AntiPhishers Holiday and Seasonal Phishing Alert Guide
Holiday and Seasonal Phishing Alert Guide
Phishing attacks spike predictably around holidays, shopping seasons, tax deadlines, and major events. The FBI and CISA issue annual warnings about seasonal phishing campaigns, and data consistently shows 30-50% increases in phishing volume during peak shopping periods. Attackers exploit seasonal context — gift-buying urgency, shipping anxiety, tax deadlines, and charitable giving — to make their lures more convincing and their targets more susceptible.
Understanding the seasonal phishing calendar helps individuals and organizations prepare defenses before the attacks arrive.
The Seasonal Phishing Calendar
January-April: Tax Season
Peak threat: January 15 through April 15
- IRS impersonation: Fake IRS emails demanding immediate payment, threatening audit, or requesting personal information for “refund processing.” The real IRS initiates contact by mail, not email or phone.
- Tax preparer impersonation: Fake messages from “your CPA” requesting sensitive documents or W-2 data
- Refund phishing: “Your tax refund is ready — verify your identity to receive it”
- W-2 phishing targeting employers: BEC attacks requesting employee W-2 data from HR departments
- Fake tax software: Phishing sites mimicking TurboTax, H&R Block, or IRS Free File
Defense: Report tax phishing to [email protected]. Verify all tax communications through your CPA’s known phone number or the IRS website directly.
May-August: Summer Travel and Back-to-School
- Travel booking scams: Fake airline, hotel, and vacation rental sites — verify bookings through official channels
- Fake WiFi at travel destinations: Evil twin attacks at airports, hotels, and cafes
- Back-to-school supply scams: Fake school supply deals and “mandatory” technology purchases
- Education-targeted registration phishing: Fake enrollment portals and financial aid applications
September-October: Open Enrollment and Charity Season
- Health insurance enrollment phishing: Fake marketplace.gov and insurer login pages
- Benefits enrollment scams: Phishing targeting employees during corporate open enrollment
- Charity scams: Fake donations to disaster relief and humanitarian organizations — verify at give.org before donating
- Halloween/event ticket scams: Fake event tickets and streaming links
November-December: Holiday Shopping
Peak threat: Black Friday through New Year’s
This is the highest-volume phishing period of the year, with attacks increasing 30-50% above baseline. APWG data showed a 14x surge in AI-generated phishing attacks toward the end of 2025.
- Package delivery phishing: Fake USPS, FedEx, UPS, and Amazon delivery notifications — the most common holiday lure
- Retail impersonation: Fake sale alerts from major retailers with “too good to be true” deals
- Gift card scams: Fake gift card activation pages and “free gift card” offers
- Shipping delay phishing: “Your order is delayed — update your address to avoid return”
- Payment confirmation phishing: Fake receipts for purchases you did not make, designed to create alarm
- Charitable giving phishing: Fake year-end donation requests from impersonated nonprofits
- E-card phishing: Malicious e-greeting cards with embedded links or malware
Year-Round: Event-Driven Phishing
Attackers also exploit current events and crises:
- Natural disasters: Fake donation sites, fake FEMA assistance applications
- Health emergencies: Fake government health notifications, vaccine/treatment offers
- Major data breaches: “Your account may have been affected — verify your information”
- Elections: Fake voter registration sites, donation portals, and political communications
- Major sporting events: Fake ticket sales, streaming links, and merchandise sites
How to Defend Against Seasonal Phishing
For Individuals
- Bookmark official sites — access your bank, IRS, shipping accounts, and retailers from bookmarks, not email links
- Verify delivery notifications — check tracking through the carrier’s official app or website, not through email links
- Use credit cards for online shopping — better fraud protection than debit cards
- Enable purchase alerts on all financial accounts — immediate notification of unauthorized charges
- Apply the five-point check to every seasonal communication: verify sender, inspect URLs, question urgency, analyze attachments, validate requests
- Use a password manager — prevents credential entry on phishing sites
- Monitor accounts closely during high-risk periods
For Organizations
Pre-season preparation:
- Send seasonal security advisories to employees before each peak period
- Run phishing simulations using seasonal lures one month before the peak
- Update email filtering rules for seasonal phishing patterns
- Review and reinforce payment verification procedures before year-end
During peak periods:
- Increase monitoring sensitivity on email gateways
- Enable enhanced browser security settings
- Remind employees to report suspicious messages, especially delivery and payment notifications
- Share real examples of current seasonal phishing campaigns (with URLs redacted)
For customer-facing organizations:
- Inform customers about your legitimate communication practices
- Publish a “how to verify our communications” page
- Alert customers to known phishing campaigns impersonating your brand
- Monitor for seasonal domain impersonation campaigns
Reporting Seasonal Phishing
| Scam Type | Report To |
|---|---|
| IRS impersonation | [email protected] |
| Package delivery scams | The impersonated carrier + IC3 |
| Charity scams | FTC + state attorney general |
| Shopping scams | FTC + IC3 |
| All phishing emails | [email protected] |
| Financial loss | FBI IC3 immediately |
Key Takeaways
- Phishing volume increases 30-50% during holiday shopping periods and peaks around tax season
- Package delivery, retail impersonation, and IRS phishing are the most common seasonal lures
- Bookmark official websites and access them directly — never through email links during peak periods
- Organizations should run seasonal phishing simulations and update email filtering before each peak
- Report seasonal phishing: IRS scams to [email protected], all others to IC3 and FTC
- Event-driven phishing exploits current crises — maintain awareness year-round, not just during holidays
For the complete phishing defense framework, see our phishing recognition and reporting guide.
Sources
- FBI IC3 2024 Internet Crime Report
- CISA Phishing Guidance: Stopping the Attack Cycle at Phase One
- APWG Phishing Activity Trends Reports 2025
This content is for educational purposes only. Report suspected phishing to ic3.gov, the impersonated organization, and your IT security team.