Blog Family Safety The Top 12 Scams Of Christmas To Watch Out For

The Top 12 Scams Of Christmas To Watch Out For

McAfee

Nov 16, 2025

14 MIN READ

The holidays are just around the corner and amid the hustle and bustle, many of us will fire up our devices to go online, order gifts, plan travel, and spread cheer. But while we’re getting festive, the cybercriminals are getting ready to take advantage of the influx of your good cheer to spread scams and malware.

With online shopping expected to grow by 7.9% year-on-year in the U.S. alone in 2025, according to Mastercard, and more people than ever using social media and mobile devices to connect, the cybercriminals have a lot of opportunities to spoil our fun. Using multiple devices provides the bad guys with more ways to access your valuable “digital assets,” such as personal information and files, especially if the devices are under-protected.

In this guide, let’s look into the 12 most common cybercrimes and scams of Christmas, and what you can do to keep your money, information, and holiday spirit safe.

The psychology of holiday fraud

The festive atmosphere, continued increase in online shopping activity, and charitable spirit that define the holidays create perfect conditions for scammers to exploit your generosity and urgency.

Not surprisingly, digital criminals become more active and professional during this period, driven even more by the increasing power of artificial intelligence. A new McAfee holiday shopping report revealed that 86% of consumers surveyed receive a daily average of 11 shopping-related text or email messages that seem suspicious. This includes 3 scam texts, 5 emails, and 3 social media messages. Meanwhile, 22% admit they have been scammed during a holiday season in the past.

Their scams succeed because they exploit the psychological and behavioral patterns that are rife during the holidays. The excitement and time pressure of holiday shopping often prevail over our usual caution, while the emotional aspects of gift-giving and charitable donations can be exploited and move us to be more generous. Meanwhile, scammers understand that you’re more likely to make quick purchasing decisions when the fear of missing out on limited-time offers overtakes your judgment or when you’re rushing to find the perfect gift before it’s too late.

Overall, the frenzied seasonal themes create an environment where criminals can misuse the urgency of their fake offers and cloud our judgment, making fraudulent emails and websites appear more legitimate, while you’re already operating under the stress of holiday deadlines and budget concerns. After all, holiday promotions and charity appeals are expected during this time of year.

Now that you understand the psychology behind the scams, it’s time to become more aware of the common scams that cybercriminals run during the holiday season.

The 12 Scams of Christmas

As you head online this holiday season, stay on guard and stay aware of scammers’ attempts to steal your money and your information. Familiarize yourself with the “12 Scams of Christmas” to ensure a safe and happy holiday season:

1. Social media scams

Many of us use social media sites to connect with family, friends, and co-workers over the holidays, and the cybercriminals know that this is a good place to catch you off guard because we’re all “friends,” right? Here are some ways that criminals will use these channels to obtain shoppers gift money, identity or other personal information:

  • Be careful when liking pages, clicking on fake alerts from friends’ accounts that have been hacked, taking advantage of raffles, ads, and deals that you get from “friends,” or installing suspicious “holiday deal” apps that give your private data away. These links can automatically download malware onto your computer that can steal personal information.
  • Ads announcing special discounts for popular gifts are especially popular, and utilize blind, shortened links, many of which could easily be malicious. Criminals are getting savvier with authentic-looking social ads and deals that direct you to fake websites. To take advantage of the deals or contests, scammers will ask you for personal information that will enable them to obtain your credit card number, email address, phone number, or home address.

2. Malicious mobile apps

As the popularity of smartphone apps has grown, so have the chances of you downloading a malicious application that steals your information or sends premium-rate text messages without your knowledge. Apps ask for more permissions than they need, such as access to your contacts or location.

If you unwrap a new smartphone this holiday season, make sure that you only download applications from official app stores and check other users’ reviews, as well as the app’s permission policies, before downloading. Software, such as McAfee Mobile Security, can also help protect you against dangerous apps.

3. Travel scams

Many of us travel to visit family and friends over the holidays. We begin our journey online by looking for deals on airfare, hotels, and rental cars. Before you book, keep in mind that scammers are looking to hook you with phony travel webpages with too-fantastic deals—beautiful pictures and rock-bottom prices—to deceive you into handing over your financial details and money.

Even when you’re already on the road, you need to be careful. Sometimes, scammers who have gained unauthorized access to hotel Wi-Fi will release a malicious pop-up ad on your device screen, and prompt you to install software before connecting. If you agree to the installation, it downloads malware onto your machine. To thwart such an attempt, it’s important that you perform a security software update before traveling.

