Protect against shopping scams

Get Norton 360 with LifeLock Select for safer online shopping and powerful identity theft protection.

Protect against shopping scams

Get Norton 360 with LifeLock Select for safer online shopping and powerful identity theft protection.

Protect against shopping scams

Get Norton 360 with LifeLock Select for safer online shopping and powerful identity theft protection.

16 holiday scams to watch out for in 2023

Holiday scams are everywhere—from your email inbox to the line at the ATM to travel and shopping sites. Learn about the most common holiday scams and how to identify them. Then, get Norton 360 with LifeLock Select to help protect your personal information and stay safe this holiday season.

Woman looking at her phone to learn more about holiday scams.

1. Gift card scams 

There are several types of gift card scams you may encounter, and all of them end with you losing money. Always, but especially during the holidays, remember not to buy gift cards on public kiosks or racks. And when you do buy a gift card, make sure that the cashier hands you the gift card they activated. 

Illustrated chart covering some of the most common gift card scams.

No matter what time of year it is, follow these best practices: 

  • Don’t buy gift cards on public auction sites or racks that anyone can access, because they may have already been activated and used. 
  • Don’t trust anyone selling gift cards for less than they’re worth, because they might be trying to scam you.
  • Don’t listen to someone telling you that you can pay your bills with gift cards.
  • Don’t share your gift card numbers with other people.

2. Phishing emails and texts 

The holidays are a big season for phishing scams. From shopping to parties to traveling, you might get a call from someone asking you to confirm something. While that text might be from a family member, friend, or new coworker, it could also be a part of a phishing scam. 

Phishing can be difficult to spot, but knowing how scammers try to steal your information helps reduce your risk. Common types of phishing include:

  • Social engineering: When a scammer tries to trick you into revealing personal or financial information by appealing to your emotions.
  • Hyperlink manipulation and site redirects: When fake websites use scam hyperlink text or forced redirects to spam sites to carry out phishing attacks.
  • Link shortening: By concealing a site’s true URL until you’ve already navigated to it, scammers can use link shortening services to hide their true, malicious intentions.
  • Typosquatting: By building a fake site on a domain with a similar name to a trusted brand, scammers can fool you into giving up personal information. 
  • Chatbots and AI voice generators: With chatbots on fake websites or messenger apps, or AI voice generators on phone calls, cybercriminals can try to manipulate you into exposing private data.

3. Grandparent scams 

In a grandparent scam, a scammer will pretend to be a relative (usually a grandchild) of an older person to extract personal information or money from them. These scammers sometimes send emails or texts claiming to be a family member in trouble. Other times, a scammer will call and pretend to be a member of a law enforcement agency and claim that their grandchild will be arrested if they don’t pay a fine. 

To avoid getting scammed like this: 

  • Don’t provide any information or money to anyone who isn’t the person they claim to be. 
  • Hang up on the caller and call the family member or the law enforcement agency the caller claimed to work for. 
  • Delete the messages they’ve sent or block the numbers and email addresses to ensure they don’t try to scam you from the same address.

4. Brushing scams 

Brushing scams sound like a victimless crime—a company sends you a bunch of free stuff that you get to keep—but it could be an early sign of identity theft. For these scammers to send you goods, they have to know your name and address. While they might have found that information on a people search site, they may have found your info through a data breach

If you receive any unwanted packages, contact the marketplace (usually Amazon) to let them know you received items you didn’t order. Check your bank and credit card statements for charges you didn’t make. And consider locking or freezing your credit report in case more of your information is compromised. 

5. Holiday travel scams 

The holiday season is one of the busiest travel periods. Trips can get expensive as lots of people try to get good flight tickets, hotel rooms, and rental cars. That means scammers are ready to pounce with travel booking scams, using fake travel websites and too-good-to-be-true prices for holiday travel. 

When you’re making travel reservations online, it’s best to:

  • Use sites that you already know and trust. 
  • Double-check your URLs to make sure you’re not on a spoofing site. 
  • Check to see if the site has a physical address and that their customer support phone number works. 
  • Read online reviews of the travel sites to see if other people have gotten scammed.  

6. Public Wi-Fi hacking 

Whether you’re picking up a hot drink at a cafe or at a store buying gifts for friends and family, Wi-Fi will probably be available. It’s nice for you to check your email or compare prices between two shops, but public Wi-Fi can be a source of malware and identity theft. 

Because these networks aren’t secure, when using public Wi-Fi you should avoid:

  • Logging into any of your bank or credit card accounts 
  • Using social media

Scammers can use public Wi-Fi signals to eavesdrop on your browsing and even install malware onto your devices. Because of these risks, consider turning off your Wi-Fi before you go out in public so your phone doesn’t automatically connect to potentially dangerous networks. And whenever you do connect to public Wi-Fi, use a VPN to encrypt your connection and help keep your communications private.

7. Stolen package scams 

Illustrated chart featuring stolen package scam statistics.

