Email scams surge over the holiday — here’s how Gmail keeps you safe
Every year, scammers go into overdrive during the holiday season, using all kinds of tactics to get your attention. Since mid-November, we’ve seen a massive surge in email traffic compared to previous months, making protecting inboxes an even greater challenge than normal.
With more than 2.5 billion users, Gmail is the world’s largest email provider, and we know how important it is to keep inboxes everywhere safe. We invest heavily to meet this responsibility, blocking more than 99.9% of spam, phishing and malware in Gmail. These efforts are year-round, but become even more necessary during the holidays.
Thanks to new Gmail security features we launched over the past year, users reported 35% fewer scams (phishing, malware, etc.) hitting inboxes during the first month of the holiday season compared to last year. Millions more unwanted and potentially dangerous messages were blocked before they even reached inboxes. Here’s how we made this happen, and what you can do to stay ahead of scams.
Gmail’s new spam and scam technology
AI is transforming how the Gmail team protects billions of inboxes. This year, we developed several ground-breaking AI models that significantly strengthened Gmail cyber-defenses, including a new large language model (LLM) that we trained on phishing, malware and spam. By spotting patterns and responding rapidly, this LLM alone blocks 20% more spam than before and reviews 1,000 times more user-reported spam daily
We also began using another AI model just before Black Friday that’s had similarly promising results this holiday season. This new model acts like a supervisor for our existing AI defenses by instantly evaluating hundreds of threat signals when a risky message is flagged and deploying the appropriate protections — all in the blink of an eye.
Holiday scams to watch out for
We’re thrilled with this progress, but we typically see a second wave of attacks around this time in the holiday season as attackers adjust and try new things. And we’ll adjust with them, continuing to add new protections to keep inboxes safe. It’s equally important for you to stay vigilant and report any suspicious emails as spam or phishing.
In particular, there are three scams in heavy use this holiday season:
Scammers send fake invoices to unsuspecting users, typically trying to solicit phone calls.
Scammers fake celebrity endorsements to build trust and lure people in.
Scammers shock with personal details, like a home address, in elaborate extortion schemes.
- Invoice scams: This method involves scammers sending fake invoices to unsuspecting users, typically trying to solicit phone calls to dispute the “charges” and using this connection as a way to convince victims to pay them. These scams aren’t new, but are persistent and incredibly prevalent this holiday season.
- Celebrity scams: Over the past month, many of the most common scams popping up reference famous people, either pretending to come from the celebrity themself or claiming a given celebrity is endorsing a random product. The associations don’t always make much sense, but the goal of these campaigns is to use the association to build trust and trick people into engaging with “too good to be true” scenarios.
- Extortion scams: This brand of scam is vicious and scary. Victims receive emails with details on their home address, sometimes even including a picture of the location. There are a few different versions of the messages, but they generally either include threats of physical harm or threats of releasing damaging personal material they say they acquired through a hack.
4 things you can do to stay safe and secure
Gmail has a very high rate of success combating these types of scams, but scammers are persistent. Whether it’s during the holidays or otherwise, users should follow these golden rules:
- Slow it down. Scams are often designed to create a sense of urgency, and often use terms like “urgent, immediate, deactivate, unauthorized, etc.” Take time to ask questions and think it through.
- Spot check. Do your research to double-check the details of an email. Does what it’s saying make sense? Can you validate the email address of the sender?
- Stop! Don’t send. No reputable person or agency will ever demand payment or your personal information on the spot.
- Report it. If you see something suspicious, mark it as spam. You’ll be making your Inbox cleaner and helping billions of others too.
And it’s not only Gmail where we see an uptick of malicious activity around the holidays, it happens across platforms and products. We recently shared detailed information on common scams and what you can do to stay safe — throughout the holiday season and after.
