The holidays are a time of generosity and giving, but for scammers, it’s a season of opportunity. As we shop for gifts, donate to charities, and book travel plans, cybercriminals ramp up their efforts to exploit the festive rush. From fake charity appeals to “too-good-to-be-true” deals, holiday fraud is becoming more sophisticated every year. Here’s what you need to know to protect your wallet and your peace of mind this season.
Tools that holiday fraudsters use include:
The most common way these scams are committed is through text messages. People tend to read them quickly, often while distracted, making them prime targets. Scammers use urgent, emotional language to pressure victims into acting without thinking.
The Cost of Text-Based Scams
According to the Federal Trade Commission, Americans lost $470 million in 2024 to scams that started with a text message. This is an increase of 26 percent over 2023 and five times higher than in 2020. These numbers represent a fraction of the losses, since most scams are not reported.1
What do these fraudulent text messages look like during the holiday season? Two of the most common are gift cards and package delivery.
Gift Card Scams
Let’s say you receive an email or text from a friend or supervisor asking to buy multiple gift cards urgently. To confirm the request is legitimate, call the person at the phone number you have on file for them rather than the phone number in the text or email before acting.
Package Delivery Scams
These occur year-round but spike during the holidays when deliveries pile up. A text claims there’s an issue with your package and asks you to click on a link. That link may steal your personal identification or install malware.
Another variation includes messages claiming the item cannot be shipped because the company never received payment. A twist on this scam is a person leaving a physical note in a mailbox or on the door stating you missed a delivery with a number to call, which will lead to attempts to gather your personal information.
How to Spot Text/Email Fraud
With the growing number of daily cyberattacks, how can we protect ourselves? Cybersecurity is especially challenging when many scam messages appear to come from trusted corporations like Amazon, FedEx, UPS, Chase, and Bank of America.
Scam messages have four main components:
The first recommendation is to avoid reacting to the urgency of the call or message. Take a deep breath. Is a package scheduled for delivery? Check your records and find out. Monitor shipping progress for both packages being sent as well as being delivered. To discover if an account is truly locked, go to the account and see if you can log in. To really make sure, call the company’s official customer service number.
If these steps don’t fit the situation, carefully look at the company’s logo. Are the colors correct? Is the name spelled correctly? Check the URL. Is it a ".com" or something else? For example, well-known organizations’ URLs will not end with a ".me." Scammers buy domain names with the letters mixed up, such as "eBya.com" or a name somewhat like a real company’s name to fool viewers, such as "Arnazon.com." These fake domain names will sometimes come with a fake website that may look legitimate.
Pay attention to where the domain name is in the URL. The portion of the address directly preceding the “.com” should be the website you are visiting.
Still unsure if it’s real or not? Never provide any personal information. Don’t even text back to advise someone your number is the wrong number. Instead of clicking on a provided link or calling the number they suggest, go to your records and find the organization’s main number.
Fraudsters often exploit people’s generosity during the holiday giving season, leading to a surge in charity donation scams. Before donating to any charity take time and research the organization to make sure it’s legitimate. Donate using a credit card so you can dispute the charge if you later find out it’s fraudulent.
Social media is often used for scams. Here are some common examples:
Finally, be cautious when downloading holiday apps, especially free ones. While it may seem fun to watch Santa feed his reindeer or video chat with elves, these apps may contain malware. Always read reviews and verify the source before downloading.
The holidays should be a time of joy, not stress caused by scams. Cybercriminals count on distraction and urgency to trick people into acting without thinking. By slowing down, verifying requests, and using trusted sources, you can protect your finances and personal information. Remember: if something sounds too good to be true or feels rushed, it probably is. Stay alert, shop smart, and keep the season merry and safe.
Sharon McDowell serves as the business liaison and technical trainer at MMBB. She joined MMBB’s staff in 1992 and served on MMBB’s Help Desk team as a network analyst for more than 15 years. She is currently responsible for coordinating MMBB’s ongoing cybersecurity training. Her education includes a BS in computer science from State University of New York, College at New Paltz.
Sources:
Translations of any materials into languages other than English are intended solely as a convenience to the non-English-reading public. We have attempted to provide an accurate translation of the original material in English, but due to the nuances in translating to a foreign language, slight differences may exist.
Las traducciones de cualquier material a idiomas que no sean el inglés son para la conveniencia de aquellos que no leen inglés. Hemos intentado proporcionar una traducción precisa del material original en inglés, pero debido a las diferencias de la traducción a un idioma extranjero, pueden existir ligeras diferencias.
You will be linking to another website not owned or operated by MMBB. MMBB is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction. The inclusion of any hyperlink does not imply any endorsement, investigation, verification or monitoring by MMBB of any information in any hyperlinked site. We encourage you to review their privacy and security policies which may differ from MMBB.
If you “Proceed”, the link will open in a new window.
Back to Top
Next