Four Email Scams That Can Give You Malware During Christmas

Posted on: December 22, 2018

Christmas is a great time for cyber-criminals, especially those who make nasty malware which they distribute through malicious email attachments. That’s because scammers will know that many of us will be shopping on the Internet over the next few weeks. This allows criminals to tailor their emails scams to target those who may have just made an online purchase, in the knowledge that a good percentage of those receiving their email scams will likely have done just that.

Tips to avoid holiday scams

Detecting these scams is as important as it ever has been, since malware has progressed in how destructive it can be, especially ransomware, which encrypts all of your files, rendering them useless. Here are 4 email scams containing malicious attachments that you can expect during the Christmas period.

We could not deliver your parcel

As many of us spend our hard earned money online this Christmas, scammers will know that we’ll all be expecting our online purchases to arrive at the doorstep in the coming weeks. And this is what this clever scam relies on.

The email will appear to come from a courier company, and will tell the recipient that there was a problem delivering a parcel. For example there was an issue with the delivery address, or the recipient of the parcel was not home.

We could not deliver your parcel scam email

Whatever the reason, the email will suggest the email recipient to open the email attachment to resolve the problem, inadvertently executing the malware in the process.

View your invoice/order details

Not only do we expect our parcel to be delivered, we may also be expecting the invoice to arrive online. Many retailers, including Amazon, send invoices through email.

And this is how this scam works. The email scam will vaguely claim that you need to open the email attachment to view the invoice, or order details. Of course the email won’t say what you purchased (since the scammer doesn’t know that!) so the recipient may open the email attachment to check what the invoice is for.

View your invoice/order details scam email

And in doing so, they infect their own computer.

If you receive an invoice from a company you’ve never dealt with, it’s best to ignore it. And even if you recognize the company name but haven’t done any purchases with them recently, pick up the phone and call them to make sure it’s legit.

Problems with your order

We all want our Christmas presents to arrive on time, so getting an email that tells us a problem has arisen with our order is likely to get our attention. These emails will vary in exactly what they say, but essentially tell the recipient that there was a problem with your online order and that you need to open the attachment for details.

Problems with your order scam email

And when you open the attachment, you infect your computer.

Remember: Any issues with the order will not be in an email attachment. You can check the status on any pending order by going directly to the retailer’s website.

Payment declined

The last thing we want when purchasing items online is for our payment to be declined. So when an email arrives telling us just that, we’ll certainly want to get to the bottom of it.

Scammers know that lots of us will be making online payments, meaning email attachment scams purporting some sort of “your payment has been declined” tale will enjoy much more success at this time of the year.

Payment declined scam email

Naturally, the email will implore the recipient to open the email attachment to see details of the problem.

Any issues with payment will not be put into an email attachment. You can contact the retailer directly for the status of an order.


…malicious email attachments usually reside in ZIP files, meaning you need to open the ZIP folder and then open the file inside to infect your computer. However, not all malicious emails have to be ZIP folders. Malicious email attachments can also .doc, .bat, .exe, .xls, or .pdf extensions. Additionally, email attachments may have fake extensions to make them appear harmless, for example, “picture001.jpg.exe” is not a picture!

The important thing to remember, if you’re not sure, don’t open! This also applies to emails that you were not expecting that contain attachments. Only open email attachments if you are 100% confident of the contents of the attachment and the source of the email can be trusted.

Clicked on something you shouldn’t have?
Contact us now, 03 544 1995!

Like what you read?

Join Our Newsletter!

Our weekly newsletters have easy-to-read information for our clients. No geek speak! We explain things in a simple to understand way so you can make better decisions when it comes to technology!

We truly appreciate your business, and hope that this will be an interesting and valuable resource for you. Feel free to forward and share these tips with your friends and family. And don’t worry, we hate spam too! You can unsubscribe at anytime.

Join Our Newsletter