- Holiday emails often hide scams that steal personal and banking information
- Bulk marketing-style messages are used to disguise fraudulent financial requests
- Redirect chains collect increasingly sensitive identity details from unsuspecting victims
Holiday email traffic increases sharply at the end of the year, creating an environment that scammers actively exploit.
According to X-Labs, via ForcePoint, recent scam campaigns rely on messages that resemble ordinary holiday promotions or order notifications rather than obvious phishing attempts.
These emails look routine enough to avoid scrutiny from recipients dealing with crowded inboxes.
Marketing emails engineered to appear legitimate
Many of the scam messages move through bulk mailing systems that mirror standard commercial email campaigns.
The formatting is usually clean, lightly branded, and free of common spelling or grammar errors.
Tracking links and unsubscribe options appear in the messages to reinforce the impression of legitimate marketing activity.
This design helps the emails bypass basic spam detection systems that rely on older threat patterns.
When recipients click embedded links, the messages redirect them through a series of pages that appear tied to seasonal financial offers.
The interaction usually begins with neutral questions, such as requested loan amounts or basic eligibility details.
As the process continues, the forms ask for progressively sensitive information, including personal identifiers, employment history, income details, and banking credentials.
After users submit information on the initial site, the flow often redirects them again to additional financial-themed pages.
These secondary sites request similar data and promote other loan-related offers, which increases exposure.
This structure lets scammers reuse collected information while pushing victims to share even more details across multiple domains without realizing the broader scheme.
Another group of campaigns targets corporate recipients by impersonating DocuSign document notifications and order confirmations.
The emails claim that festive purchases or wine orders require verification, using DocuSign branding to build credibility.
Any link in these messages routes through unrelated hosting infrastructure before leading to credential harvesting pages that target corporate email logins.
Malware removal tools offer limited protection against these scams because the attacks rely on data collection rather than installing malicious software.
How to stay safe
- Verify sender domains carefully and treat unexpected or mismatched addresses as untrusted until independently confirmed.
- Examine link destinations before clicking, especially when emails reference documents, loans, or festive purchases.
- Access financial and document services directly through official websites instead of using embedded email buttons.
- Use identity theft protection tools to monitor for suspicious activity and alerts on compromised personal information.
- Use antivirus software as a supporting control, not a primary defense against phishing based attacks.
- Slow down routine email handling during high volume periods and verify messages before interacting.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.