4. Holiday spam/phishing

You are probably already familiar with email phishing and SMiShing messages containing questionable offers and links. The scammer will mimic a legitimate organization offering cheap Rolex watches and luxury products as the “perfect gift” for that special someone, or send a message posing as your bank with a holiday promo and try to lure you into revealing information or direct you to a fake webpage. Never respond to these scams or click on an included link. Be aware that real banks won’t ask you to divulge personal information via text message. If you have any questions about your accounts, you should contact your bank directly.

5. Quishing

QR code phishing, or “quishing,” has emerged as a significant new threat during holiday shopping seasons. In this scam method, cybercriminals place malicious QR codes in holiday advertisements posted on social media or printed flyers, parking meters and payment kiosks at shopping centers, or at restaurant tables during holiday dining. They could also email attachments claiming to offer exclusive holiday deals or fake shipping labels placed over legitimate tracking QR codes.

6. The new iPad, iPhone, and other hot holiday gift scams

The kind of excitement and buzz surrounding Apple’s new iPad and iPhone is just what cybercrooks dream of when they plot their scams. They will mention must-have holiday gifts in dangerous links, phony contests, and phishing emails to grab your attention. Once they’ve caught your eye, they will again try to get you to reveal personal information or click on a dangerous link that could download malware onto your machine. Be suspicious of any deal mentioning hot holiday gift items—especially at extremely low prices—and try to verify the offer with the real retailer involved.

7. Bogus HR and bonus emails

Cybercriminals exploit employee expectations of year-end communications by creating fake emails that appear to come from your HR department. These messages often claim to contain annual bonus information, updated benefits packages, or mandatory holiday attendance announcements. These scams are particularly effective because they prey on legitimate employee concerns about compensation, benefits, and personal time off during the holiday season. The emails often feature real-looking company logos, proper formatting, and even references to company policies to increase their credibility.

8. Bogus gift cards

Gift cards are probably the perfect gift for some people on your holiday list. Given their popularity, cybercriminals can’t help but want to get in on the action by offering bogus gift cards online. Be wary of buying gift cards from third parties. It’s best to buy from the official retailer. Just imagine how embarrassing it would be to find out that the gift card you gave your mother-in-law was fraudulent!

9. Phony e-tailers

No matter what gift you’re looking for, chances are you can find it quickly and easily online, but you still want to be careful in selecting which site to shop. By promoting great deals, phony e-commerce sites will try to convince you to type in your credit card number and other personal details. After obtaining your money and information, you never receive the merchandise, and your personal information is put at risk. To prevent falling victim to bogus e-commerce stores, shop only at trusted and well-known e-commerce sites. If you’re shopping on a site for the first time, check other users’ reviews and verify that the phone number listed on the site is legitimate.

10. Fake charities

This is one of the biggest scams of every holiday season. As we open our hearts and wallets, the bad guys will send spam emails and pretend to be a real charity in the hope of getting in on the giving. Their emails will sport a stolen logo and copycat text, or come from an entirely invented charity. If you want to give, it’s always safer to visit the charity’s legitimate website, and do a little research about the charity before you donate.

11. Dangerous e-cards

E-cards are a popular way to send a quick “thank you” or holiday greeting. While most e-cards are safe, some are malicious and may contain spyware or viruses that download onto your computer once you click on the link to view the greeting. Before clicking, look for clues that the e-card is legitimate. Make sure it comes from a well-known e-card site by checking the domain name of the included link. Also check to see that the sender is someone you actually know, and that there are no misspellings or other red flags that the card is a fake.

12. Fake shipping and delivery notices

With increased package deliveries during the holiday season, fake shipping notifications have become a common attack. These messages claim to be from legitimate shipping companies such as UPS, FedEx, or DHL, informing you of package delivery attempts or shipping delays. To complete the delivery, these notices will ask you to click on malicious links or attachments that will download malware or direct you to fake websites that will steal personal information. The timing of these attacks coincides with legitimate increased shipping activity, making them harder to distinguish from authentic communications. To track your deliveries, it is best to check the shipping company’s real website or through the trusted platform from which you ordered the product.

Protect yourself from scams during the holidays and year-round

Knowing about these common scam tactics is only the first step toward protecting yourself and those you care about. The next step is for you to learn and implement practical, effective strategies to stay safe while still enjoying digital holiday shopping and giving.

