The holiday season means more shopping, more travel and more “quick decisions”, which is exactly why scammers love it. Security researchers are seeing that fraudsters ramp up activity around Black Friday, Christmas and New Year, targeting people when they are busy, distracted and spending more online.
Recent study found over 2,000 fake e-commerce domains spun up just for Black Friday scams, many impersonating well-known brands. While the FBI reports more than $262 million in losses from account takeover (ATO) fraud in 2025 so far, with many cases driven by phishing messages and fake “support” calls.
The good news: once you know what to look out for, a lot of these scams become much easier to spot. Here’s a closer look at the most common holiday fraud tactics and what you can do to stay safe.
Social engineering & phishing scams
The most common holiday frauds use email, phone calls (“vishing”) and text or messaging apps (“smishing”) to get you to click a link, share details or approve something under pressure. Underneath, it’s all social engineering – manipulating people rather than hacking systems. During the holidays you might see:
Delivery and parcel holiday fraud
With so many parcels in transit, delivery scams are everywhere. A common version is the “there’s a problem with your delivery” message. You get an SMS or email saying your package couldn’t be delivered and you must pay a small fee or update your details via a link, that leads to fake courier websites where criminals steal card details and personal data.
Fake charities and donation holiday fraud
Fraudsters know people are more generous at the end of the year. They exploit this by:
🚩 cloning real charity websites
🚩 sending phishing emails pretending to be well-known organisations
🚩 creating fake fundraisers on social media
Common angles include emergency relief, children’s gifts, local causes or year-end donation drives.
FSA account takeover
As the year ends, people with Flexible Spending Accounts (FSA) or similar health benefit accounts often get “use it or lose it” reminders. Scammers copy this theme by sending fake emails claiming to be from healthcare providers or benefit administrators, offering to “extend” or “unlock” funds. Links then lead to fake login pages designed to steal credentials and drain accounts.
Seasonal job and extra-cash holiday fraud
Consumer alerts show that “extra holiday cash” job scams are now one of the more common seasonal fraud types. Around the holidays many people look for temporary work or ways to earn a bit extra. Scammers jump on this by posting fake job adverts that:
🚩 ask for upfront “application”, “training” or “background check” fees
🚩 request bank logins or full ID documents early in the process
🚩 communicate only through messaging apps
To protect yourself from phishing & social engineering holiday fraud
✅ Don’t click links in unexpected emails or texts. Instead, go to the official website or app.
✅ Turn on multi-factor authentication (MFA) on all important accounts.
✅ Use strong, unique passwords and keep devices and browsers up to date.
✅ Never share a one-time passcode, full card number or PIN with anyone who contacts you.
✅ If in doubt, contact your bank or provider using the number on the back of your card or from their official website, not from the message you received.
Fake shopping sites
Scammers know everyone is hunting for a bargain during the holidays, so they set up fake online shops that:
🚩 copy the look and feel of major retailers
🚩 use brand logos, product photos and layouts they have scraped from legitimate sites
🚩 offer “too good to be true” discounts on popular items like electronics, trainers or luxury goods
Once an order is placed and card details are entered, you either receive a cheap knock-off or nothing at all. In both cases, your payment details may also be stored for future fraud. Thousands of these fake storefronts appear around Black Friday and Cyber Monday, often using newly registered domains that look like real brands.
To avoid falling for this holiday fraud
✅ Go directly to the retailer’s site by typing the address or use bookmarks.
✅ Be careful with unsolicited links in ads, emails and DMs.
✅ Check that the website address looks right and starts with https://. Watch for extra characters or odd spellings.
✅ Look for basic signs of a real business: contact details, returns policy, realistic pricing.
✅ Be cautious if you’re only offered wire transfers, gift cards, crypto or cash. These methods are hard to trace and often used by scammers.
✅ Review your bank and card statements regularly and set up purchase alerts if your issuer offers them.
Holiday travel fraud
With millions travelling over the holidays, scammers focus heavily on flights, hotels and rentals. Common tactics include:
Fake travel websites, pretending to be airlines or agencies, promoting “too good to miss” deals, then adding fees or disappearing once you pay.
Phishing emails about flight cancellations, urging you to “rebook” by entering card details on a fake page.
Fake call centres: malicious adverts and search results direct you to bogus support numbers, then “agents” charge high fees or steal your payment details.
Fake rental listings: non-existent apartments or villas with stolen photos, often at very low prices, with pressure to pay off-platform.
To protect yourself when booking travel:
✅ Verify the URLs of airlines, hotels, rental platforms and travel agencies.
✅ Avoid clicking on travel offers from random social media ads or pop-ups.
✅ Research rentals on several sites, check reviews and confirm the address.
✅ Stick to well-known booking platforms and be cautious of anyone pushing you to pay via crypto, wire transfer or gift card.
✅ If a deal looks unbelievably cheap for the dates and destination, it may not be real.
Malicious holiday apps
Not every cute holiday app is harmless. Fraudsters create holiday-themed apps for example, Santa trackers or seasonal games or even imitate legitimate apps. Some are advertised through social media and only available via direct download links rather than official app stores. Once installed, they can:
⚠️ infect devices with malware
⚠️ steal login credentials and payment details
⚠️ capture other sensitive data stored on your phone or tablet
To stay safe with apps
✅ Only download apps from trusted app stores and well-known developers.
✅ Research apps before installing – check reviews, download numbers and permissions.
✅ Keep your device software and security updates current.
✅ Avoid downloading apps from links you receive in messages or see in random ads.
Physical theft
Holiday fraud isn’t only online – the increase in in-store shopping and travel also creates more chances for physical theft.
Stolen cards and phones
In crowded shops, markets and car parks, criminals may target unattended bags, grab wallets or phones when people are distracted. If a phone is stolen and it holds banking apps or digital wallets, the risk is even higher if the device isn’t properly secured.
Skimming
Skimmers – devices placed on ATMs or payment terminals to capture card data, often combined with hidden cameras to record PINs.
“Digital pickpocketing”
Using mobile point-of-sale (mPOS) devices to attempt fraudulent contactless transactions by holding the device close to a victim’s bag or pocket.
To protect yourself from physical holiday fraud
✅ Keep wallets, phones and bags zipped and in sight, especially in crowds.
✅ Shield the keypad when entering your PIN.
✅ Check ATMs and terminals for anything that looks loose, bulky or out of place.
✅ Report lost or stolen cards and phones to your bank and mobile provider immediately.
✅ Consider using any identity or credit monitoring services offered by your bank, card provider or employer.
If you think you’ve been targeted
If something feels wrong (a message, a call, a website or payment), it’s better to pause than push through. Current best-practice guidance suggests you should:
✔️ Stop interacting – hang up, close the browser or delete the message.
✔️ Contact your bank or card provider using the number on the back of your card or their official app/website.
✔️ Change passwords for any affected accounts and turn on multi-factor authentication.
✔️ Review recent transactions and set up alerts if you don’t already have them.
✔️ Talk to someone you trust or check the organisation’s official website before taking any action suggested by a suspicious message.
Stay aware
Holiday shopping and travel should be enjoyable, not stressful. Scammers will continue to recycle the same basic tricks with new seasonal wrapping, but once you recognise the patterns, you’re much harder to fool.
Just a few simple habits, like checking links and URLs, protecting your codes and passwords, using official apps and websites, and keeping an eye on your statements, go a long way.
