5 Online Scams to Watch Out for This Christmas


Christmas is big business for scammers and shoppers alike. A recent survey from the National Retail Federation found that consumers not only plan to spend 4.1 percent more than last year during the holidays, they plan to do 55 percent of this shopping online. As these figures rise year on year, fraudsters will stop at nothing to take advantage of the seasonal spending; while you spend your time trying to give to others, they spend their time trying to take from you.

As you shop online this Christmas, be wary of scammers trying to swindle you out of your money, your data, or both. Luckily, you don’t have to be a cybersecurity expert to avoid their tricks. In this article, we’ll cover five of the most common Christmas scams and what you can do to avoid them.



Phishing emails can take any number of forms — a sales promotion from a brand you love, an offer that seems too good to be true, an e-card or shipping confirmation. Most of us will see an increase in the number of promotional emails we receive over the holiday season, and shoppers are much less likely to act with caution amidst the winter rush. Cybercriminals are adept at exploiting this to turn a profit – malicious links in these emails may download malware to your computer, route you to a fake website, or lead to illegitimate payment portals.

Email links from unknown addresses should always be considered with suspicion. Always review the sender’s address and the URL behind every link. Most legitimate businesses will use a proprietary email address for their promotional outreach, which is difficult for scammers to emulate. Make sure to look for obvious spelling and grammatical mistakes throughout the email.

While receiving an e-card can be nice, don’t underestimate the dangers that might lurk within. This is a popular form of fraud among scam artists, who mask malicious software designed to record your every keystroke and gain access to your credentials and financial accounts. Be wary if you’re required to enter personal information to open the card, and especially careful of attachments that end in ‘.exe’. This indicates an ‘execute’ command, which could download a virus. If you’re unsure, check with the gift-giver before opening the email.

Compromised Credit

The list of companies involved in cyberattacks and data breaches is seemingly endless, and it’s growing every day. Consumers are often unaware that their accounts have been compromised and continue to use their cards regardless. Account details from these breaches often end up for sale on the dark web, and there’s no better time for scammers to take advantage of these details than Christmas. A fraudulent charge – the usual warning sign of an account takeover – is harder for banks and financial institutions to spot at this time of year, as seasonal purchases often don’t conform to the cardholder’s typical purchasing patterns.

If you’re concerned about identity theft or your card being used without your knowledge, sign up for transaction alerts from your bank or card issuer so you can keep track of your account activity and be notified when purchases are made.


Romance Scams

Perhaps the most heartless of all seasonal scams, romance fraud prays on the emotions of the lonely at the time of year they’re most vulnerable.

Millions of Americans use dating sites, social media, and online messaging apps to meet people. While many forge sincere and successful relationships, scammers also exploit these sites to meet their victims. They create fake profiles and build a sense of trust over time, eventually convincing their target to send money in the name of love.

Be cautious of individuals online who claim your new relationship is destiny or fate, that you are meant to be together, or that they cannot live without you. If they tell you they’re in love but need you to send money to fund a visit, you should be suspicious. Use online searches to verify a person’s profile, and be wary of sending any information that could later be used to extort you. If they refuse to meet and always find an excuse to avoid it – even after a few months – you should be suspicious.

Copy-Cat Websites

The Christmas season typically sees a surge in look-alike websites and fake online stores. These might come in the form of new, unknown retail sites offering huge discounts, or fraudulent websites masquerading as legitimate and well-known companies.

Malware-injecting websites disguised as designer stores regularly catch complacent Christmas shoppers; these scam sites are designed to lure you into making payments, downloading malware, or revealing your information. Avoid any site that leads you to a third-party website for payment. If you have to submit sensitive information such as your card details, make sure the website’s URL begins with “https”, as this tells you the site is encrypted.

If you’re suspicious of a website pretending to be a well-known company, check the URL to make sure it’s an exact match. You can also look at the ‘About Us’ page and call the listed number. If there is no number or no answer, think twice before proceeding to payment. These sites can usually be avoided using common sense – are there spelling errors on the page? Odd stock photos? Pay attention to detail.

Temporary Holiday Jobs

Many businesses, especially those in retail, require a little extra help over the holiday season. While there are plenty of companies seeking temporary employees, you should beware of fraudsters using this as a front to harvest personal information from potential applicants.

If you’re contacted by email about a role you’re genuinely interested in, try to apply in person or by going directly to the retailer’s website. Be wary of anyone asking for your personal information over the phone or online before meeting for an interview. Scammers often use this method in attempts to collect Social Security numbers, so be sure to withhold this information until you’ve confirmed you’re dealing with a legitimate organization.

Never send your information digitally unless you know the intended recipient uses proper security protocols. The devices and networks you’re using might not be secure either, so try and be conservative about what you send online. If you’re concerned about security and need to send vulnerable information, use a VPN. Reliable, independently-reviewed services like NordVPN and Private Internet Access offer network-wide encryption that will grant you complete anonymity, even on public networks.

Following these precautions and being cautious with your online behavior will reduce your risk of falling victim to online fraud this Christmas. Use common sense and be skeptical of discounts and deals that seem too good to be true. If you think you have fallen prey to a scam, contact your bank as quickly as possible.