The holiday season is usually the time of year we spend time with loved ones, and do a little shopping to show the people in our lives that we care. It’s also the time of year scammers and criminals crawl out of the woodwork, hoping to exploit you for a few bucks. According to recent research from security company McAfee, one in five Americans reports having been scammed during a past holiday season, resulting in approximately $840 per person lost. That’s money better spent on presents, so here’s some simple advice to avoid the most common holiday scams.
Earlier this month, I spoke with Megan Squire, a threat intelligence researcher at F-Secure, for new tips on keeping your accounts and information secure online while shopping during the holidays.
(Credit: Jordi Mora Igual via iStock/Getty Images Plus for Getty Images)
1. Shop Offline
My first and best suggestion for avoiding online scams is to go where the scammers aren’t. Try in-person shopping again. Remember the lines and occasional violence that once accompanied Black Friday in-store sales? That chaos and danger are now largely contained to your computer and phone, where scammers are fighting for your attention and your wallet. In a recent survey conducted by the Harris Poll and Quad, more than 70% of shoppers said they trust in-store purchases more than online shopping.
Many security experts say that the best way to combat online scams is to slow down and avoid distractions. This advice isn’t incredibly easy to follow during the holiday season when distractions are happening IRL and online, 24/7.
“Around the holidays, try turning notifications off,” Squire suggests. She recommends setting aside a few hours, preferably late at night when your home is quiet or when you know you have time to focus, to do your online shopping. You can break up this focused shopping time over days or weeks if you have a lot of shopping to do.
3. View the Deepest Discounts With Skepticism
You can use software as a second set of eyes to help you separate the discounts from the duds as well. F-Secure offers a shopping tracker browser extension that checks URLs to make sure they’re safe. McAfee’s Scam Detector blocks phishing links and will scan emails for possible scams-in-progress.
These products require a significant amount of trust on your end, as you need to allow them to access your emails and browsing activity. If you’re not interested in taking that route, changing your online behavior is the most effective way to prevent scams.
Instead of trusting every ad nestled in an article’s margins, approach online deals with a healthy dose of skepticism. If a price seems too good to be true, assume it is. It’s unwise to believe that a seller doesn’t recognize the deal you’re getting, or that you’re being offered something for free as a kindness.
4. Use Your Credit Card, Not a Debit Card
Finally, I recommend using a virtual credit card while shopping online. That way, if the card number is stolen, or you’ve clicked on a fake listing or website, you have a pretty good chance of getting your money back. Credit cards offer protections that you won’t find when using debit cards (which are essentially cash) or cryptocurrency.
“We track 138 different psychological tactics and combinations used in scams. Urgency is in almost every scam,” Squire says.
She notes that scammers often present time-sensitive offers to potential targets, making them feel compelled to take action immediately. That said, Squire also cautions against hard and fast rules for avoiding scams, as scammers can also read articles like this one and then adjust their tactics accordingly.
“I saw a scam the other day that actually anticipated my anticipation of urgency and was like, ‘Hey, take your time. No rush,’” Squire says.
Scammers are becoming increasingly adept at tricking us, which is concerning. Fight back by learning more about their tactics so you can recognize a scam in progress.
Ads for Fake Deal Pages and Retail Sites
(Credit: VioletaStoimenova via E+ for Getty Images)
Unless you’re using an ad blocker, you’ve probably noticed that the internet landscape is blanketed with brightly-colored Black Friday and Cyber Monday banners. Most ads will tempt you to spend money, but this year, online scammers are using AI to create ads that can lead you to financial ruin. It’s a scam similar to one I reported on earlier this year, in which cybercriminals infiltrated ad networks to deliver fake ads for malicious apps and websites.
To add to the confusion, the McAfee report says that scammers are using generative AI tools to replicate the websites of reputable brands, making it more difficult to distinguish between fake and genuine sites. AI can also copy influencers’ faces and voices to promote fraudulent sites on social media.
AI can invent entirely fake stores and merchandise to sell, too. “People want to save a dollar,” Squire says. “So they’re gonna be a little bit more likely to click on an ad for a store they haven’t shopped at before.”
To combat these scams, don’t click on ads or social media posts. Instead, type the vendor’s URL directly into your browser.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sometimes checking a site’s URL isn’t enough to stop a scam. In a recent article, I noted that many legitimate shopping sites, such as eBay, Etsy, Facebook Marketplace, Mercari, and Poshmark have scammy sellers among their third-party vendors. The best way to verify that a deal is real on these sites is to take your time examining each listing. Verify that the price is comparable to that offered by other vendors.
