14 Online Shopping Scams to Watch Out For This Holiday Season.

It’s true—scammers are becoming increasingly sophisticated. With advancements in AI and technology, fraudsters can craft convincing messages that appear legitimate.

They can even mimic voices, making it seem like your bank or employer is calling you. “Scams are prevalent throughout the year, but we tend to be more vulnerable during busy and stressful times,” said Mike Steinbach, managing director of financial crimes and fraud prevention at Citi, in an email. “For many, that period is the holiday season.”

According to the 2023 Cyber Safety Insights Report by Norton, a quarter of consumers worldwide report being targeted by online shopping scams. Half of those affected fell victim to these scams, while nearly a third were ensnared by phishing attempts. “Cyber scammers are leveraging easily accessible data and social engineering techniques to understand user behavior and gain unauthorized access to credentials and assets,” noted Tami Hudson, a cybersecurity client officer at Wells Fargo, in an email. Here are 14 scams to be aware of this holiday season:

1. Fake Order Confirmations

Even though it's not a new trick, scams involving phony online order confirmations are still prevalent. Victims often receive emails that look like they’re from a trusted retailer or payment service like PayPal, claiming to confirm a purchase.If you get such an email and suspect that your account may have been compromised, avoid clicking any links. Instead, head directly to the retailer’s or payment service’s official website, log into your account, and check for any unauthorized transactions.

2. Phony Shipping Notifications

Another twist on the fake order scam includes messages that seem to come from delivery services like FedEx, UPS, or the postal service, informing recipients about a shipment delay. These messages often contain a link for tracking the package.However, clicking on that link could potentially install malware on your device. If you’re waiting for a package, it’s safer to visit the merchant’s website directly to find tracking details instead of following any links in an email or text.

There’s also a version of this scam that involves fake missed-delivery notices left in mailboxes. If victims call the number listed on the notice, they may be asked for credit card information or other personal details. Any request for payment or personal data should raise a red flag. You should never need to provide your credit card information just to receive a package or mail.

3. Counterfeit Fraud Alerts

Banks are becoming more vigilant in detecting fraud, often sending texts or making calls when they notice suspicious activity on accounts. Unfortunately, scammers are mimicking these communications to steal account information.

“They can contact you pretending to be your bank, claiming there’s an issue with your account,” explains Avi Turgeman, CEO of IronVest, a company that provides security and privacy solutions like masked emails and one-time virtual cards.

It's common for scammers to claim they're sending you a one-time password via email and ask you to repeat it back to them. In truth, the person on the other end is attempting to gain access to your account and needs that password to do so. A genuine bank representative will never request your password or two-factor authentication code.

You should also refrain from sharing any sensitive information, like your birthdate, account number, or Social Security number, with unsolicited callers. If you're uncertain about the authenticity of a call, it's best to hang up and contact your bank directly.

4. Shady Email Scams

Phishing scams remain a popular tactic for stealing personal information. These scams involve sending emails that mimic official communications from trusted sources but are actually fraudulent. "Criminals can easily create convincing phishing scams," explains technology expert Burton Kelso. With advancements in AI, scammers can now craft emails that evade typical red flags, such as awkward phrasing often found in older scams.

Nowadays, emails may prompt recipients to download seemingly legitimate apps that are actually designed to collect data from unsuspecting users. Some fake apps may utilize Open Authorization (OAuth) to link to Google or Facebook accounts, gaining access to personal information. Another frequent phishing tactic involves emails threatening account closure unless personal details are confirmed. According to a Norton report, 32% of scam victims indicate that email is the main method through which they were contacted. The most effective way to protect yourself from phishing scams is to avoid clicking on links in emails. Instead, type the web address directly into your browser to verify the legitimacy of any requested actions.

5. SIM Swapping

SIM swapping is a type of scam that involves several steps, as explained by Turgeman. It typically begins with phishing attempts or deceptive phone calls aimed at gathering personal information. The scammer then uses this information to contact the victim's mobile service provider, claiming that their SIM card has been lost or stolen. If the scammer is successful, they can transfer the victim's phone number to a SIM card they control. With this access, they can infiltrate various accounts by requesting two-factor authentication codes to log in or reset passwords. To protect yourself from this scam, it's crucial to stay alert for phishing emails and fraudulent phone calls that aim to collect the information scammers need to convince a mobile carrier to switch a number. 2.

6. Cloned Websites

Consumers should be cautious about unsolicited emails, as scammers can easily create cloned websites that mimic trusted sites. They might send you a promotional coupon that, when clicked, leads you to a fake site that looks just like the legitimate one. It's important to note that scammers may not always be after your credit card details. A cloned site might simply prompt you to log in and then redirect you to the real website, leaving you unaware that you were on a fraudulent page. Once they have your login information, they can access your account and make unauthorized purchases.

To avoid falling for cloned sites, pay close attention to the URL. Cloned site addresses will often resemble the original but will have slight differences. For example, a scammer might use a URL like Amazon-12345.com to trick users into thinking they are on Amazon.com. They may also incorporate special characters that look similar to letters. For added security, consider avoiding online purchases through web browsers altogether. “Order directly from an online retailer’s app,” suggests Kelso. Many major retailers offer apps, providing a safer way to shop from home.

