Phishing and smishing attacks spike during the holiday season, when inboxes are full, and guards are down. Learn how cybercriminals operate and how to stay protected with updated Nordic fraud statistics and three quick steps.
This article contains
The holiday season is a time for joy and connection, but it’s also peak season for
Phishing and smishing campaigns increase significantly during major shopping events. Threats often impersonate trusted senders to trick users into clicking on malicious links or sharing sensitive data.
Some of the most common tactics include:
Smishing, phishing via SMS, is one of the fastest-growing attack methods. These messages often appear urgent and personal, prompting quick action.
According to our recent report, more than 18 million fraudulent SMS messages were blocked in Sweden during the first nine months of 2024. This excludes peak shopping periods such as Black Week and Christmas.
Across the Nordics, over 260,000 online fraud cases were reported in 2024, and fraudsters gained an estimated 828 million Euro from the Nordic inhabitants the year before.
And in early 2024, the hacker group Akira targeted Finnish IT provider Tietoevry. The ransomware attack disrupted payroll systems for 120 public authorities and impacted both municipalities and private companies.
Learn more in our blog: Is it possible to prevent a smishing attack?
Black Week, Christmas and New Year’s create the perfect storm. Inboxes are flooded with offers, shipping updates and last-minute deals. Fake messages blend in, making it harder to spot danger.
Cybercriminals design attacks that feel urgent and timely. And in 2024 and 2025, threat reports show record highs across the Nordics. This reflects both strong digital habits and evolving criminal methods.
Protecting yourself doesn’t have to be complex. Here are three quick steps to reduce risk for yourself and your organization.
Think before you click: Avoid opening attachments or clicking links unless you're certain the sender is legitimate. If you get a delivery update or charity request, visit the organization’s official website directly.
Use strong authentication: Enable two-factor authentication (preferably via an app, not SMS). Keep your devices and software up to date to close known security gaps.
Stay aware with regular training: Security is a behavioral issue, not just a technical one. Ongoing training and simulations build habits that reduce risk.
This holiday season, don’t let a scam ruin your peace of mind. Stay alert, verify before you click and keep your team educated. A few smart habits go a long way, not just in December, but all year round.