LMG Security Resources
Back to List
Tip Sheet

Holiday Fraud Defense Checklist

lmg checklist image holiday fraud

The surge in holiday-season scams has made it clear that cyber risk no longer stops at the checkout page. With attackers using bots, spoofed sites, and AI-driven phishing to target employees as aggressively as consumers, organizations can’t rely on standard awareness reminders or year-old playbooks. This checklist offers focused, actionable steps to help security and IT teams tighten controls before peak shopping periods — and reduce their exposure to the next wave of holiday fraud.

Click here to download the checklist as a PDF: Holiday Fraud Defense Checklist

Holiday Fraud Defense Checklist

Key Actions for Security & IT Leaders in 2025

  1. Treat holiday scams as a business risk: Automated bots, fake promotions, and AI-generated phishing target your employees — not just shoppers.

  2. Expect password reuse — enforce strong MFA everywhere: Protect SSO, VPN, and admin portals with strong MFA, and block known-breached or reused passwords where possible.

  3. Filter malicious ads and spoofed sites: Use DNS filtering and enterprise ad-blocking to stop malvertising and look-alike domains before users ever see them.

  4. Strengthen bot and fraud detection: Tune WAF and bot-management rules to detect credential stuffing, automated login spikes, and suspicious traffic around Black Friday and Christmas.

  5. Run a short awareness push before Black Friday — repeat before Christmas: Warn staff (including seasonal workers) about gift-card scams, fake charities, refund fraud, and holiday-themed phishing.

  6. Remember, personal security IS corporate security: Compromised personal devices and accounts can directly expose your organization, especially with BYOD and remote access.

 

For more on holiday fraud defense, read our blog: Holiday Hackers: How AI Is Supercharging Seasonal Fraud—and What Your Organization Must Do Now

Related Resources

Holiday Fraud Defense Checklist

Checklist – SaaS Incident Response

Hiring Security Checklist

Digital Afterlife Planning Checklist

CONTACT US