Google warns of holiday scam surge: how to protect yourself from fraud


Google’s Gmail, the world's largest email provider with more than 2.5 billion users, blocks 99.9% of spam, phishing, and malware. However, the remaining 0.1% can still be very damaging.

Every year, scammers go into overdrive during the holiday season – and 2024 is no exception.

“Since mid-November, we’ve seen a massive surge in email traffic compared to previous months, making protecting inboxes an even greater challenge than normal,” Google said in a blog post.

ADVERTISEMENT

Google expects a second wave of attacks to hit around this time, as attackers adjust and try new tactics.

Three scams seem to dominate this holiday season:

  • Invoice scams: Fraudsters send fake invoices, typically solicit phone calls to dispute the “charges,” and use this connection to convince victims to pay them. These scams aren’t new but persistent and incredibly prevalent.
  • Celebrity scams: Scam emails reference famous people, either pretending to come from the celebrity themselves or claiming a given celebrity is endorsing a random product. The associations don’t always make much sense. Scammers attempt to use the association to build trust and trick people into engaging with “too good to be true” scenarios.
  • Extortion scams: Victims receive vicious and scary emails with details on their home addresses, sometimes even including a picture of the location. The messages arrive in a few different versions, but they generally either include threats of physical harm or threats of releasing damaging personal material they say they acquired through a hack.

Gmail introduced new AI-based cyber defenses. By spotting these patterns, large language models alone block 20% more spam than before and can review 1,000 times more user-reported scam cases.

New Gmail security features led to 35% fewer user-reported scams hitting inboxes during the first month of the holiday season compared to last year.

vilius Marcus Walsh profile justinasv Stefanie
Get our latest stories today on Google News

However, Google wants you to stay alert.

“It’s equally important for you to stay vigilant and report any suspicious emails as spam or phishing,” the blog post reads.

ADVERTISEMENT

Google shared its four “golden rules” for users to follow and protect themselves from scammers:

  • Slow it down: Scams are often designed to create a sense of urgency, using terms like “urgent, immediate, deactivate, unauthorized, etc.”
  • Spot check: Do your research to double-check the details of an email. Does what it’s saying make sense? Can you validate the sender's email address?
  • Stop! Don’t send: No reputable person or agency will ever demand payment or your personal information on the spot, Google claims.
  • Report it: If you see something suspicious, mark it as spam.

Bitdefender also warns of a new wave of scam emails seeking donations for UNICEF or other humanitarian groups.

Scammers use two scenarios to lure users to enter their credentials and financial information or install malware on their devices. One strategy is to present targets with some type of emergency to compel opening a link or attachment or installing an application. The other is to entice victims with monetary prizes, expensive smartphones, or other too-good-to-be-true offers.