It usually starts with something small.
You’re scrolling TikTok or Instagram, half-paying attention, when a Black Friday ad pops up. It looks like the brand you love—same logo, same photos, same “limited-time deal” language you’ve seen in real promos. The link takes you to a site that looks identical to the real one. The checkout page works. The confirmation email looks legit.
Then the payment clears, and the merchant name on your bank statement doesn’t match the store at all.
That moment, wait, what did I just buy from?, is becoming the defining holiday-shopping scam of 2025.
This year, fake ads and cloned storefronts aren’t sketchy one-offs or typo-filled red flags. They’re polished. They’re identical. And increasingly, they’re powered by AI.
McAfee’s 2025 holiday research found that nearly half of Americans (46%) have already encountered AI-altered or AI-generated scams while shopping. And with 96% of people planning to shop online, many doing so daily, scammers know this is peak opportunity.
Here’s how fraudsters are blending into the busiest shopping season of the year, what the data shows, and how to stay one step ahead.
Why Scammers Are So Effective Right Now
A perfect storm is happening:
People are shopping more often.
Nearly half of U.S. adults expect to shop online daily or multiple times per day during the holidays.
People are rushed.
From early Black Friday “price drop” alerts to Cyber Monday countdowns, shoppers don’t slow down to verify what they’re seeing.
AI makes scam content nearly flawless.
McAfee found technology email scams surging ~85%, retail email scams rising ~50%, and fraudulent URLs climbing across the board—from counterfeit Apple support pages to fake Costco refund portals.
Holiday deals are already rolling out—and so are the scams.
McAfee’s 2025 holiday research shows major spikes in email scams (~50% increase), technology scams (~85% increase), and fake storefronts that mimic trusted retailers. AI tools are making these scams faster, more realistic, and harder to spot.
It’s not that shoppers suddenly got careless.
It’s that scammers suddenly got good.
The 2025 Scams Hitting Shoppers the Hardest
1. Fake Retail Sites & “Deal” Pages That Look Real
This is the big one, and it’s getting cleaner every year.
Scammers lift entire storefronts:
- Logos
- Product photos
- Sale graphics
- Checkout flows
- Even fake customer service pages
The only giveaway? A URL that’s juuust slightly off—“target-sale.com” instead of “target.com,” or a link ending in “.shop” or “.store” rather than a brand’s normal domain.
Once you enter your payment info, it goes directly into a database that criminals resell or use to make purchases.
How to spot and avoid this scam: Skip the ad. Type the retailer’s name into your browser yourself. If it’s a real deal, you’ll find it on their actual site.
2. TikTok, Instagram & Social Video Scams
Short-form videos are now a prime scam vehicle.
Scammers steal influencer footage, use AI voice clones, or generate deepfake “promo” videos with celebrities offering huge holiday discounts. When someone clicks the link, it leads straight to a counterfeit store.
- 46% have encountered fake influencer/celebrity endorsements
- Younger shoppers (18–34) see them most
- Many appear during holiday-sale cycles on TikTok Shop and Instagram Shopping
- US – Holiday Shopping 2025 fact…
How to spot and avoid this scam: Check the creator’s account history. Real brands don’t drop one-off promo videos from accounts you’ve never seen before. Same as our initial advice, skip the ad entirely and go directly to the official brand website rather than clicking any links.
3. Delivery & Shipping Text Scams
The classic delivery scam is back, with McAfee researchers finding dozens of examples of fake messages attempting to scam holiday shoppers.
You’ll receive a text saying a package can’t be delivered or that a small fee is needed to confirm your address.
McAfee found that 43% of people have encountered fake delivery notifications, and many victims say they entered credit card information thinking they were resolving a legitimate issue.
How to spot and avoid this scam: UPS, USPS, and FedEx will never send a clickable payment link in a text. If you’re wondering about a specific delivery, go directly to the site you ordered it from, or your original receipt in your email to find your tracking information.
4. Account Verification & Gift Card Scams
These hit during the weeks leading up to the holidays.
