Seasonal-themed scams hit user inboxes in the run-up to Christmas, Bitdefender Antispam Lab warns

During the winter holidays, online scams and unsolicited emails increase considerably and malicious spammers, as usual, begin celebrating early.

Your dedicated inbox defenders at Bitdefender Antispam Labs have been tracking the steady flow of unsolicited Christmas-themed spam and potentially dangerous correspondence that could ruin your holiday.

Here’s what we found:

• The Christmas-themed spam rate has increased steadily since Nov 13, with spikes in unsolicited correspondence noticed on Nov 30 and between Dec 5-8, 2023 (see Figure 1)
• Nearly 3 in 10 unsolicited Christmas-themed emails consumers received between Nov 13 and Dec 12 were marked as a scam by Bitdefender Antispam Lab
• 29% of all Christmas spam emails (by volume) hit inboxes in the US and 19% reached users in Ireland (a decrease of 5 percentage points compared to 2022 stats), according to Bitdefender antispam telemetry (see Figure 2)
• French inboxes made the top three destinations of unsolicited Christmas-themed spam in 2023, ranking at 13% (a 6% increase from 2022). Christmas spam volumes in Germany came in at 10% (a 7% increase from 2022, followed by the UK at 9%, Italy at 4% and Australia at 3% (see Figure 2)
• 32% of all Christmas-themed spam emails (by volume) were sent from IP addresses in the US, 18% from France, 13% from China and 9% from the UK (see Figure 3)

You better watch out for these unsolicited emails this holiday season

Cybercrooks know you’re busy and less likely to check or double-check any unsolicited emails you receive this month.

In our analysis of the 2023 Christmas scam agenda, we noticed that threat actors continue to take advantage of consumer trends, including online shopping and weakness towards heavy discounts as well as giveaways and freebies.

With so many seasonal discounts and even legitimate online raffles, it’s easy to see how the holidays give threat actors more favorable circumstances to deliver compelling lures to defraud users.

Christmas-themed scam surveys are all about stealing your money and personal information. They promise you free gifts, money and mystery presents that will arrive just in time for Christmas day if you just fill them out now.

All of the fake surveys we analyzed asked recipients to provide their name, contact information (phone number and email address) and address before paying a small shipping fee (usually just a couple of dollars) to receive their prize.

However, attractive deals or tempting cash prizes and gifts aren’t the only thing that makes a successful clickbait for users. Our analysis has also revealed Christmas adaptations of your run-of-the-mill package deliveries, Crypto transactions, dating and lottery scams.

Threat actors also impersonated cryptocurrency exchange platform Binance to trick “qualified” users into handing out their credentials for a chance to win a share of a $380,000 promotion by collecting “all five unique Christmas Gift”.

Other scam campaigns were directed towards single men, who were invited to join a dedicated “club” to enjoy the New Year’s. The messages also contain indecent photos and invitations to join a dedicated chat where they can have video calls and exchange more information.

Some of the most impersonated brands include:

• Temu, Alibaba and Aliexpress
• European retail stores such as Carrefour and Kaufland
• Digital payment service Edenred
• US-based stores including Walmart, Kmart and Home Depot
• Cryptocurrency platform Binance

The ‘gifts’ this year are very compelling too, with baits ranging from a brand new PS5 to $4.2 million “ATM CARD”.

Here’s a taste of the scam emails you need to be on the lookout for to keep your accounts, identity and money safe.

How can you keep from falling victim to Christmas-themed scams that end up in your inbox?

Scammers are likely to cash in on a range of scams over the holiday season if don’t keep a watchful eye and stay up to date on their latest tricks. Whether you’re targeted via a fraudulent email, text or any other method, we recommend sticking to five cyber hygiene rules to remain safe and avoid compromise to any of your accounts:

1. Never share personally identifiable information in unsolicited correspondence you receive, this includes filling out surveys for prizes that require you to pay shipping fees

2. Never access links in correspondence that offers too-good-to-be-true deals or Christmas promotions

3. Always check the legitimacy of urgent emails and messages regarding undelivered packages or suspicious activity on your online accounts. You can do this by logging in to your account (via a dedicated app/web browser and NOT any embedded links in the email message).

1. Use websites and platforms you know to conduct last-minute shopping or banking transactions
2. Install and use a security solution that detects and blocks phishing and fraudulent websites, and malware

Since it’s almost Christmas, we’ve prepared a sweet treat for you.

Check out Bitdefender Scamio, our dedicated AI-powered scam detector to immediately find out if suspicious emails, texts, links or QR codes are real or fake, and protect your family and friends!

Happy Holidays!