It might come as a surprise, but stolen packages are a big problem. One study found that 79 million Americans have had at least one package stolen in the past year. That same study found a big uptick in “porch piracy” around the holiday season. Having a package stolen might be an inconvenience, but it could also be a sign of identity theft. 

To reduce the risk of having your orders stolen:

  • Set up a temporary delivery hold.
  • Have your packages delivered to a secure parcel locker.
  • Set up deliveries to arrive when you know you’ll be home.
  • Request packages to be delivered to a neighbor.
  • Make delivery drivers require a signature before leaving a package.
  • Install security cameras. 

If somebody stole your package, contact the merchant and the delivery service to report the theft. You may also have to file a report with your credit card company or bank, and the merchant or delivery company may require you to file a police report before they ship a replacement or issue a refund.  

8. Shoulder surfing scams 

Out of all the scams in this post, this is one of the most low-tech. Shoulder surfing is when someone watches you visiting an ATM, checking out at a store, or using your phone, tablet, or computer and gathers passwords, PINs, or browsing information about you to use it for themselves. 

As you’re out and about this holiday season: 

  • Think twice before you use your devices in public. 
  • Cover the number pad when you enter your PIN.
  • Use a password manager for optimal password security.
  • Don’t give out your credit card number over the phone if you’re around others.

9. Card skimming 

Card skimming happens when a scammer installs a card-reader device on an ATM or other point-of-sale terminal to collect card numbers and PINs. Card skimming is a relatively old scam, but it still happens regularly.

To avoid a card skimming scam:

  • Don’t use ATMs that look run down or broken.
  • Use ATMs that are inside banks.
  • Check that the other readers look the same as the one you’re using while in stores or gas stations.
  • Only use readers that accept chipped cards.
  • Use the tap method of payment. 
  • Use a virtual or one-time card number.

10. Fake contests and giveaways 

Businesses love offering shoppers deals around the holidays, because it can help increase traffic to their online stores and improve sales. But it’s important to recognize when an email or text advertising a contest or giveaway is too good to be true. 

If you aren’t sure whether a contest or giveaway is real, make sure you don’t click links in emails or text messages about them. Instead, visit the company’s site directly or via your favorite search engine. If they list a giveaway on their site, it’s probably safe to proceed. 

But if you can’t find it on their site or social media profiles, it might be a scammer trying to get you to visit a fake website where you could be exposed to malware or tricked into entering personal information on a form that could result in your identity being stolen.

You can also search for the company name and add “giveaway scam” to see if other people have received similar messages and got scammed.

11. Charity scams 

Charity scams are especially frustrating—you try to donate to people in need only to line the pockets of a scammer. 

Before donating to a charity, make sure your money will go where you want it to go.

Double-check that you’re not falling for a charity scam by:

  • Researching charities before donating: Go to the charity’s site and read online reviews to make sure it’s legit (and to ensure they’ll use your money responsibly). 
  • Not donating via links sent by text or email: It can be tempting to click on a link, especially when you’re feeling generous during the holidays, but it might be an attempt to phish you.
  • Making secure donations: Charities don’t ask for cash donations, gift cards, or wire transfers. Donate by credit card or check and keep good records to make sure they aren’t overcharging you or charging your card each month.

12. Lookalike online shops 

Scammers can create near-perfect clones of online stores to scam people out of money. Website spoofing is a multi-pronged approach to fraud: a scammer buys a domain close to the domain of a real online store and then builds a fake, lookalike site that can capture your personal and payment information. 

Once they build the site they can wait for people to land accidentally on the misspelled domain, or they can send out emails advertising a sale or giveaway to entice people to visit their site. 

There are a few ways to check whether or not a site is real:

  • Hover over hyperlinks to see what URL they will send you to.
  • Use your favorite search engine to get to the real store.
  • Look for security features like an SSL certificate.
  • Examine the site for grammar and spelling mistakes. 

13. Delivery text scams 

Illustrated example of a scam delivery text, how they work, and the consequences of clicking links in them.

Delivery text scams are one of the newer and trickier scams you might encounter during the holiday season. Out of nowhere, you might get a text informing you that a delivery has been delayed or can’t be made until you verify some information. 

These messages usually include a shortened URL or phone number. If you click or call, they may ask you to enter some of your personal information to verify that you’re the real recipient of the package. 

But once you provide that information, you’ve just increased the likelihood that your identity could be stolen or that you’ll see a bunch of charges you didn’t make on your credit card bill.

If you receive a text about a delivery, check to see if it aligns with a package you know is on its way to you. If it could be legitimate, visit the site where you made the purchase, instead of clicking the link, and check the tracking from there. 

If you know the text isn’t real, block the number, report it to the FTC at 7726 (SPAM), and delete the message.  

14. Fake ads on social media 

As more and more social media sites add selling to their platforms, the potential for fraud has increased along with other social media threats. Fake ads on social media might look real, but they could end up taking you to a spoofed site or trying to pressure you into giving up personal information in exchange for better deals. 

