Security vendor Gridinsoft issued an urgent holiday alert reporting a 620% spike in phishing and BEC activity tied to seasonal shopping. The company warned about retailer and delivery lures, gift‑card scams and delivery‑tracking frauds that harvest credentials or install malware.

Gridinsoft published a press release asserting a dramatic 620% increase in phishing and business‑email‑compromise activity tied to seasonal shopping patterns. The firm said cybercriminals are exploiting holiday delivery notifications, fake retail offers, and impersonated seller pages to trick victims into entering credentials, approving fraudulent payments, or executing malicious installers that deliver malware. Particular attention was drawn to gift‑card scams and delivery‑tracking lures that demand immediate payment or credential confirmation, and to social‑engineered messages that create artificial urgency. Gridinsoft recommended defensive steps including using link‑reputation and URL scanning tools, verifying sellers on official marketplaces, avoiding payment via gift cards or cryptocurrency for unexpected requests, and maintaining updated endpoint protection. The vendor also reminded users to enable multifactor authentication, restrict macro execution and software installation on workstations, and train staff to recognize holiday‑themed phishing templates. The alert framed the surge as seasonal opportunism by threat actors adapting both social‑engineering scripts and technical delivery methods to holiday shopping behaviors.