Phishing Emails Boasting Big-ticket Items
Phishing may be one of the older tricks in the book, but it is still a favorite standby for cybercriminals as phishing tactics become more sophisticated. According to Bleeping Computer, scammers tend to target holiday shoppers with emails advertising big-ticket or hard-to-find items to entice them to click on a malicious link. For example, cybercriminals could send a phishing email promising a sweet deal —often referred to as the discount scam — on the latest gaming system. Jumping at the opportunity to score such a great gift for a low price, an unsuspecting holiday shopper might click on the link and swiftly hand over their credit card details. But instead of receiving the gaming system, they receive alerts of suspicious purchases from their bank — purchases that cybercriminals made with their credit card information. 1 
Fake Websites and Ads
During the holidays, many brands increase their online advertising to boost sales. However, cyber-grinches will likely take advantage of this trend by creating fake websites and ads impersonating companies that consumers know and love. For example, cybercriminals can create fake websites and ads promoting unrealistic discounts and bargains that look remarkably similar to an online retailer’s site. If a customer clicks on the fake website and makes a “purchase” by inputting their credit card information, the scammers will then be able to use this data to make fraudulent purchases elsewhere.
Fraudulent Social Media Posts
Many consumers rely on social media to stay up-to-date on the latest deals, and scammers are eagerly looking for ways to take advantage. To target holiday shoppers via Instagram, Facebook, TikTok, etc., criminals use fake social media posts offering vouchers, gift cards, freebies, and contests in the hopes that the user will click on the post and hand over their personal or financial information. Perhaps a user comes across a fake contest for a $1,000 Amazon gift card on Instagram — all they have to do is enter their login credentials to enter. Little do they know that this contest has been formulated by scammers and submitting their login for entry is just handing over their data for cyber-scrooges to exploit. Criminals can also take advantage of shoppable social media posts to target holiday shoppers with advertisements for non-existent or counterfeit items. Today, 130 million Instagram users tap on shoppable posts to learn more about products every month. It’s likely that these users will also rely on shoppable posts to interact with products they’re interested in purchasing for holiday gifts.
Cybercriminals can entice these users by creating fraudulent social media ads for products they don’t actually have. If an unsuspecting shopper purchases through the fake ad, their financial information will not only find its way into the hands of the scammer, but they also won’t receive what they initially paid for.
Travel phishing and charity scams
According to the Wall Street Journal, travel and charity scams also tend to spike around the holidays.4Travel scams could show up in the form of an email stating that a booking has been canceled, sending you to a fake website where you’re asked to enter your credit card number to set up a new reservation. You could also receive an email directing you to a clone site offering deals on a house rental, flight, or hotel room that seems too good to be true — as long as you hold your reservation with a deposit.
Cybercriminals also know that consumers tend to make charitable donations around the holidays, and many are quick to take advantage. A charity scam might target victims via social media feeds, asking people to donate to a fake organization. Consumers should always do their research on a charity before they donate to prevent money from ending up in a scammer’s pocket.
Tips to Stay Safe From Online Shopping Scams
To prevent cyber-grinches from stealing your money, data, and festive spirit, follow these tips so you can continue to make merry during the holiday shopping season:
Be cautious of emails asking you to act. If you receive an email, call, or text advertising a holiday shopping deal that seems too good to be true, it probably is. Don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money or your financial details unnecessarily.
Hover over links to see and verify the URL. If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message.
Go directly to the source. Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.
Watch out for fraudulent websites and ads. Today, anyone can create a website or online ad that looks like it’s from a legitimate retailer. They may tout a special offer or a great deal on a hot holiday item, yet such sites are a popular avenue for cybercriminals to harvest personal and financial information. They are commonly spread by social media, email, and other messaging platforms, so be skeptical of any links you see on these channels.
Check your bank statements. The holidays are often a time of increased spending, so a fraudulent charge on your bank statement could blend in with all the noise. Be vigilant about checking to make sure that there are no suspicious charges when you’re doing your online banking. If you do notice a purchase that you didn’t make, report it to your bank immediately. 
