Scams unwrapped: Kaspersky’s cybersecurity experts warn of evolving holiday scams

As New Year holiday festivities approach, it’s not only a time for magic and celebration but also a prime opportunity for fraudsters to exploit the festive rush for gifts and bargains. Amid the sparkle of year-end celebrations, cybersecurity experts at Kaspersky have identified several prominent scams targeting consumers across various regions and languages. Fake holiday shops Deceptive online stores mimic the look and feel of legitimate e-commerce sites, offering seasonal items such as decorations, gifts, and even trees at steep discounts. These sites often appear highly localized, adapting their language and currency based on the user’s geographic location, leveraging data extracted from browsers. Victims typically encounter these stores by following links in ads or pop-ups. These sites aim to steal funds. Often, these fraudulent stores exist only for a short period, as they get flagged by the vendors of goods. Free mobile data offer This scam plays on the allure of free services, claiming to provide free mobile data valid across all major telecom providers. In order to receive the free data, victims are required to share the promotion link with 10–15 contacts via WhatsApp, ensuring the scam spreads exponentially. After sharing, victims are prompted to enter their personal details — name, phone number, and email — into a form. The collected data is then sold on the Dark Web or used in other fraudulent activities. In some cases, victims unknowingly download malware that compromises their devices, leading to further exploitation. An example of a scam on free data for mobile Holiday payments on behalf of government agencies Fraudsters impersonate government authorities, promising fictitious payments in celebration of the holidays. This scam has been reported in several African countries, including Kenya and Nigeria. To receive payment, victims are directed to fill out a survey which requires personal details like name and phone number. Once the survey is completed the user is asked to share the link to the announcement with their connections via WhatsApp. These details are collected and added to fraudulent databases, then sold to third parties or used for phishing attacks and identity theft. This scam exploits trust in government systems and the festive spirit of giving. Christmas recipe scam This scam begins with a seemingly harmless email promoting a holiday cake recipe. Victims are encouraged to pay a small fee to access the recipe. Once payment is made, the victim’s credit card information is stolen. The fraudsters also collect other personal information essential for accessing banking services. An example of a fraudulent page for purchasing a Christmas recipe in Portuguese Noor Nabulsi, Head of PR and Strategic Partnerships at dubizzle, emphasized the importance of trust and safety online, stating: : “At dubizzle, safeguarding our users and fostering trust within our community are core priorities. To enhance safety and transparency, we’ve implemented features like the ‘Verified’ badge, which helps buyers and sellers identify and connect with genuine users. We strongly urge our users to leverage the “dubizzle Chat” for all interactions, as it provides a secure, monitored and controlled environment, significantly reducing the risk of fraudulent activities. Moving conversations to external platforms like messaging apps can expose users to potential scams, as these channels lack the protective measures built into dubizzle’s ecosystem. Keeping all discussions on dubizzle Chat ensures that users are shielded from malicious links, phishing attempts, and other fraudulent behavior.