‘Tis the Season for Cyber Scams: How to Spot and Stop Holiday Shopping Fraud
The holiday season is a time for joy and celebration – but for cybercriminals it’s prime time to exploit the shopping frenzy.
The holiday season is a time for joy and celebration – but for cybercriminals it’s prime time to exploit the shopping frenzy.
As consumers book holiday travel and shop for deals, scammers are targeting individuals and businesses alike. According to the 2024 Norton Cyber Safety Insights Report: Holiday, nearly half (48%) of Americans have been targeted by holiday shopping scams.
Canadians are also vulnerable, with over $500 million lost to fraud and scams so far this year, reports the Canadian Anti-Fraud Centre (CAFC). Online shopping fraud, prize notifications and counterfeit merchandise top the list of holiday scams in Canada.
“Scams during the holidays are often the same tricks cybercriminals pull throughout the rest of the year, but with a holiday theme,” explains Jack Brooks, Head of BOXX Insurance Hackbusters® and vCISO. “When people are rushed and stressed, they tend to let their guard down more easily.”
One in five Americans say they’re willing to buy from unfamiliar retailers if the price is right, driven by inflation and rising costs.
“This leaves more people than ever vulnerable to the risks of holiday cyber scams, including financial, stolen personal information, and the emotional devastation of not having the gift you so desperately wanted for that loved one,” adds Neal Jardine, BOXX’s Global Director of Cyber Risk Intelligence & Claims. “Everyone’s a target.”
As part of BOXX Insurance’s mission to help individuals and businesses predict, prevent and recover from cyber threats, BOXX is dedicated to helping consumers stay vigilant and secure their online activities this holiday season.
Common Holiday Cyber Scams to watch out for
1. Gift Card Scams
Gift cards are a popular and convenient gifting method, but they’re also a favorite tool for scammers since they’re not as secure as other payment options.
“Such scams include victims being asked to pay with gift cards, bogus balance-checking sites that steal card details and physical cards with tampered barcodes that send funds to the criminal’s card after activation,” explains Brooks. “Check that all the tamper-proof measures are intact, as scammers either replace the card with an old one and reseal the package or put a sticker of a barcode they have access to over a legitimate one on the back of a card.”
In 2023, gift card fraud in the U.S. totalled $217 million, according to the Federal Trade Commission (FTC). Canadians lost $3.5 million to gift card scams between January and August 2023 alone, reports the CAFC.
Gift card scams aren’t just an effective way to steal your money, but they can also compromise your personal information.
Norton reports nearly 70% of people admit to taking discount-seeking actions, like signing up for mailing lists or sharing personal information including their email, phone number and home address.
Brooks advises inspecting gift cards before purchasing to ensure all security elements are in place and using BOXX’s tips to detect and resolve gift card scams.
2. Holiday-themed e-cards
Bogus holiday e-cards from friends, family or co-workers may look harmless, but they can be phishing scams designed to take advantage of your generosity and steal credentials.
“Scammers use cheerful images and catchy subject lines to make e-cards appear genuine, but clicking the link often redirects to a phishing site where users are asked to log in or provide personal details to claim their gift or make a donation, giving cyber criminals easy access to your personal or work devices and networks,” says Jardine.
To stay safe, always verify e-cards directly with the sender before clicking links. Watch for red flags like spelling errors, urgency or mismatched email signatures.
3. Fake Online Stores & Flash Sales
Fake websites and false flash sales cloning legitimate retailers are another major holiday cyber threat – trapping victims to steal their identity or payment information.
“You might get an email saying: ‘Come to Amazon now for 50% off all bicycles.’ But if you’re not careful, you’ll miss that it’s actually from ‘ammazon.com’ – scammers count on you not noticing the slight typo before entering your credit card details,” explains Jardine.
During October and November, phishing emails promoting Black Friday deals spike nearly 500%, while Christmas-themed emails jump 314%. With so many offers flying around, it’s easy to let your guard down. McAfee found that only half of shoppers consistently verify the authenticity of messages, leaving many vulnerable to scams disguised as real deals.
Double-check URLs and go directly to the retailer’s official website to avoid falling victim, Jardine says.
4. Social Media Holiday Scams
Clicking on festive social media ads put you at risk of phishing attacks, malware and privacy breaches, as many of these link to fake websites.
According to Norton, 37% of Americans have purchased a holiday gift from a social ad, mainly through Facebook (60%), Instagram (48%) and TikTok (40%).
With more than 100 million Americans now shopping directly on social media, the risk of falling for a cyber scam during the busiest shopping season of the year is higher than ever.
“Don’t trust what you see in your feed. Go directly to the retailer’s app or official website instead,” Brooks advises.
5. Shipping and Delivery Scams
As online holiday shopping surges, so do fake shipping notifications. These messages often claim that additional fees are required for delivery and direct victims to phishing sites to steal credentials.
Nearly 60% of Americans have seen fake missed delivery notifications, while others report bogus purchase alerts or false security updates from trusted brands.
“Verify delivery updates directly through the courier’s app or website,” says Brooks.
6. Charity Scams
The season of giving often inspires the season of charity scams.
In 2022, the FTC received over 10,000 reports of charitable solicitation fraud, costing victims $21 million – a 150% increase from 2019.
