to get more clever, so we can all just keep dreaming of a clean inbox. This holiday season, let’s all vow to be extra vigilant human firewalls (did you sign the pledge?) and not be scammed!

Kayley Melton

Director of Digital Strategy at SAC
Kayley manages our growing footprint on the web and develops marketing strategies to both keep us current & help us reach more people who might benefit from our message. A professionally trained artist and verifiable “weird girl,” she has 5 pet-children, cooks unbelievably good food, and can out-lift you at the gym.