Skip to content


Online Holiday Scams to Avoid

By: Dataprise

The Top 5 Holiday Scams to Watch Out For

Table of content

The holiday season is always a time for chaos, making it one of the most opportune times for scammers to get in on the action. However, with its supply chain issues and intense pressure to make up for 2020, this year might just take the cake. With everyone making rash decisions, this is a veritable gold mine for scammers. 

Common Holiday Scams

If you want to avoid giving gifts to cybercriminals this year, it might take some extra savvy attention. Check out our list below to learn about the most common online holiday scams to watch for and how to protect yourself. 

  1. Online Shopping Scams
  2. Social Media Scams
  3. Missed Package and Delivery Scams
  4. Charity Scams
  5. Fake Gift Exchanges

Online Shopping Scams 

Since most people love to shop online, these scams start with a fake website, app, or ad. The scammer might come up with a distinct name for the fake business, but more often, they piggyback on more trusted suppliers and companies (think: or 

These scams offer too-good-to-be-true deals and then either deliver merchandise that is shoddy at best or never deliver anything at all. Online holiday scams don’t always just take the money that you’ve given them either. They can easily commit identity theft with your information too.

Social Media Scams

Social media scams mimic other social media offers, such as free gift cards. For instance, a fake site might offer a $5 voucher for a product in exchange for taking a brief survey. 

Since you’re not giving up your credit card information in this scam, it might seem like a legitimate offer on the face of it. However, the real scam is the information you part with in order to get the fake reward that can later be used for identity fraud or other types of cybercrime.

Missed Package and Delivery Scams 

With so many packages being delivered, this scam takes advantage of millions of people checking the status of their deliveries. 

A cybercriminal will create a message that looks like it comes from a legitimate carrier, like UPS. The notification will promise to update the buyer about where their package is and when it’s going to be delivered. 

The link and tracking number it contains are fake though, designed to install malware on your device and/or steal information. Criminals may also use a phone call scam around this time of year, one that charges excessively high rates to wait on hold or requests additional money to deliver a missed package. 

Charity Scams 

Charity scams pose as legitimate causes to take advantage of people who want to give over the holiday season. They can take place either over the phone or online, and they’re designed to appeal to people’s generosity and their desire for a tax deduction. They can often be spotted by the immediacy of the request. Scammers make it seem as though it’s urgent you decide right now. 

Fake Gift Exchanges 

A fake gift exchange is one that asks you to purchase something for someone else (usually on social media) in exchange for even more gifts. While the cost of the initial purchase is often nothing alarming (often around $10 or so), there are often far more nefarious intentions behind the scam. Not only will you typically not get any gifts in return, but it’s also likely that your information will be stolen and used for identity theft purposes. 

Ways to Protect Against Online Holiday Scams 

Besides knowing the scams and watching for the signs, practicing good cyber hygiene can be a great way to keep yourself and your personal data out of harm’s way. 

This means avoiding attachments and links from anyone you don’t know, regardless of whether it’s on a website or through an email. If a company you rarely deal with asks you specifically to update your information, call the number listed and make sure that it’s a legitimate request. 

Warning Signs of Suspicious Links:

  • Shortened URLs: If the URL is only a few letters long or doesn’t actually spell out the name of anything you know, it could technically go to any website. 
  • Security alerts: A legitimate company won’t send you a security alert link in an unsolicited email. 
  • Email links: Don’t click on unsolicited email links that ask you to update your password information. 

If an email isn’t specifically addressed to you, avoid clicking on any attachments. You should also avoid any file extensions that are unknown (e.g.: *.zip, *.exe, *.vbs, *.bin, *.com, *.pif, or *.zzx). 

More than half of leaders in IT said that they will increase their cyber security budgets in 2021, with “improving cybersecurity protections” as their top IT priority. Keeping your business safe from potential online scams will save your employees and customers valuable data.  Continue to keep your data protected with our top 3 priorities for reducing ransomware attack risk in 2022

As with any criminal, what you’re really trying to practice is vigilance. If a request or promise seems fishy, it’s likely because it is fishy. If the details are vague, it’s because the whole premise is a lie. Yes, even the most vigilant users can get caught in the moment and click on something malicious. To further protect yourself and your organization’s data from online holiday scams, consider investing in managed endpoint detection and response cybersecurity services to ensure threats are detected and mitigated quickly.

Register for "Cybersecurity in 2022: Lessons Learned + How the Pros are Preparing".


Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.