  • Stay suspicious: Be wary of any offer that sounds extremely unrealistic, such as 90% discounts on luxury brands, and always learn to spot telltale signs of a fake marketing promotion such as low-resolution images, high-pressure tactics, misspellings, poor grammar, or odd links.
  • Practice safe surfing: Find out if a website is potentially dangerous before you click on it by using a safe search plug-in such as McAfee Web Protection, which blocks malware and phishing sites if you accidentally click on a malicious link, alerts you if you type a web address incorrectly and points you in the right direction, and scans your downloads and alerts you if there’s a known risk.
  • Shop mindfully: Stick to reputable e-commerce sites and platforms, and look for a trustmark that indicates that the site has been verified as safe by a reliable third-party. Also, look for a lock symbol beside the HTTPS at the beginning of the web address to see if the site uses encryption to protect your data.
  • Check before clicking: Don’t click on any links in messages from people you don’t know. If you come across a shortened URL, use a URL expander to see where the link directs to before you click.
  • Be cautious of high-pressure tactics: Legitimate businesses and charities will respectfully give you time to make purchase or donation decisions. Be suspicious of organizations that pressure you to buy or give immediately. Charities specifically should be able to provide written information about their programs and financial management.
  • Use strong passwords: Make sure your passwords are at least 12 characters long with randomly combined letters, numbers, and characters. Avoid reusing the same password across your important accounts, and never share your passwords with anyone.
  • Monitor your financial accounts actively: During peak shopping periods, review your bank and credit card statements at least once daily for charges you don’t recognize, even small ones that scammers sometimes use to test stolen card information. Set up account alerts for all transactions, low balances, and any changes to your account information.
  • Use credit instead of debit: When shopping online or in unfamiliar locations, use credit cards rather than debit cards. Credit cards typically offer better fraud protection, and fraudulent charges don’t immediately affect your bank account balance.
  • Monitor your credit reports: Check your credit reports regularly for new accounts or inquiries you didn’t authorize. The FTC provides free annual credit reports through AnnualCreditReport.com, and many services now offer free ongoing credit monitoring.
  • Consider temporary credit freezes: If you’re not planning to apply for new credit during the holidays, consider placing a temporary freeze on your credit reports to prevent scammers from opening new accounts in your name, and you can lift the freeze quickly when needed.
  • Recognize red flags: Holiday-themed phishing attempts abound during the season, making it crucial to identify and avoid suspicious communications. Closely check email addresses and phone numbers from unexpected communications, be suspicious of urgent language, watch for poor grammar and spelling, and don’t just click any link or scan any QR code.
  • Practice safe app downloads and installation: If you gift yourself with a new device this holiday season, download only well-reviewed apps developed by legitimate developers and sourced from official sources such as the Apple App Store, Google Play Store, or Microsoft Store. When installing, limit the app’s permission to only what it needs to function.
  • Keep apps updated: Regularly update your apps to ensure you have the latest security patches. Enable automatic updates when possible, and review what’s being updated periodically. Remove apps you no longer use.
  • Use a complete security solution: With the growing sophistication of scams coming in from all fronts of technology, you will need comprehensive protection with antivirus, antispyware, antispam, and a firewall. McAfee+ can help protect all of your devices—PCs, laptops, smartphones, and tablets—from AI-driven malware, phishing, spyware, and other common and emerging threats.
  • Educate yourself and your family: Keep increasing your knowledge of the latest scams and tricks cybercriminals use so you can recognize and avoid potential attacks. You can find helpful information on the McAfee Blogs and the McAfee Guides.

Final thoughts

The holiday season brings joy and connection, but it’s also a time when scammers work hardest to exploit your festive but rushed and distracted spirit. Effective Christmas scam prevention starts with awareness. By slowing down and taking a moment to verify before you click or buy, and using layered cybersecurity protections, you can worry about one less thing and focus on what matters most this season.

Stay security-conscious without letting fear diminish your holiday enjoyment and pursue your digital holiday activities with the right knowledge and tools. We hope that the specific, actionable protections will help you identify red flags, verify legitimate offers, secure your devices and accounts, and respond effectively to suspicious activity. Stay informed by following trusted sources for the latest cybersecurity tips during the holidays, and make this season about celebrating safely with the people you care about most.

Send the link to this page to your family and friends to increase their awareness and take steps to protect themselves.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.

FacebookTwitterInstagramLinkedINYouTubeRSS
McAfee Blog Archives

We're here to make life online safe and enjoyable for everyone.

More from Family Safety

Back to top