To check if an ad is real, visit the social media account of the company in question and see if it aligns with any specials they’ve posted about. If it’s a legit sale, use the links in their posts or bio to navigate more safely to their web store. If you find a fake ad, report it and block the account. 

15. Too-good-to-be-true scams 

A too-good-to-be-true scam can take almost any form, but it will always leave you surprised at how great a price or included perks are. That should be the first sign that you might be dealing with a scam. If a site is advertising a product that you know is much more expensive than the site has it listed for, it could be trying to lure you in to install malware on your device, steal your personal information, or pull a bait-and-switch scam.

Look up reviews of the site, and don’t give in to any high-pressure tactics (like timers on discounts) until you know that the site is legitimate, or you might end up dealing with a bunch of problems you didn’t bargain for.

16. Military personnel scams 

Holidays for military families can be tough, especially when service members are stationed in another state or another country. The desire to be with family and friends can make them targets for scammers offering cut-rate vacation prices or reduced airfare. 

These scams extend to the families of military personnel, too. If you’re in a new area, scammers may try to take advantage of you by providing access to deals on gifts for the family. 

Be cautious if an offer is too generous or requires you to cover fees or give out your personal information. Check with the authorities on your base to see if a store or salesperson is the real deal before you spend any money.

How to avoid scams during the holidays 

 Illustrated chart with tips for how to avoid holiday scams.

Even with all of the scams out there, you can still protect yourself by practicing good digital hygiene and following a few simple tips. 

  • Stay Informed: Knowing which scams are most common and how to avoid them might be enough to stop a scammer from targeting you.
  • Use secure devices: When shopping online, use devices with the latest operating systems and software updates to reduce the risks of hackers and scammers getting access to your information.
  • Verify before you buy: Double-check that you’re on the right website before you enter your payment information.
  • Be wary of unsolicited requests for donations: It might be the season for giving, but that doesn’t mean you should trust every plea for charity. If a charity sounds like something you want to donate to, research it before you donate.
  • Avoid public Wi-Fi when possible: Switch off your Wi-Fi before big shopping days to reduce the risk of man-in-the-middle attacks and other scams.
  • Use credit cards for purchases: Paying for all of your purchases with a credit card is smart because credit cards offer the best fraud protection and aren’t connected to your bank account.
  • Buy from trusted sites: If a deal seems too good to be true, it might be a front for a scam. Buy from sites you know and trust (and know how to recognize if a website is safe).
  • Use a scam detection tool: Norton Genie is an AI-powered scam detector that can help identify whether an email, text, or social media message is a scam. 
  • Use security software: Security software like Norton 360 with LifeLock Select offers secure browsing with a VPN, protection from malware, and identity theft monitoring.

What to do if you get scammed 

If you think you’ve been scammed, work quickly to limit the damage. Here’s how:

  • Secure your bank + credit card accounts: Change your passwords, turn on 2FA, and log out of all active sessions on your computer.
  • Secure your devices: Clear your history and caches, make sure your operating system and apps are updated, and run a malware scan using antivirus software.
  • Report it: Contact your financial institutions to inform them of what happened. Include as much information as possible about how the scam worked and whether or not any money was stolen. Depending on the extent of the scam (and if any money was lost), you might need to contact the police to file a report.
  • Keep an eye on your accounts: After a scam, it’s vital to make sure every cent is accounted for and that every purchase is one you made. Depending on the kind of information the scammer obtained, you might want to lock or freeze your credit report.

Protect your personal information 

Safer online shopping and identity theft prevention practices aren’t just important around the holidays. With protection from Norton 360 with LifeLock Select, you will be able to shop and browse more safely and rest easier knowing that LifeLock’s experts are looking out for signs of fraud and identity theft.

FAQs about holiday scams

Want to know more about holiday scams? Keep reading to learn more.

What are the three most common scams?

According to the FBI’s Internet Crime Complaint Report, phishing, personal data breaches, and non-payment/non-delivery scams were the three most commonly reported scams in 2022. 

Do scams increase during holidays?

It can be difficult to say if scams increase during the holidays, but increased shopping and traveling does provide more opportunities for scammers. An AARP survey in 2022 found that three-quarters of adults had been targeted by fraudsters or experienced fraud around the holiday season.  

Who falls for scams the most?

The FTC found that people aged 18–59 are the age group most likely to report having been scammed while shopping online, while older adults were more likely to have reported a tech support scam. No matter how old you are, there’s always a risk of getting scammed.   

How do vacation scams work?

In a vacation scam, the scammer will contact someone to inform them that they’ve won a free vacation as long as they pay some fees. These fees can quickly add up and might be a door through which the scammer can steal financial and personal information. Other vacation scams, such as Airbnb scams, include low-priced rentals with deep discounts if you pay using a third-party system (often used to steal credit card numbers) and fake travel clubs that promise exclusive benefits or discounts in return for steep membership fees.

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.