It’s that time of year again; the tinsel, the lights, the full carts and calendars…

Which means it’s also time for scams. Criminals know the holiday season means stress and distraction, and they know how to take advantage.

AARP’s recent holiday scam reports note that as many as 9-in-10 U.S. adults have encountered at least one scam. Don’t let your money or personal data be a gift to bad actors this season; being familiar with some of the common scams can help you be more vigilant and keep you safe.

Shopping Scams

With retailers advertising deep holiday discounts and competing for our attention, criminals have learned that the way to our wallets is through our eyes. With the rise of AI, it’s never been easier for someone to set up online stores that look like established brands and create realistic advertisements, often distributed via email or social media. By posing as companies customers are familiar with and offering too-good-to-be-true deals, criminals aim to steal money and personal data.

A little vigilance greatly decreases your chance of becoming a victim. When visiting a site linked in an ad, look for the ‘https://’ in the address bar and ensure the address is accurate; if in doubt, look up the company’s proper website address. Typing the address yourself is your safest bet.

When paying, use a credit card and be sure to monitor your transactions for anything suspicious. If something doesn’t look right, dispute the charge.

Gift Card Scams

Gift cards are a gold mine for scammers; their ease-of-use and proliferation during the holidays make them an obvious target. One common scam is criminals posing as a seller listing gift cards as the preferred method of payment. Other classics include fake ‘tech support’ groups requesting gift card numbers and PINs to remediate issues they claim your computer has, and scammers posing as agencies like the IRS or a toll service claiming you owe money that can be repaid via gift card (this will never be legitimate).

One that many companies see is an email or text, pretending to be from an executive or boss, telling the recipient that they need them to purchase some gift cards to help them with an urgent need. They ask the victim to send them the card numbers and PINs, saying they will pay them back soon. The perceived authority and urgency makes a target more likely to comply.

Shipping Issue Scams

Emails and texts pretending to be UPS/USPS/FedEx notifying customers of shipping issues are common throughout the year, and are particularly effective during the holiday season. We want all of our holiday purchases to make it where intended, and seeing an email or text claiming you need to provide personal information or pay a small fee to ‘release a package’ or resolve a shipping issue can cause some panic. Much like with shopping scams, these frequently link to websites dressed (sometimes convincingly) as legitimate carrier services.

Carriers like USPS, UPS, and FedEx generally will not request payment or personal information via unsolicited call, email, or text while goods are in transit. If you are concerned about a package, go to the carrier’s website directly and check your order/delivery status. Never enter your SSN, full DoB, bank info, or card numbers into a page linked in a text.

If something about a holiday message feels urgent, secret, or too good to be true, stop; that sense is a tool, not an accident. When in doubt, take a little extra time to go to a site yourself rather than using links in emails or texts. When paying, use a credit card and monitor your transactions for suspicious activity, disputing anything that doesn’t look right. And finally, if you think your UTMB account or device has been exposed, contact the Office of Information Security right away.

Keep your holidays merry and your data safe!

On the twelve days of Christmas, our CISO gave to us…

Day 1. A strong password policy
Use complex, unique passwords.

Day 2. Two-factor protection (Duo)
Add an extra layer of security to your accounts.

Day 3. Three phishing warnings
Watch out for suspicious links and attachments in emails.

Day 4. Four File Safety Fundamentals
Be cautious with downloads, attachments and shared files. Avoid oversharing.

Day 5. Five golden rules

• Lock your screen
• Encrypt sensitive data
• Report incidents promptly
• Avoid public Wi-Fi
• Back up your files

Day 6. Six Sneaky Scam Alerts
Be cautious of holiday deals that seem too good to be true.

Day 7. Seven secure connections
Use VPNs when working remotely.

Day 8. Eight SOC analyst
Protecting UTMB resources - 24/7.

Day 9. Nine Necessary Updates
Install critical updates to OS, antivirus and endpoint security tools to keep your devices secure.

Day 10. Ten Trusted Tools
Use only approved, trusted and secure software on your devices.

Day 11. Eleven Security Awareness topics
Visit the Security Corner every month to learn more.

Day 12. Twelve safe practices
Combine all these tips for a secure holiday season!

🎁 Bonus Tip: Cybercriminals love the holidays—don’t give them the gift of your data! Stay vigilant, report suspicious activity, and enjoy a safe festive season.

Collaboration tools like email and SharePoint make teamwork easy, but they also create risks when sensitive information is overshared. Even well‑intentioned actions can expose organizations to insider threats, compliance violations, and reputational damage.

Why Oversharing Matters

Oversharing happens when employees give broader access than necessary—such as using “Anyone with the link” in SharePoint or forwarding confidential email attachments. This can lead to:

• Data Breaches: Files fall into unintended hands.
• Regulatory Penalties: Mishandling personal or financial data can trigger fines.
• Operational Risks: Leaked intellectual property weakens competitive advantage.

Common Scenarios

• Public SharePoint links overriding security.
• Email attachments forwarded outside the organization.
• Shadow IT: personal email or unauthorized tools used for sharing.

The Human Factor

Most incidents stem from good intentions, but convenience must not outweigh security. A culture of awareness—thinking before sharing and following clear guidelines—is essential.

Final Thoughts

Oversharing is a serious insider risk. Strong technical controls plus employee vigilance can prevent leaks and protect valuable information.

Call to Action

Stay Secure. Share Smart. Contact Information Security (security@utmb.edu) or visit the Secure Collaboration Hub for guidance. Report suspicious sharing through the Security Incident Portal.