Phishing and smishing attacks spike during the holiday season, when inboxes are full, and guards are down. Learn how cybercriminals operate and how to stay protected with updated Nordic fraud statistics and three quick steps.
This article contains
- Why cyberattacks spike during holidays and shopping events
- Three easy steps to protect yourself and your organization
- Updated statistics on smishing and online fraud in the Nordics
The holiday season is a time for joy and connection, but it’s also peak season for
Phishing and smishing campaigns increase significantly during major shopping events. Threats often impersonate trusted senders to trick users into clicking on malicious links or sharing sensitive data.
Some of the most common tactics include:
- Fake delivery updates that redirect to phishing websites
- Fraudulent donation campaigns pretending to be charities
- Malicious links in digital greeting cards and holiday messages
Smishing, phishing via SMS, is one of the fastest-growing attack methods. These messages often appear urgent and personal, prompting quick action.
Nordic cybercrime trends in 2024–2025
According to our recent report, more than 18 million fraudulent SMS messages were blocked in Sweden during the first nine months of 2024. This excludes peak shopping periods such as Black Week and Christmas.
Across the Nordics, over 260,000 online fraud cases were reported in 2024, and fraudsters gained an estimated 828 million Euro from the Nordic inhabitants the year before.
And in early 2024, the hacker group Akira targeted Finnish IT provider Tietoevry. The ransomware attack disrupted payroll systems for 120 public authorities and impacted both municipalities and private companies.
Learn more in our blog: Is it possible to prevent a smishing attack?
Why the holidays are high-risk for cybercrime
Black Week, Christmas and New Year’s create the perfect storm. Inboxes are flooded with offers, shipping updates and last-minute deals. Fake messages blend in, making it harder to spot danger.
Cybercriminals design attacks that feel urgent and timely. And in 2024 and 2025, threat reports show record highs across the Nordics. This reflects both strong digital habits and evolving criminal methods.
How to stay protected from cybercrime this season
Protecting yourself doesn’t have to be complex. Here are three quick steps to reduce risk for yourself and your organization.
Think before you click: Avoid opening attachments or clicking links unless you're certain the sender is legitimate. If you get a delivery update or charity request, visit the organization’s official website directly.
Use strong authentication: Enable two-factor authentication (preferably via an app, not SMS). Keep your devices and software up to date to close known security gaps.
Stay aware with regular training: Security is a behavioral issue, not just a technical one. Ongoing training and simulations build habits that reduce risk.
This holiday season, don’t let a scam ruin your peace of mind. Stay alert, verify before you click and keep your team educated. A few smart habits go a long way, not just in December, but all year round.
