Skip to main content


5 Types of Holiday Scams to Watch Out For

Back to Blog

During the holiday season, threat actors double down on new and creative ways to deceive people both online and offline. An Experian survey revealed that 1-in-4 respondents reported being a victim of identity theft or fraud during the holidays. From holiday-related phishing emails to illegitimate shopping websites, there are many ways cybercriminals exploit the hustle and bustle of this time of year.

Luckily, with the right security know-how, you can fight holiday fraud and help your coworkers, friends and family stay safe, too!

Here are some of the biggest holiday frauds to look out for:

1. Charity Scams

Special holidays may remind us of all we have to be thankful for. As we reflect on our blessings, it’s often a nice time to share our good fortune with others – and many of us do! In 2020, Americans alone gave $471.44 billion, a 5.1% increase from 2019, according to the National Philanthropic Trust, which is just a fraction of the worldwide giving totals.

Cybercriminals know that major holidays like Thanksgiving, Christmas and New Year’s Day are the prime times for donating. 

Be on the lookout for fraudulent emails that appear to be from charities and websites that look a bit “off.” Online, criminals will often mimic similar names to reputable charities, so look extra closely at the URL for misspellings or inconsistencies. For example, you may get an email from “The European Salvation Army” when really, the real Salvation Army leaves off “European” as an international brand. Or the link may be a .com extension instead of a .org.

Don’t assume phone calls are any safer than emails – search for the organization online yourself; never assume a URL a telemarketer shares with you is legitimate. A website like can help you understand where your money could be going.

And when you are comfortable making a contribution, do the following:

  • Check your web browser for a secure site padlock, typically to the left of the URL.
  • Pay with a credit card, not a debit card, whenever possible.
  • Avoid cash donations, which are harder to trace.

If you’re still uncertain, follow these additional tips from the Federal Communications Commission for avoiding holiday scams as well as additional resources from European ENISA and U.K. NCSC.

2. Delivery Scams

If you’re shopping online this year, there are some extra ways to keep yourself and your family safe. From physical item theft to sneaky phishing campaigns, delivery scams are on the rise.

One of the most popular forms is the “package wasn’t delivered” scam, wherein the threat actor sends a phishing email imitating your shipping sender, claiming they were unable to get a package to you on time. These emails may contain infected links or attachments that download malware. Work-related emails may use urgency to trick you into taking quick action, saying an important delivery is held up and will be rerouted if you don’t click a link validating the shipping address or send over the final payment.

To avoid these scams, hesitate before clicking any links, opening attachments, or sharing personal information with the contact. Verify through the actual source, like Amazon, or your vendor directly. Here’s advice from the FCC for avoiding delivery scams to dig deeper.

3. Travel Scams

Hopping on a plane this year? Cybercriminals know this and often craft phishing messages with fake deals or promotions right before the holiday season. For example, you may get an email on an incredible deal on flights or an all-inclusive resort that seems too good to be true. Chances are, it is! Always verify the deal on the real provider’s website.

The holidays are also prime times for threat actors to breach an individual’s system and send text messages, emails or social media messages to their contacts, posing as a trusted friend or family member. They may Facebook message you from your friend’s profile saying, “I traveled internationally to see family. Someone stole my wallet and I’m stuck here. Can you wire me money to get a flight home?” or try a similar money transfer fraud. Don’t fall for these travel ruses!

If they were really traveling, you would know. Remember, if they compromised a Facebook account, they could post ambiguous pictures looking like they’re traveling. Is your friend actually in the picture? Even “check ins” can be faked. If you receive a message like this, take a moment to review these frequent travel scams and, of course, call your friend directly.

4. Shopping Scams

Big sales can make shopping feel irresistible around the holidays. From substantial discounts to free shipping and payment plans, stores offer extra incentives to buy before, during and after a major holiday. During these prime windows, many get hit with a slew of emails or online advertisements – but not all are legitimate.

The FBI and other governing bodies receive complaints all the time about shopping scams, which it compiles in its annual Internet Crime Report. Common reports include:

  • Not receiving their product after paying
  • Websites copying information from legitimate websites to deceive
  • “Contact Us” information mimicking a geographical address in one country when the company is located elsewhere
  • Vouchers or gift cards in exchange for filling out a survey
  • Holiday contests shared through a link by an unsuspecting friend

Before purchasing anything around the holidays, stop and think. If you see a targeted advertisement on social media, go directly to the website yourself to purchase it without clicking on the ad. If a deal looks too good to be true, remind yourself that it probably is!

5. “Out-of-Office” Help Scams

Many organizations offer extended time off or variations from normal business hours during the holidays – and cybercriminals are expecting this.

One common out-of-office scam involves the “I have no service,” trick, where someone claims to be traveling for a holiday and can’t get Wi-Fi or a data signal where they’re staying. They may ask you to do something for them. Proceed with caution. When receiving correspondence around a major holiday – always verify the request by calling or video chatting with the person on a known, legitimate channel to hear or see if it's really them. If they claim they can’t, let them know you can’t help them until they can prove their identity. 

Knowing how to react to these five major scams is a great way to begin preparing for the tricks cybercriminals use to manipulate people during holidays.