‘Tis the season… for scammers to get creative. As Black Friday and holiday shopping ramps up, cybercriminals are doubling down on tactics to trick, steal, and spread malware. Here are some of the sneakiest schemes to watch out for this year.
1. Fake Retail Sites
That deal seems too good to be true? It probably is.
- Scammers create convincing storefronts with slightly altered URLs
- You place an order—but your money (and personal info) is gone
Tip: Always double-check the site URL. Stick with trusted retailers or go through their official app.
2. QR Code Scams
QR codes on flyers, posters, or packaging may lead to malicious websites.
- Common on “limited-time offer” signage or fake return labels
Tip: Don’t scan random QR codes unless you know where they came from.
3. Bogus Shipping Notifications
Emails or texts saying “your package is delayed” or “click here to reschedule delivery”
- Clicking takes you to a phishing site that mimics FedEx, UPS, or Amazon
Tip: Check shipping updates directly from the retailer or carrier’s website.
4. Social Media Flash Sales
Scam ads pop up in your feed with major discounts and urgency: *”Only 3 left!”
- Often leads to fake sites or drop-shipping scams
Tip: Research the company and check for real reviews before buying.
5. Too-Good-to-Be-True Gift Card Deals
Scammers offer discounted gift cards, often via email, social media, or sketchy websites
- You buy the card—but it’s empty, or already used
Tip: Only buy gift cards from the source or a well-known retailer.
6. Compromised Checkout Pages
Some legitimate-looking sites are rigged to skim your credit card info at checkout
Tip: Look for HTTPS, use a credit card (not debit), and consider virtual card numbers
7. Fake Order Confirmations
You get an email thanking you for a purchase you didn’t make
- Clicking “view your order” leads to malware or credential harvesting
Tip: Don’t panic-click. Go to the official site and check your order history.
Bonus: Watch Out for Holiday-Themed Phishing Emails
Scammers love to play on generosity and stress. You might see:
- Donation scams
- Holiday e-card links
- Phony order receipts
Quick Safety Tips for the Season:
- Don’t reuse passwords. Use a password manager.
- Use MFA (multi-factor authentication) wherever possible
- Keep your browser and antivirus software up to date
- Be skeptical of deals shared in group chats or forwarded emails
- When in doubt, go directly to the retailer’s official site or app
The holidays should bring joy—not identity theft or financial headaches.
Need help securing your business or team ahead of the holiday rush? Let’s talk.
