Cyber Criminals’ Favourite Time of Year: How to Avoid Holiday Shopping Scams in 2025

Common Holiday Scams to Watch out For 

1. Gift-card scams 

Gift cards remain one of the easiest and fastest ways for cybercriminals to turn deception into dollars.  

“Scammers sometimes place a barcode sticker over the real one on the back of the card so your funds load to their card instead,” Jardine says.  

He recommends never trusting when someone asks you to pay them with gift cards and using BOXX’s tips to detect and resolve gift card scams.  

2. Holiday-themed e-cards 

 Holiday-themed emails or “digital greeting cards” often contain malicious links designed to steal credentials.

“Clicking on those links gives cyber scammers easy access to your personal or work devices and networks,” says Jardine.  

To stay safe, always verify e-cards directly with the sender before clicking. 

3. Fake online stores, flash sales and social media holiday scams 

Fake websites, false flash sales and festive social media ads impersonate legitimate retailers to trick victims into stealing their identity or payment information. 

During October and November, phishing emails promoting Black Friday deals spiked nearly 500%, while Christmas-themed phishing attacks spiked 327% last year. Phishing attacks impersonating major brands like Walmart, Macy’s, Target and Best Buy increased by more than 2000%. 

With so many offers flying around, it’s easy to let your guard down. Only half of shoppers consistently verify the authenticity of messages, leaving many vulnerable to scams disguised as real deals.  

“Don’t trust what you see in your feed. Double-check URLs and go directly to the retailer’s app or official website instead,” Jardine says.  

4. Delivery and shipping notification scams 

With packages on the move and inboxes full of alerts, fake shipping and delivery messages are thriving. Scammers send texts or emails claiming a parcel is delayed or import taxes are owed, leading to phishing sites or malware downloads. 

Always verify tracking information inside the courier’s app or website, not through an unsolicited message. 

5. Charity, romance and travel scams 

Fake charities and romance scams surge over the holidays as fraudsters prey on goodwill and loneliness, costing Americans $823 million a year in romance scams alone.  

Fraudulent travel-deal sites lure bargain-hunters with photos of dream getaways that never exist. 

In 2024, the FTC received fraud reports from 2.6 million consumers, with imposter scams (including romance scams) totalling $2.95 billion in losses. And in 2022, the FTC received over 10,000 reports of charitable solicitation fraud, costing victims $21 million – a 150% increase from 2019.  

It’s especially important to protect the seniors in your life from these type of scams, says Jardine. Americans aged 60 and older filed nearly 15,000 complaints in 2024 and suffered $4.8 billion in losses (the highest figures of any age group) and are more likely to suffer financial losses from digital fraud and cybercrime.  

AI-driven social engineering: Why 2025 is different

AI-powered scams including deepfakes are already changing how people shop online, with consumers reporting AI fakes are far more convincing than ever. 

“AI has been improving rapidly this year and scams are becoming hyper-personal,” explains Ray Moylan, US Claims Manager. “Traditional red flags such as incorrect grammar and formatting are going away – these scams are becoming very sophisticated as attackers are utilizing AI to map who works and hangs out with whom, then crafting messages that look like they came from people you actually know. It’s social engineering through exploiting real relationships.” 

Across North America, deepfake fraud increased by an astonishing 1,740%. One in 10 people have already received an AI-generated voice clone and 77% of them lost money in the scam.  

Alarmingly, two-thirds of people can’t tell AI audio from real speech and almost half fail to spot deepfake AI videos. 

With 3,158 data breaches in the US in 2024 affecting over 1.35 billion Americans, and the fact AI can now crack a weak password in a single second, many Americans should, and do, feel on edge.  

While 83% of Americans say they’re concerned about hackers stealing their private data, few actually take steps to safeguard their personal data. 

Cyber Protection and Insurance Help You Shop Safely Online  

A few practical habits can make a big difference: 

• Shop through trusted sources: Don’t click on links in emails. Use official websites or apps and double-check URLs for “https://” and security indicators like a padlock icon.
• Secure your connection: Avoid public Wi-Fi for transactions; use a VPN or mobile data. 
• Turn on Multi-Factor Authentication: In conjunction with a VPN, it adds an extra layer of security and protects passwords.
• Use a password manager: Use unique passwords generated and secured by a password manager. 
• Keep software and apps updated: Patches close the security holes scammers exploit. 
• Monitor your Credit, ID and Password Breaches: Use credit and ID theft monitoring tools like Equifax, as well as ID and password breach monitoring, which are all offered in every Cyberboxx® Home policy to detect fraudulent activity early and prevent ID theft. 
• Talk about it. “Educate yourself, family and employees about common scams. A five minute of cyber chat with your grandparents, partner or kids could save thousands,” Moylan says. 
• Get cyber insurance and support – “Cyber insurance isn’t just about financial coverage. It’s about peace of mind and having experts on your side when things go wrong,” Moylan says. BOXX offers complete, all-in-one insurance and protection for individuals and businesses. That means you’ll get financial protection and a suite of CyberboxxAssist® tools and services, like dark web monitoring and attack surface management, to predict, prevent and recover from cyber threats. 

If you think you’ve been scammed 

Scams thrive on silence and victim shaming, so many people don’t even report incidents. 

If you suspect you’re a target, report it to the FTC and the FBI’s IC3 and your bank immediately. Change passwords, reset MFA settings and monitor your accounts for unusual activity. 

“Cybercrime succeeds when people feel too embarrassed to speak up. It’s time to normalize digital protection and recovery,” Moylan says. “You call the fire department when there’s a fire; you call our Hackbusters®  team when you suspect a digital scam or breach. They’re able to mitigate 80% of claims before they even happen.” 

Be politely sceptical 

This holiday season, give yourself and your loved ones the gift of healthy scepticism, Moylan adds.  

“If it looks too good to be true, it usually is. Verify before you click, pay or share. Cross-check deals in official retailer apps. Treat every gift-card request as suspect. And take a few minutes to help someone you know understand the newest scams. A little vigilance now can save a season’s worth of stress.”