Alerts E-Threats

Here’s When a Scammer Will Target You… And How! (Infographic)

Each year, around Christmas, Valentine’s Day, Easter, Halloween and other holidays, most of us try to come up with at least one original gift idea. This painstaking process is further complicated by the need to decide who goes on our list. Acquaintances? Workmates? Just family?

Holiday online scammers, then, appear to have it easy. Like clockwork, scammers roll out millions of spam e-mails and other tricks to mark special occasions with little thought to variety – a Valentine’s Day surprise is just a minor variation from a Christmas gift or a Halloween treat. And they don’t even narrow down their list – they target everybody!

Fake shopping websites, bogus discounts, rip-off wrist watches and dozens of other schemes in the scammer arsenal keep appearing holiday after holiday, year after year. Even though such scams are predictable to the point of boredom, their consequences are increasingly serious. Clicking a link or accessing a website or an attached file may lead to horrible infections that result in data loss, impersonations, money and critical information stolen.

Bitdefender has compiled a handy guide to seasonal scammer tricks to help you avoid a scary Christmas, a cash-strapped Easter, or a Halloween where a greedy scammer goes out disguised – as you.

December and early January is when most scam campaigns happen

People celebrate Christmas Day and New Year’s Day looking for presents and vacations. Scammers know it. And begin spreading offers from bogus Christmas loans to credit card extensions, from personalized letters from Santa to diet and body cleansing pills, fake Rolex, party locations, luxury car and hotel reservations. The offers almost invariably take users to bogus surveys, phishing forms or even malware such as exploit kits, downloaders and droppers.

From the end of January to mid-February, scammers’ attention turns to lovers

Some 7 percent of all spam sent prior to Valentine’s Day all around the globe seek to persuade people to buy a gift for their lover. The offers range from fake chocolate and flower arrangements to replica watches, jewelries, perfumes and personalized gifts.

In April or May, crooks “arrange” a 50% off sale for Easter Flowers and Easter cash deposit approval letters. Plus a miracle weight loss plant to keep people in shape no matter how much they eat during Easter. The offer may also include potency pills and nerve calming remedies which, for some reason, scammers find appropriate around holidays.  (Perhaps because scammers themselves feel they have so much work to do on holidays.)

If it’s May, it’s Mother’s Day and Memorial Day. Scammers target users with offers of flowers, travel gift cards, restaurant discounts, and spa and gym vouchers. This year, crooks also advertised some curious products for buyers rather than their moms: sports footwear, gadgets, cards and toilet paper. For Memorial Day, scammers personalized some old car discount offers and the eternal fake watches with flashy banners on a red, white and blue background. The same car discount offers were advertised in December – adorned with a Christmassy touch and feel.

May and June are reserved for holiday planning scams

As vacation goers start going through the early deals of the travel industry, scammers mingle fraudulent with the legit ones to confuse users into inserting their credit card data into counterfeit websites. If a regular “business spam day” means some 1.8 million messages, at the season peak we are talking about approximately 108000 holiday-themed pieces a day, of which bogus flight confirmations are most spread. Apart from flight confirmations, scammers also taunt people with fake newsletters promoting early-booking bargains, hotel reservations, cruise packages, travel insurance offers and holiday loans.

But also in June, spammers suggest Americans to buy their dads a $154.95 Yard Barbeque kit to celebrate Father’s Day in a cozy intimate fashion.

Around July 4th, Independence Day is celebrated by cybercriminals with spam, malware and fireworks. Seasonal malware distribution campaigns are especially linked to political messages or special fireworks sales. Users are asked to click the banners and receive the offers or the political motivational speeches.

In July, August and September, scammers take another approach to vacation scams – after holiday money transactions, sending messages allegedly from hotel managers to have their summer clients check money transactions or receipts from hotels or flights. Clicking the inserted links or opening the attachments leads users to phishing, malware and fraud. Spam messages with titles such as “American Express Alert: Your Transaction is Aborted” or “Your Card Service is Blocked” ought to be avoided in these months.

September scams capitalize on 9/11

September delivers Labor Day scams and the disturbing 9/11 – related assaults in the form of quickly erected web sites studded with terms such as “bin Laden alive”, “in depth details about the terrorist attack”, “police investigation results” and “towers going down”. They attract the curious and the mourners. Another common fraud capitalizing on the solemnity and sorrow of the anniversary is the charity scam or the memorabilia offer for collectors (coins or shards of metal from the tower structure).

End of the year scams push dazzling offers

In October, Halloween helps scammers push pirated software, coupons for products people don’t need, dairy foods, ink, flowers and sweets, toys Halloween customers, pornographic materials, online dating tips and software games.

November means Thanksgiving and Black Friday dazzling offers. Spammers, scammers and plain old attention-seekers buzz the millions of shoppers with the best offers on the internet – bottom dollar prices for cars, $3 a week car insurance and designer clothing so cheap it could only be made by the slaves of sweat shop workers. Some years may also bring children’s books, designer clothes, smartphones, and casino coupons.

Click here for the entire infographic

Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.