VERY IMPORTANT

During the holiday season, threat actors exploit overloaded inboxes and financial stress through two main patterns: Docusign-themed phishing for corporate credential harvesting and loan offer spam for personal data theft. The Docusign campaign uses spoofed emails with authentic-looking branding, redirecting through disposable hosting platforms to a credential harvesting page. The loan scams range from obvious 'Xmas loan' offers to sophisticated marketing-style emails, ultimately leading victims to a detailed identity theft questionnaire on christmasscheercash.com. Both scams utilize seasonal themes and mimic normal end-of-year workflows to increase effectiveness. Defensive measures include verifying sender domains, validating link destinations, and treating unsolicited loan offers as high risk.