Delivery and Refund Text Scams
(Credit: synthtick via iStock/Getty Images Plus for Getty Images)
Even if you never click on ads or do very little online shopping, you’ve probably received a text message stating that a package can’t be delivered to your address or that you need to pay an outstanding shipping balance. Fake delivery and shipping text messages are a common scam in which a criminal sends out texts to thousands of phone numbers, claiming to be a delivery company.
When a person enters their credit card number for payment or replies to the text message, the sender may reply as if they’re solving a legitimate problem, but in reality, a scam is afoot. According to McAfee’s report, 36% of respondents have received text messages stating that a package they’ve never ordered cannot be delivered.
Squire tells me that scammers also send texts asking people to click links for information about recalled products, but you shouldn’t do so. “It’s designed to put malware on your system or otherwise extract more information from you.”
Do not reply to messages about deliveries, recalls, or refunds. Visit the shipping company’s website directly for help with your shipment, or visit the vendor’s website for delivery tracking information.
Scammers also engage in another form of delivery trickery known as a “brushing scam.” Squire says the scheme involves a seller buying a bunch of their own inventory from their Amazon, eBay, or Walmart store. Then they ship empty boxes to random addresses, so the “items” register as sales upon delivery. From there, a bot generates fake five-star ratings for the transactions, which can fool inattentive human shoppers into buying the scammers’ merchandise.
Recommended by Our Editors
Wrong Number and Account Verification Texts
(Credit: celiaosk via iStock/Getty Images Plus for Getty Images)
According to the Federal Trade Commission, scams that started with a text message were responsible for $470 million in losses in 2024. If you get a lot of unexpected calls and texts from old friends and family members during the holiday season, text-based scams are something to worry about.
In particular, so-called “wrong number text scams” are becoming more common. Here’s how it works: You receive a friendly text (something like, “Hello!” or “Want to grab a beer tonight?”) and reply, thinking it’s from someone you know who is texting from a new or unfamiliar phone number.
Once they’ve got you talking, the scammer will try to establish a relationship with you, either by impersonating someone you know using AI-generated deepfakes of the person’s photos, videos, or voice, or by convincing you that they’re a long-lost friend. Either way, the end game is the same: getting your money or personal information. The scammer often claims to be a successful investor, and eventually sends a link to the financial platform they use.
When you visit the link, you may encounter a legitimate-looking website that contains various investment information. After that, you’ll sign up for an account and enter your personal information and banking details. The final step? You lose everything. The FTC reports that people have lost tens of thousands of dollars in these investment schemes.
Don’t reply right away to text messages sent from people who aren’t in your contact list. If the message appears to be from someone you know, try to contact the person who supposedly sent the text using the phone number saved in your contact list. You can also get in touch with them on a different platform, or, even better, meet them in person. If the message is from a professional contact (like a doctor’s office or your mechanic) or a work colleague, I recommend calling them back using the official phone number associated with their business.
Scam calls and texts are an unfortunate side effect of modern communication. We have guides to stop scam texts and block spam calls. Both methods involve visiting the Settings app on your phone and enabling the operating system’s built-in filters. If you’re still receiving spam calls and texts, you may need to contact your phone carrier to enroll in the company’s spam prevention program.
Fake Charity Scams
(Credit: FilippoBacci via E+ for Getty Images)
The final holiday scam is one that preys on your innate empathy and decency: charity fraud. This type of scam can happen in your email inbox when you receive a message describing a legitimate cause, along with a phishing link that leads to a fake information site or donation page. We saw that a lot during the height of the COVID-19 pandemic, when scammers were sending people links to phony pharmacies and mythical cures. The new twist is that scammers are using AI tools to generate websites that mimic real organizations, but they pocket 100% of the donations.
There are also fake charities that tend to appear on social media this time of year. According to Norton, a company that produces popular antivirus products, some scammers engage in a double dip, taking donors’ money while also collecting a large amount of personal information for identity theft. Here’s the scam: After you enter your name, banking details, credit card number, or social security number into the donation website’s form, the scammer can take that data and use it to get into your accounts or open up new accounts using your name.
Never respond to high-pressure emails or messages from someone asking for money, even if it’s for a charitable cause. Remember to research every organization thoroughly before giving money. I recommend browsing a site like CharityWatch to determine if an organization is legitimate. When you are ready to donate, visit the organization’s website directly and use a traceable form of payment, such as a credit card.
It’s always a great idea to give back to your community, and numerous organizations need assistance, especially during the holiday season. Donating money in person or volunteering are great ways to make a positive impact on the world around you without taking a lot of the risks that come with online donations.
For more suggestions for staying safe online during the holidays, check out our guide to safer online shopping. When you’re done, take a look at a few more scam-fighting tactics from a security expert.
About Our Expert
Kim Key
Senior Writer, Security
Experience
I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.
In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.
Read Full Bio
