’Tis the Season for Holiday Scams: 5 Common Schemes to Look Out For

This time of year, the air gets chillier and a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift-givers and do-gooders.  

Here are five common Black Friday, Cyber Monday, and holiday season shopping scams to watch out for this year, plus a few tips to help you stay safe online. 

5 Common Types of Holiday Season Scams 

  1. Fake charities

The holiday season often brings outpourings of generosity, and scammers kick their morals to the curb and use people’s kindness to make a profit. Social engineering is a tactic where a bad actor plays on people’s emotions to trick them into sharing personal or financial information. This holiday season, keep an eye out for strangers’ funding pages or social media posts asking for donations.  

Artificial intelligence (AI) content generation tools like ChatGPT and Bard are likely to make these scams more believable than those in years past. While AI doesn’t understand human emotion, when given the right prompt, it can mimic it well. In one “60 Minutes” segment, Bard wrote a touching short story that made the presenter misty-eyed. Additionally, AI usually uses correct grammar and edits out typos, which used to be the hallmark of phishing attempts. 

There are undoubtedly authentic stories of real people and families in need around the holidays. Be wary of any social media post that makes you feel an extreme emotion, in this case, sadness. Phishers want people to act before they think through their decision. 

  1. Last-minute deals

Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant.   

While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry and the tone of the message will seem “off.” Either it will sound very formal and impersonal or it will sound very informal and seem pushy. 

  1. Phony order confirmations and tracking numbers

During the holiday shopping season, your doorstep can be crowded with packages. Do you remember what’s in each one? Online criminals bank on the fact that you can’t quite keep track of what you’ve purchased. 

Criminals try to lure people to download malware or divulge personal or account information with bogus order confirmation and delivery tracking number emails and texts. They’ll impersonate popular online retailers or postal services and claim to have information about your order if you click on their link; however, that link will redirect to a malicious site or download a malicious payload to your device. 

  1. Fake account suspensions and unable-to-deliver notices

This holiday shopping scam also dials in on people who’ve lost track of how many online orders they’ve made and the various shopping accounts in their name. Again, phishers will impersonate popular merchants and send “urgent” messages about suspending online accounts if payment isn’t received immediately. Similarly, phishers may also impersonate delivery services claiming that they’re (basically) holding your orders hostage until you pay up.  

  1. Gift card cracking

Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts, or social media direct messages to trick people into divulging gift card information. 

How to Stay Safe This Black Friday and Cyber Monday 

Luckily, there are several ways to sniff out a bad actor trying to cash in on your holiday spirit. Here are a few simple ways you can modify your online holiday shopping habits to keep your devices free from malware and your PII out of the hands of bad actors. 

  • Use a VPN. A virtual private network (VPN) scrambles all your outgoing data, making it nearly impossible for a cybercriminal to snoop on your online activities. Connecting to a VPN is especially crucial when you’re online shopping and using a public or unsecure wi-fi network. 
  • Lock your credit. This is a great tip that you can easily do all year long! Locking your credit means that no one (that includes you!) can open a new credit line in your name. If someone gets ahold of your PII and tries to impersonate you to apply for a loan or a credit card, a credit lock will instantly deny their application. 
  • Browse intelligently. Stick to websites and well-trusted brands that you’ve heard of. Just because a company advertises on social media doesn’t mean that it’s reputable. Before you click on any links to a “deal” sent to you via email or text, hover over the link to see where the URL takes you. If it’s a long URL that redirects to a website with a typo or somewhere completely different than what you’d expect, approach with caution. An “https” at the beginning of the URL doesn’t necessarily mean that the site is secure, but it’s a good indicator that it may be ok to proceed. If a deal seems too good to be true, move along. While your wallet may ache, compromising your device, identity, or online privacy isn’t worth the risk.
  • Remain skeptical and do your research. If a charity or a stranger online asking for donations touches your heart, take a break for a few hours to think about your contribution. While you’re considering, do some background research on the cause. A reputable organization will have a website, an accreditation, and will let you know how they will put your contribution to good use. Be especially on guard if anyone asks for wire transfers or gift cards as a donation. 
  • Redeem gift cards early. Encourage your loved ones to redeem their gift card quickly to shorten the amount of time a scammer has to guess the code correctly. Or, you could opt for a paper gift certificate from a small business that doesn’t require online redeeming at all. To avoid gift card phishing scams, do not engage with any type of correspondence that claims they can double the value of your gift card or claims that there’s a problem with it. Be instantly on alert if anyone asks for the activation code. If the gift card-issuing business really needs to replace your purchase, they’ll issue you a new code. They’ll never ask for your existing one. 

Online, Identity and Device Protection for All Seasons 

Cybercriminals hustle all year round, so it’s an excellent idea to invest in a security solution that gives you peace and mind and boosts your confidence in your privacy, identity, and device safety. McAfee+ is an excellent partner! It includes a VPN, safe browsing tool, credit lock, identity monitoring and remediation, and much more. 

Happy shopping, happy holidays, and happy new year! 

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top