Give yourself the gift this holiday of avoiding scams.

The holiday season of spreading joy can also be a season of spreading scams and cyberattacks. Fortunately, there are methods for recognizing and preventing falling prey to holiday scams. Give yourself the best gift possible by preparing to defeat cyberattackers into the new year! 

The three main warning signs that what seems at first glance to be an innocent and attractive holiday shopping deal is really a scam are listed below: 

  1. Huge discounts. Is there a large disparity between the market value of this product or service and what they’re charging you for it? Always question a hot item at a ridiculously low price.

  2. Typos or spelling errors. These may be subtle mistakes that your brain doesn’t register without a closer look, such as the phrase “recieve this gift” instead of “receive.” Analyze what you’re reading with a keen eye.

  3. An unsolicited email or message. You didn’t sign up for promotional emails for this brand or you have no idea who this person is, yet they’re reaching out to you directly. Be wary of communication from sources you don’t know, especially if they’re asking you to click on a link or open an attachment.

More specifically, here are 5 types of holiday specific scams that you may encounter over the next month: 

Charity Scams

Cybercriminals know that major holidays like Thanksgiving, Christmas, and New Year’s Day are the prime times for donating. That’s why they create sneaky scams to take advantage of our giving spirits!

Be on the lookout for fraudulent emails that appear to be from charities and websites that look a bit “off.” Online, criminals will often mimic similar names to reputable charities, so look extra closely at the URL for misspellings or inconsistencies. For example, you may get an email from “The European Salvation Army” when really, the real Salvation Army leaves off “European” as an international brand. You might also notice a link ending in a ".com" extension instead of a ".org".

Don’t assume phone calls are any safer than emailsーsearch for the organization online yourself, and never assume a URL a telemarketer shares with you is legitimate. Once you are comfortable making a contribution, do the following as a last defense:

  • Check your web browser for a secure site padlock

  • Pay with a credit card, not a debit card, whenever possible (if you are scammed, you're more likely to get your money back from a credit card)

  • Avoid cash donations, which are harder to trace (if you are scammed, you're unlikely to get your cash  back)

Delivery Scams

One of the most popular forms of delivery scams is the “package wasn’t delivered” jig, wherein the threat actor sends a phishing email imitating your shipping sender, claiming they were unable to get a package to you on time. These emails may contain infected links or attachments that download malware. Work-related emails may use urgency to trick you to take quick action, saying an important delivery is held up and will be rerouted if you don’t click a link to validate the shipping address or send over the final payment.

To avoid these scams, hesitate before clicking any links, opening attachments, or sharing personal information with the contact. Verify through the actual source, like Amazon, or your vendor directly. 

Travel Scams

Hopping on a plane this year? Cybercriminals know this and often craft phishing messages with fake deals or promotions right before the holiday season. For example, you may get an email on an incredible deal on flights or an all-inclusive resort that seems too good to be true. Chances are, it is! Always verify the deal on the real provider’s website not by clicking on any links in the email.

The holidays are also prime times for threat actors to breach an individual’s system and send text messages, emails, or social media messages to their contacts, posing as a trusted friend or family member. They may Facebook message you from your friend’s profile saying, “I traveled internationally to see family. Someone stole my wallet and I’m stuck here. Can you wire me money to get a flight home?” or try a similar money transfer fraud. Don’t fall for these travel ruses!  Contact the person first by means you already know, like a home phone number or a close family member who would know if they're in trouble.

Shopping Scams

Big sales can make shopping feel irresistible around the holidays. From substantial discounts to free shipping and payment plans, stores offer extra incentives to buy before, during, and after a major holiday. During these prime windows, many get hit with a slew of emails or online advertisements—but not all are legitimate.

According to the FBI, common shopping scams include:

  • Not receiving their product after paying.

  • Fake websites copying information from legitimate websites to deceive.

  • “Contact Us” information mimicking a geographical address in one country when the company is located elsewhere.

  • Vouchers or gift cards in exchange for filling out a survey.

  • Holiday contests shared through a link by an unsuspecting friend

Before purchasing anything around the holidays, stop and think. If you see a targeted advertisement on social media, go directly to the website yourself to purchase it without clicking on the ad. If a deal looks too good to be true, remind yourself that it probably is!  

Surprise Gifts

During the holiday season, employers or friends may send you virtual gifts in the form of thank you notes or electronic gift cards. While online gestures can be endearing—like a video of your coworker’s face transposed on dancing elves—these links can also be maliciously or unintentionally laced with malware. Plus, malware aside, not all “gift cards” are legitimate. Fake cards are used as bait to get you to go to a spoofed website or enter banking information.

So how do you avoid these surprise gift holiday scams? One strategy is to call or text the alleged gift sender and thank them for the gift card. If they’re confused and don’t remember sending anything, it might be a bit awkward, but you can sleep with sugarplum dreams knowing you defeated another scammer. 

Stay safe online, and happy holidays from UVA InfoSec!