Kaspersky lists top Holiday Scams to watch out for in PH

As Filipinos ramp up online shopping, digital payments, and money transfers during the holiday season, cybercriminals are also stepping up their activities. Kaspersky warns that the surge in year-end sales and financial transactions creates a high-risk environment for online scams.

Adrian Hia, Managing Director for Asia Pacific at Kaspersky said the holiday season is a peak period for online activity in the Philippines, making it especially attractive to cybercriminals who deploy increasingly sophisticated tactics to steal personal data, financial information, and account credentials.

“During the holiday season, attackers capitalize on time-pressured shopping and transactions to exploit lapses in user vigilance. This makes awareness and consistent security practices especially important,” he further said.

Kaspersky’s latest threat intelligence highlights how seasonal shopping periods continue to be exploited by cybercriminals worldwide. From January to October 2025, Kaspersky blocked more than 6.4 million phishing attempts impersonating online stores, banks, and payment systems, with nearly half targeting online shoppers.

These trends are particularly relevant to the Philippines, where online shopping, digital payments, and gaming activity typically surge during the holiday season. Based on Kaspersky’s global threat intelligence and regional observations, the most common holiday-related scams affecting users in the Philippines include:

• Phishing emails and text messages impersonating delivery services, banks, or e-wallet providers, urging users to click malicious links or provide sensitive information
• Fake online stores and promo pages offering unrealistically low prices, often promoted through social media ads or messaging apps
• Fraudulent payment requests sent through messaging apps, posing as sellers, customer support agents, or even known contacts
• Account takeover attempts, where compromised credentials are used to access online shopping, banking, or social media accounts

To help users and organizations guard against these threats, Kaspersky recommends the following:

For Individual Users:

• Shop only on trusted platforms and be wary of deals that seem too good to be true
• Do not click links or download attachments from unsolicited emails, texts, or messages
• Verify payment requests and delivery notices through official apps or websites
• Use strong, unique passwords, enable multi-factor authentication, and consider using a password manager
• Install security solutions that provide real-time protection against phishing and online fraud

 

For Businesses:

• Train employees to recognize phishing and social engineering attacks, especially during peak holiday activity
• Monitor email and account activity closely for suspicious behavior or unauthorized access
• Implement advanced endpoint protection and threat detection, such as Kaspersky Next, to quickly identify, investigate, and respond to attacks across devices and workloads
• Ensure systems, endpoints, and applications are regularly updated and patched to minimize exposure to known vulnerabilities
• Strengthen incident detection and response capabilities with centralized monitoring and visibility