On Wednesday, November 11th, the United States Computer Emergency Readiness Team (US-CERT) released an alert reminding users that the holiday season is a time to remain vigilant and cautious when shopping online or browsing the internet: holiday phishing scams and malware campaigns abound.

A significant increase in scams and spam is typical for this time of year, so keep a weather eye out for fake advertisements, emails with malicious attachments, shipping notifications intended to deliver infected attachments, fraudulent social media posts or emails asking you to purchase items or support phony causes. 

US-CERT suggests taking the following precautions to avoid security breaches, identity theft, or financial loss due to holiday scams:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission’s Consumer Information page on Charity Scams.

US-CERT recommends taking the following actions if you believe you are a victim of a holiday phishing scam or malware campaign:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.


If you manage a website, you will likely also notice a large bump in referral spam  throughout the weeks surrounding holidays. Typically, this referral spam will not harm your website, but it can make your Google Analytics data completely unreliable. If you’re feeling overloaded with referral spam, consider setting up some filters in Google Analytics to cut out spam sources and see what your traffic actually looks like.