12 Christmas Scams to Watch Out for This Holiday Season

Christimas scams

On the twelfth day of Christmas, my true love gave to me... hopefully something better than a virus (computer or otherwise). As the end of the year is fast approaching, it has not been without its fair share of data breaches, hacks, and even the return of digital piracy.

As we enter December and fast approaching the most wonderful time of the year, hackers, cybercriminals, and online fraudsters are looking to end the year with a bang. Christmas scams are prevalent throughout the holiday season and are designed to threaten your bank balance, privacy, and online security.

With that in mind, let's check out the 12 common Christmas cyber scams this holiday season and what we can do to help prevent them.

1. Christmas phishing scams

Phishing is one of many popular online scams, and the holiday season is no different. Typically, phishing scams are emails sent by an individual or group who try to trick you into giving them your sensitive information, payment details, or anything they can use to their advantage.

You may see an influx of Christmas phishing emails during Christmas due to the increase of people shopping online, and popular themes for Christmas phishing scams are:

  • Christmas-themed emails: these typically include fake charity requests, flyers, deals, or surveys containing malware to steal your information.

  • Fake payroll emails: we all love a bit of Christmas shopping, and the anticipation of getting that Christmas paycheck is what scammers love. They will send emails containing an “annual bonus” or asking you to “confirm” your bank details before they pay your salary.

  • Fake Delivery: these emails may ask you to pay a customs fee or contain tracking links containing malware or ransomware or warning your package will be canceled unless you pay a fee by following a malicious link.

  • You won a prize! Usually, we wouldn’t fall for these online scams during other times, but Christmas is the time of giving! Right? Although many companies have special offers, an iPhone 15 for $5 is too good to be true and will cost you your privacy, data loss, or a broken device.

Fortunately, our email providers are quite advanced in identifying phishing emails and will often filter out obvious phishing attempts and send them straight to the junk folder.

However, as people spend more during this time of the year, scammers devote more time to Christmas scams and phishing attempts to try and get as much success as possible from their crimes. To protect yourself from Chrismas phishing scams during December and beyond, here are some valuable tips:

  1. Ensure the email matches the company name.
  2. Check for unusual formats or spelling errors from large corporations.
  3. Look for a sense of urgency in the language “PAY NOW” “YOUR ACCOUNT WILL BE SUSPENDED” is often a sign of a phishing attempt.
  4. If you receive an unsolicited email containing a link, don’t click it.

2. Social media holiday scams

Social media, especially Facebook, is a popular platform to target the public for Christmas and holiday scams.

With the introduction of the Facebook marketplace offering great deals on popular items, many scammers will offer in-demand products for a low price. Still, they will try to convince you to pay for the item first so they can take your money and run.

To avoid these popular Christmas scams, you can:

  • Check reviews of the marketplace site.
  • Never agree to pay a stranger upfront without some form of payment protection; use PayPal or other safer payment methods.
  • Meet the person in a safe place.
  • Inspect the item you are receiving to ensure it matches the description.

3. Counterfeit Christmas apps

Where is Santa Clause? There's an app for that!

Be careful, though; fake apps are used in Christmas cyber scams to steal yours or your children's data, as popular Christmas apps see a surge of downloads during the holiday period.

Other apps you should look for include fake copies of popular retail stores. Still, instead of a quick and stress-free shopping experience, these fake apps steal your credit card information, which criminals use to commit online fraud or sell the details on the dark web.

Internxt Send is a tool to send files securely.

4. Gift card Christmas scams

Don’t know what to get for Secret Santa? Then, gift cards may be the way to go. Gift card scams are often present via emails as a fake competition, but you can also receive them via text messages.

Gift card holiday scams will offer a “FREE GIFT CARD” for digital stores and may even target a younger audience looking for free Robux gift cards or other popular video games. Again, these Christmas cyber scams rely on catching people off guard, so they click a malicious link.

To avoid becoming a victim of this scam, avoid clicking the link, but follow the steps outlined in the Christmas phishing scams at the beginning of this article.

5. Fake websites

A spoof website is a fake website disguised as a trustworthy business to steal your sensitive details. All of the previous Christmas scams mentioned until now will likely contain a harmful link that will send you to a spoof website.

From that page, you may be asked to enter your password, login details, or bank account numbers to “claim your prize” or “secure your account.” When, in fact, what you’re really doing is sending your details directly to the cybercriminal.

Spoof websites can be complicated to detect to the untrained eye, as threat actors work very hard to make them appear like the real thing. To avoid the pitfalls of fake websites, you can:

  • Check the URL:
    • At the very least, the connection should be https://, but some spoof websites have this, so also check for any inconsistencies in spelling, extra characters, or small variations to the original content.
  • Keep your browsers up to date:
    • Secure browsers help avoid security vulnerabilities that threat actors expose from old software, and they will also help identify suspicious websites for you.
  • Verify the contact details:

6. Romance scams

The holiday period can be difficult for people, which is why online scammers, unfortunately, have success targeting people who feel alone during the festive period. Romance scams happen all year round, but they are particularly successful as one of the holiday scams during Christmas and Valentine's Day.  

Romance scams typically involve the sudden development of a new friendship online via social media or any popular dating app. Often, romance scams involve somebody posing as a different person, claiming to be from another country, and taking extreme measures to create fake profiles on social media to seem as authentic as possible.