Scammers may create fake charities or pose as legitimate ones, tugging at heartstrings to solicit donations. “While charity scams can seem harmless, they cause serious financial, reputational and emotional harm to victims and legitimate charities set up to help those in need,” says Jardine.
Research the organization and ask for written information before donating. If the charity is based in the US, review the FTC’s tips before donating, or if donating in Canada, ensure the charity is registered with the Canada Revenue Agency.
7. Romance Scams
Romance scams spike during the holidays, preying on loneliness, Brooks explains.
Americans lost $1.14 billion to romance scams in 2023, with median individual losses of $2,000 – the highest reported for any imposter scam. Canadians lost over $50 million to romance scams in the same period.
“Scammers build trust over weeks or months, often posing as a friendly person online who slowly falls in love with the victim, before requesting money for an emergency or recommending an investment,or blackmailing victims who share too much,” says Brooks.
By preying on emotions, these scams leave victims financially and emotionally devastated, and many go unreported due to the victim’s shame.
8. Travel Scams
Holiday travel offers another major opportunity for scammers.
Fake upgrade offers, last-minute deals and bogus accommodations lure stressed travellers into providing financial or personal details.
“Cyber criminals know there is lots of travel during the holidays. They will often pose as legitimate accommodation sites, asking for the damage deposit to be sent via eTransfer outside the booking platform, or they will try to trick people into upgrading their plane ticket or offer a travel perk for a fee using urgency to trick people into acting fast,” warns Jardine. To avoid travel scams, steer clear of wire transfers, verify property rental details beyond online reviews and ensure contracts are legitimate before paying.
Also consider BOXX’s tips to avoid digital travel scams.
AI in Cyber Scams: A New Layer of Risk
Artificial intelligence (AI) has revolutionized cyber scams, making them harder to detect and more convincing than ever.
One in five Americans have fallen victim to AI-generated scams, like fake celebrity endorsements, according to McAfee’s latest data. Nearly 90% believe AI has significantly enhanced the complexity of holiday scams, including deepfakes and hyper-personalized phishing emails.
“AI helps criminals craft messages that are grammatically perfect and highly convincing, making phishing emails and fake websites indistinguishable from legitimate ones,” explains Brooks.
While only 26% of shoppers trust AI to handle their personal information securely, AI-driven scams are evolving rapidly, including emerging tactics like voice cloning and video deepfakes, Brooks adds. “Awareness is critical to avoiding these devastating effects,” he warns. Adopt a policy of remaining politely skeptical of everything you get in your email and see online.
Cybersecurity and Insurance Help You Shop Safely Online
Verify Website and Retailer Authenticity: Ensure the URL starts with “https://” and look for security indicators like a padlock icon. Do the same if you’re clicking on social media ads and buying from in-app shops. Confirm the account is verified and reputable before making any purchases by looking for the blue checkmark on their profile. Also do your due diligence by visiting the retailer’s official website.
Always Shop on Secure Networks: Avoid shopping on public Wi-Fi networks, as they could be vulnerable to hackers. If you must use public Wi-Fi, consider using a Virtual Private Network (VPN) for added protection.
Log Out After Transactions: If you must use a public Wi-Fi network to make a transaction, always log out of any site or app to prevent unauthorized access or unwanted purchases.
Beware of “Too Good to Be True” Offers: Extreme discounts and unrealistic offers can be a red flag for scams. Compare prices across multiple retailers to verify legitimacy and quality.
Avoid Clicking Links: Navigate directly to websites or use official apps.
Enable Security Software: More than half of Canadian internet users don’t use privacy tools to safeguard their personal data online. Use tools that inspect links and protect devices from malware, including VPNs. The BOXX Cyber Protect app keeps your family’s personal, sensitive and private information secure while you’re online.
Use Multi-Factor Authentication (MFA): Enabling MFA in conjunction with a VPN adds an extra layer of security, especially when you’re accessing sensitive accounts like banking information, and it’s extra protection in case your password is stolen.
Monitor Financial Statements: Regularly check for unauthorized transactions.
Use Strong Passwords: Practice good password hygiene like using a password manager for secure credentials.
Stay informed: Educate yourself, family and employees about common scams. “Be politely skeptical,” Brooks says. “If it looks too good to be true, it usually is.”
Get cyber insurance and support – “Cyber insurance isn’t just about financial coverage. It’s about peace of mind and having experts on your side when things go wrong,” Jardine says. BOXX offers complete, all-in-one insurance and protection for individuals and businesses. BOXX’s Hackbusters provides in-house breach response services, ensuring immediate support in the event of a scam or breach.
Spot and Stop Holiday Cyber Scams
Scams thrive on shame and secrecy. “If someone broke into your house, you wouldn’t blame yourself. But online scams often make victims feel at fault, preventing them from reporting the crime,” Jardine says.
Reporting scams – to the CAFC in Canada and FBI in the US – helps others avoid falling victim and disrupts criminal activities.
This holiday season don’t let cyber scams steal your cheer. By staying informed, practicing safe online habits and leveraging cybersecurity tools and insurance, you can protect yourself, your loved ones, and your business.
Interested in more real-life cyber tips?
Sign-up for the BOXX Newsletter today.
Join over 5,000+ others that receive our newsletter updates. Filled with expert advice and product announcements to help prevent a cyber incident. Get insider access to news around BOXX innovations, cyber tips and case studies that allow you to stay up to date on all things cyber.