7. Fly-by-Night Businesses

Setting up a website is easier than ever, especially during the holiday shopping season when scammers often take advantage of eager shoppers. They might lure you in with promises of incredible discounts on amazing products. To protect yourself from losing money to a scammer who has no plans to deliver your purchase, it's wise to do a little homework first. “If you’re trying out a new company, look for reviews to ensure it’s a trustworthy business,” advised Steinbach.

8. Disappearing Packages

Not all holiday scams occur online. Some thieves ruin the festive spirit by stealing packages right off doorsteps. They often patrol neighborhoods, looking for deliveries left unattended while people are away. Installing a home security camera can help catch these culprits, but it might be simpler to arrange for your packages to be delivered in a safer manner. For example, Amazon provides various delivery options. If you have an Amazon Key smart lock, you can have packages dropped off in your car trunk or even inside your home. Additionally, Amazon Hub Lockers are available in many locations, allowing you to pick up your packages at your convenience. For other retailers, consider having your packages sent to your workplace for added security.

9. Fake Charities

The holiday season brings out the spirit of giving, and unfortunately, scammers exploit this generosity. They may set up fake GoFundMe campaigns for causes that seem noble or impersonate real charities over the phone. "Charity scams tend to rise during this time of year,” noted Chad Hetherington, vice president of global services at NICE Actimize, a provider of financial crime and fraud solutions, in an email. "While there are many genuine organizations deserving of support, consumers should be vigilant for imposters, fraudulent websites, and robocalls that mimic charities but are actually scams," he cautioned.

To steer clear of charity scams, be intentional with your donations. Take the time to research organizations and avoid giving over the phone to unsolicited callers. If someone asks you to wire money overseas, consider it a warning sign.

10. Emotional Appeals on Social Media

Social media platforms allow individuals to easily share requests for financial help, which can attract scammers. As the holiday season approaches, remember that not every story circulating online is genuine. A notable case involved a couple who raised over $400,000 on GoFundMe in 2019 by fabricating a story about assisting a homeless man, as reported by CNN. Once the truth emerged, both the couple and the man faced legal consequences for their deceit. If you're considering donating to a GoFundMe campaign, it's wise to choose those with a personal or local connection.

This way, you can confirm that the organizer is legitimate and authorized to collect funds for the intended recipient.

11. Fake Family Emergencies

While this scam isn't exclusive to the holiday season, it frequently targets seniors. Fraudsters may impersonate a relative in distress, claiming that a grandchild is in trouble and urgently needs money wired to them. If you receive such a call, hang up and reach out to a family member to verify the situation. Be cautious with emails that describe similar scenarios, like a relative whose wallet and passport were stolen while traveling. Always contact the relative through a different method before providing any financial help. A clear indication of a scam is if the caller insists on receiving payment in cash or through gift cards.

Scammers typically prefer payment methods that are hard to trace, according to Hudson. He noted that they seldom choose credit cards since those transactions are monitored. Instead, they often opt for gift cards, which can be easily exchanged for cash or redeemed.

12. Fake Classified

Ads Scams on platforms like Craigslist and Facebook Marketplace can occur at any time of the year. It's always wise to meet in a public location for transactions and to test any electronic items before making a payment. The lobby of a local police station or city hall can serve as a safe meeting spot. Previously, if a seller claimed that an item needed to be shipped, it raised suspicions. Nowadays, shipping is more common on Facebook Marketplace and similar sites. However, to minimize the risk of scams, it's advisable to purchase from individuals you can meet in person. If you decide to buy something that needs to be shipped, make sure to research the seller. On Facebook, check their profile for a solid history. A newly created profile or an old account suddenly listing many items could indicate a scam. Additionally, be cautious if the seller asks you to cash a money order or cashier's check and send money to someone else. “Honestly, there may not be a completely ‘safe’ way to shop on social media or online marketplaces,” Hetherington mentioned. “So, consider using your credit card with a digital account number instead of your actual card number. If you encounter a scam, it’s easier to resolve through the chargeback process.”

13. Data Interception

Be cautious when doing your holiday shopping on public Wi-Fi at places like libraries or coffee shops. Hackers can intercept data on these networks, potentially gaining access to your account passwords, payment details, and more. Just because you’ve used public Wi-Fi in the past without issues doesn’t mean you’re safe this time.

Sometimes, fraud doesn't occur immediately, Turgeman explains. "It can affect you months later." This happens because your information might not be used right away; instead, it could be sold on the dark web for future exploitation. Although home networks tend to be more secure, they are not immune to breaches. To enhance your online safety, consider using a virtual private network (VPN) to encrypt and protect your browsing and shopping activities.

14. Card Skimming and Shoulder Surfing

While over half of U.S. consumers intended to do most of their holiday shopping online last year, as reported by Norton, many still prefer to shop in physical stores. It's important to stay vigilant in these environments. “Credit card skimmers remain a significant threat,” Kelso warns. Scammers attach devices to card readers to capture data during transactions. Shoulder surfing is another concern. Kelso recommends avoiding the use of your PIN at checkout, as onlookers can easily see you enter it.

This practice, known as shoulder surfing, allows criminals to watch your PIN and then steal your card for unauthorized use. To protect yourself from both card skimming and shoulder surfing, using contactless payment options like tapping your card or utilizing a digital wallet can be very effective, according to Kelso.