Messages claim:
- Your Amazon account is locked
- Your Apple ID has “suspicious activity”
- Your loyalty points are expiring
- You must verify your payment information
- You must pay a fee or gift card to resolve an issue
How to spot and avoid this scam:
No legitimate company will ever resolve account issues through gift cards or text-confirmation codes.
How AI Is Supercharging These Scams
Not long ago, scam emails had broken English and pixelated logos.
Now scammers use generative AI to:
- Clone real brand websites
- Rewrite perfect phishing emails
- Fake customer service chatbots
- Produce Hyper-real video ads
- Replicate influencer voices
- Generate thousands of unique scam texts instantly
And people are noticing.
57% of shoppers say they’re more concerned about AI scams this year than last.
Yet 38% believe they can spot scams—even though 22% have fallen for one.
Confidence ≠ protection.
What to Do if You Think You’ve Encountered a Scam
If something feels off—a message, a link, a charge on your bank statement—don’t panic. Most holiday scams rely on speed and confusion. Slowing down and taking a few simple steps can keep a bad situation from turning into real damage.
1. Stop engaging immediately
Close the tab, delete the message, and don’t click anything else.
Scammers often stack multiple pop-ups or redirects to pressure you into acting fast.
2. Don’t enter any additional information
If you started typing in a password or card number but didn’t hit “submit,” back out.
If you did enter details, move to the next steps right away.
3. Change your passwords (starting with the affected account)
Use a strong, unique password—especially for accounts tied to:
- shopping apps
- banking
- cloud storage
A reused password is how one compromised login unlocks everything else. McAfee offers a password manager to help you make and store strong, unique passwords.
4. Check your bank or credit card for unexpected charges
Fraud usually starts small: $1–$5 “test” charges, odd merchant names, or tiny withdrawals.
If you see anything suspicious, contact your bank and request:
- a card replacement
- a fraud alert
- a temporary account freeze, if necessary
5. Run a security scan on your device
Some fake sites drop malware or spyware quietly in the background.
A quick scan can detect:
- malicious downloads
- browser hijackers
- unsafe extensions
- keyloggers
McAfee offers a free antivirus trial that you can use to scan your device and check for compromises.
6. Report the scam
Reporting helps stop other shoppers from being targeted.
You can report scams to:
- the retailer being impersonated
- the platform where you saw the ad (TikTok, Instagram, Facebook)
- your national fraud reporting center
7. Let technology help you clean up
McAfee can automatically detect whether the link, message, or site you interacted with is malicious—and alert you if your information may have been exposed.
Tools like:
- Scam Detector (Built into all core McAfee plans, flags scam texts, emails, and deepfakes)
- Web Protection (malicious or suspicious websites before they load)
- Identity & Financial Monitoring (Credit Monitoring can alert you to unusual account activity)
can help contain an issue before it turns into identity theft.
Need a Gift for the Practical Person in Your Life? Consider Giving Them Scam Protection
There’s always someone on your holiday list who doesn’t want more stuff, they want something useful. The friend who loves a clean inbox. The sibling who’s constantly traveling. The parent who keeps forwarding you suspicious texts asking, “Is this real?”
For them, security might actually be the most thoughtful gift you can give this year.
Online safety tools aren’t flashy, but they are the thing people reach for the moment they click the wrong link, lose a password, or get a sketchy delivery text. And with scams more believable than ever, digital protection has quietly become a new “practical essential,” like a good VPN or a reliable password manager.
Gifting McAfee means giving someone:
Scam protection that works quietly in the background
Scam Detector flags dangerous messages, deepfake-style content, and fake shopping sites before they ever interact with them.
Identity & financial monitoring
A huge help for anyone who’s been burned by fraud in the past — or is tired of checking bank statements manually.
Password security that doesn’t require them to remember anything
Perfect for the person who uses the same password everywhere (and you know exactly who I mean).
Device protection for laptops, phones, and tablets
Which is especially relevant for people shopping, traveling, or working remotely through the holiday season.
It’s practical. It’s protective. And unlike most presents, it’s something they’ll use all year.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
