The Holiday Rush Is Here: And So Are Mobile Scammers

CGI image depicting a computer system with a lock

PUBLISHED BY:

Mike Cranis

As the holiday shopping season ramps up, so does the risk of mobile-phishing attacks. Recent research shows attackers are intensifying efforts to exploit users and organizations across mobile devices, with notable implications for your personal devices and our corporate environment. 

What’s happening? 

  • According to a report from the KnowBe4 team, mobile-phishing (also called “mishing”) campaigns surged up to four times during the 2024 holiday shopping season compared to monthly averages 
  • The surge is driven by increased mobile commerce and delivery-related notifications. Attackers impersonate trusted retail brands, logistics firms, payment processors and digital wallets, crafting messages such as “Your package is delayed, click here” to trick recipients into revealing credentials or installing malware 
  • It’s not just consumer risk: these phishing messages can serve as entry points into corporate systems when employees use personal devices for work or access corporate resources from mobile.  

Why it matters for us 

  • Many employees carry the same device for work and personal use (BYOD scenario). A successful phishing link or malicious app on the device can bridge personal risk into our network environment. 
  • The holiday period often sees higher volumes of shopping, delivery notifications and mobile app downloads. This makes users more likely to click and less cautious. 
  • Mobile devices have unique vulnerabilities (smaller screens, less visible URL cues, app-store sideloading) which attackers exploit.  

What you should do 

  • Verify the sender of SMS, app notification or email if it asks you to “click here” or “install this update”. Genuine e-commerce/shipping services do not pressure you with urgent links. 
  • Download apps only from official stores (App Store, Google Play) and check app permissions (why does the app need access to your contacts or screen overlay?). 
  • Enable multi-factor authentication (MFA) for accounts tied to payments, shopping, delivery tracking and corporate access. 
  • Avoid mixing personal shopping apps and work applications on the same mobile device where possible. If you must use the same device, consider limiting personal-shopping activity when logged into corporate resources. 
  • Keep your mobile OS and apps updated and be cautious of public Wi-Fi networks when making purchases or logging into sensitive apps. 

Final thought 
The holiday shopping season is a prime time for attackers. Awareness and vigilance can make a big difference. By treating our mobile devices with the same caution, we use for desktops, and following secure mobile habits, we help protect ourselves and our organization. 

Ricardo Saunders 
Information Security & Compliance Analyst

Back to CB Journal

Recent articles

Cable Bahamas Appoints Tracey Boucher as Vice President of Operations

People & Culture

January 26, 2026

Cable Bahamas Appoints Tracey Boucher as Vice President of Operations

Leadership Worth Celebrating at Cable Bahamas

People & Culture

December 17, 2025

Leadership Worth Celebrating at Cable Bahamas

ALIV opens new store at the Mall at Marathon

Network

December 12, 2025

ALIV opens new store at the Mall at Marathon

Haven’t Been to Jollification? Change Ya Ways!

Community

December 1, 2025

Haven’t Been to Jollification? Change Ya Ways!

The Holiday Rush Is Here: And So Are Mobile Scammers

CGI image depicting a computer system with a lock

PUBLISHED BY:

Mike Cranis

As the holiday shopping season ramps up, so does the risk of mobile-phishing attacks. Recent research shows attackers are intensifying efforts to exploit users and organizations across mobile devices, with notable implications for your personal devices and our corporate environment. 

What’s happening? 

  • According to a report from the KnowBe4 team, mobile-phishing (also called “mishing”) campaigns surged up to four times during the 2024 holiday shopping season compared to monthly averages 
  • The surge is driven by increased mobile commerce and delivery-related notifications. Attackers impersonate trusted retail brands, logistics firms, payment processors and digital wallets, crafting messages such as “Your package is delayed, click here” to trick recipients into revealing credentials or installing malware 
  • It’s not just consumer risk: these phishing messages can serve as entry points into corporate systems when employees use personal devices for work or access corporate resources from mobile.  

Why it matters for us 

  • Many employees carry the same device for work and personal use (BYOD scenario). A successful phishing link or malicious app on the device can bridge personal risk into our network environment. 
  • The holiday period often sees higher volumes of shopping, delivery notifications and mobile app downloads. This makes users more likely to click and less cautious. 
  • Mobile devices have unique vulnerabilities (smaller screens, less visible URL cues, app-store sideloading) which attackers exploit.  

What you should do 

  • Verify the sender of SMS, app notification or email if it asks you to “click here” or “install this update”. Genuine e-commerce/shipping services do not pressure you with urgent links. 
  • Download apps only from official stores (App Store, Google Play) and check app permissions (why does the app need access to your contacts or screen overlay?). 
  • Enable multi-factor authentication (MFA) for accounts tied to payments, shopping, delivery tracking and corporate access. 
  • Avoid mixing personal shopping apps and work applications on the same mobile device where possible. If you must use the same device, consider limiting personal-shopping activity when logged into corporate resources. 
  • Keep your mobile OS and apps updated and be cautious of public Wi-Fi networks when making purchases or logging into sensitive apps. 

Final thought 
The holiday shopping season is a prime time for attackers. Awareness and vigilance can make a big difference. By treating our mobile devices with the same caution, we use for desktops, and following secure mobile habits, we help protect ourselves and our organization. 

Ricardo Saunders 
Information Security & Compliance Analyst

Back to CB Journal