- Holiday emails often hide scams that steal personal and banking information
- Marketing-style mass messages are used to disguise fraudulent financial requests
- Redirect chains are increasingly collecting sensitive identity information from unsuspecting victims
Holiday email traffic spikes at the end of the year, creating an environment that scammers actively exploit.
According to X-Labs, via ForcePoint, recent scam campaigns rely on messages that look like regular holiday promotions or order notifications rather than overt phishing attempts.
These emails appear routine enough to avoid scrutiny by recipients dealing with overflowing inboxes.
Marketing emails designed to appear legitimate
Many of the scam messages move through bulk mailing systems that mirror standard commercial email campaigns.
The formatting is usually clean, lightly labeled, and free of common spelling or grammar errors.
Tracking links and opt-out options appear in the messages to reinforce the impression of legitimate marketing activity.
This design helps emails bypass basic spam detection systems that rely on legacy threat patterns.
When recipients click on embedded links, the messages redirect them through a series of pages that appear to be linked to seasonal financial offers.
The interaction usually begins with neutral questions, such as requested loan amounts or basic eligibility information.
As the process continues, the forms ask for progressively more sensitive information, including personal identifiers, employment history, income information and bank details.
After users submit information on the original site, the stream often redirects them again to additional financial-themed pages.
These secondary sites request similar data and promote other loan-related offers, increasing exposure.
This structure allows fraudsters to reuse collected information while pushing victims to share even more details across multiple domains without realizing the wider scheme.
Another group of campaigns targets corporate recipients by impersonating DocuSign document notifications and order confirmations.
Emails claim that celebratory purchases or wine orders require verification, using DocuSign branding to build credibility.
Any link in these messages routes through unrelated hosting infrastructure before leading to credential collection pages that target corporate email logins.
Malware removal tools offer limited protection against these scams because the attacks rely on data collection rather than installing malicious software.
How to stay safe
- Verify sender domains carefully and treat unexpected or mismatched addresses as untrustworthy until independently verified.
- Research link destinations before clicking, especially when emails refer to documents, loans or festive purchases.
- Access financial and document services directly through official websites instead of using embedded email buttons.
- Use identity theft protection tools to monitor for suspicious activity and alerts about compromised personal information.
- Use antivirus software as a supporting control, not a primary defense against phishing-based attacks.
- Slow down routine email handling during high volume periods and confirm messages before interacting.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