Internxt is a cloud storage service based on encryption and privacy.

Once the scammer has targeted somebody, they will build a relationship and start asking for money to solve some problem or emotionally blackmail you into giving them a loan for hospital or medical fees, for example, only to never be seen again once you send the money, or even asking you for more money after the initial payment.

  1. Be skeptical, especially if the person contacts you out of nowhere professing their deep love for you
  2. Don't share anything: not your address, bank details, or anything else with an online stranger
  3. Verify their identity: reverse image searches to look for stolen profile images or profiles

7. Phone call and messaging scams

As is the case with Christmas phishing scams via email, your mobile device can also be a target for Christmas scams via messaging apps, text, or phone calls. Many of these holiday scams can happen in WhatsApp groups because another person accidentally clicked on a malicious link.

Other messages include automated warnings from online shopping or streaming services, warning your account has been compromised, and you must enter your password to recover it. Remember, reputable and secure companies will never ask for your password over the phone or via email.

So be wary of any messages containing special offers or generated QR codes with discounts in these groups.

8. Counterfeit goods

If one of the greatest films of all time, Jingle All the Way, starring Arnold Schwarzenegger, taught us anything, it’s that if you want the hottest toy or game console of the year, you sure as hell better get it early.

Social Media, eBay, or any other online marketplace take advantage of people’s desperation to get the limited units of toys, consoles, videogames, or the most popular mobile gadgets of the year that have sold out at your local department store.

At times, people become so desperate that they will end up paying up to double the item’s worth online only to receive a counterfeit product... or no product at all.

In the case of counterfeit goods sold for Christmas scams, the first step would be to try and keep the fear of missing out feelings at bay. It’s always better to wait for a product to come back in stock from a reputable store than to buy it from an untrusted or protected source.

At the very least, if you shop elsewhere, follow the steps of number 2 and follow the best online payment protection techniques to protect your finances.

Internxt Email Generator protects you from spam.

9. Seasonal job posting scams

Retailers will offer temporary, seasonal work during Christmas to keep up with the demand for Christmas sales. Because of this demand, cybercriminals will post fraudulent job postings online, allowing them to collect emails, addresses, names, social security numbers, or bank details when you send your application.

If you feel a job posting is a scam, you can report the posting on the website, or if you want to verify the claim, research the company, check out their website, and contact HR to verify the advertisement.

Never hand over your sensitive details during the job application process, and be skeptical if you are asked to pay a fee during any part of the interview stage.

10. Malicious Holiday E-Cards

Another one of the most popular Christmas phishing scams to look out for in your emails is Holiday E-card scams. Criminals will send E-Cards claiming to be someone you know with a heartfelt Christmas message inside. However, sometimes the card will contain malware, ransomware, or other threats to your data.

Holiday E-Card scams often target businesses and small companies, posing as employees sending cards to see if they can steal business information. To prevent threats to the business, ensure your employees are aware of typical cybersecurity threats that target businesses.

11. Hacked charging stations

Christmas is also a popular time for holiday scams because of the surge of people traveling back home to spend time with their families. Scammers can use the increased number of people in train stations and airports to steal their information through public Wi-Fi or by hacked charging stations.

Although charging stations are there for your convenience, it unfortunately makes it convenient for cyber criminals to use these stations to install malware on your device, known as juice jacking, or steal your details.

To avoid this, try carrying a portable charger with you, but if it’s an emergency, take precautions to check your device after it is charged, such as with anti-virus software specializing in phone security.

12. Puppy scams

A dog is for life, not just for Christmas, and just as you would take the time to decide if a puppy is right for your household, you should spend an equal amount of time making sure where you get your puppy (or kitten) from is legitimate.

Christmas scams looking to take advantage of people looking to introduce a new puppy into their family are another common holiday scam. A puppy scam may involve requesting money for the puppy only for the “seller” to take the money and run. Or, they sell the puppy with serious health problems, leaving the new owner to pay for expensive vet bills with no guarantee the puppy's health will return.

Here are some tips from reputable animal charities on avoiding puppy scams during Christmas and the rest of the year.

  1. Ask for the seller’s ID: report them to the authorities if they refuse.
  2. Don’t buy from unlicensed sellers: owners need a license to sell their puppies.
  3. Check phone numbers: search the number online to see if it matches other adverts, and walk away from the sale if multiple numbers are used.
  4. Report your concerns: not only to avoid being scammed but also for the animal’s welfare.
Internxt is a cloud storage service based on encryption and privacy.

How can you avoid Christmas scams? And what to do if you get scammed

To help protect yourself against holiday scams, be extra cautious of unsolicited emails, messages, or communication that offers you something or asks you to give away something.

Also, monitor your bank accounts and social media accounts for any suspicious activity, such as unauthorized purchases or log-ins to your accounts.

Taking the proper precautions and implementing good cyber hygiene, such as creating a strong password, will help prevent Christmas and other holiday scams from compromising our online privacy. However, we must follow steps all year round to protect our online privacy and to keep our important information safe.

Why not give yourself or your loved ones the gift of secure cloud storage this holiday season? With Internxt, you can safely protect your online privacy, store your documents, and share your photos of happy Christmas memories with friends and loved ones.