Tis the Season: Unwrapping the Top Holiday Scams of 2023

What are the top holiday scams in 2023?

Along with turkey, football and crazy relatives, Thanksgiving also marks the start of the busiest shopping season of the year. Even with inflation and increased cost of living, Thanksgiving, Black Friday and Cyber Monday tend to bring out the shoppers and this year is no different.

Early reports show that online spending was up 5.5% year over year on Thanksgiving day with Americans spending nearly $5.6 billion shopping online, and an additional $9.8 billion on Black Friday.

Unfortunately, but not surprisingly, the spike in consumer spending also creates a spike in scams. While the scams rarely change, they often work because consumers innately let their guards down during the busy holiday season.

Here are some of the most common scams making the rounds this year and what you can do to protect yourself.

The Package Delivery Notification

One of the most common holiday scams consumers will encounter is fraudulent delivery notifications. Usually delivered via text, messages of this type impersonate a delivery service provider, such as FedEx, UPS or USPS, and cite a delivery issue  (i.e., bad address) with a malicious link conveniently included to remediate the problem – which is most likely a malware download. How can you avoid falling for this scam?

• If you are expecting a package, always check the original confirmation email for shipping information (timeframes, tracking numbers, etc.).
• If you are expecting a package, always check the original confirmation email for shipping information (timeframes, tracking numbers, etc.).
• If you receive a suspicious delivery message, do not click on any links or respond. Delete or report it. Treat any unsolicited delivery message you get via phone or email the same way.
• If you think there is a legitimate shipping issue, contact the retailer directly. Be sure to verify you are contacting their real number or email first.

The Malicious Imposter Website

Another common holiday season scam is malicious imposter websites. These sites masquerade as legitimate online retailers but are built with the intent of stealing financial and personal information.

The sites are usually promoted through phishing emails, texts, social media or digital advertising – and usually advertise items at low prices or customized items such as “your animal as a cartoon” art print. Whether the malicious websites are spoofing large retailers like Amazon and Target, or smaller boutique businesses, there are several red flags to watch out for.

• If a deal is too good to be true, it usually is – even during the holiday sale season when marketing efforts are in full overdrive mode to promote unbelievable deals. Chances are the site offering you a 75” OLED television for $199.99 is malicious.
• The website has poor design, grammar errors or simply doesn’t look right and is asking for a ton of personal information – there’s no reason any retailers should be asking for your social security number to buy a new Bluetooth speaker.
• The URL is missing a padlock icon and doesn’t start with “https” – if a site doesn’t have either of these in the URL bar, chances are it is malicious in nature.
• The website is asking you to pay via bank wire or with gift cards. If the website doesn’t accept credit or debit cards, you should not be purchasing from it.   
• Be wary of social media pages the same way as websites. Many scammers use social media to defraud shoppers with imposter pages or direct them to imposter websites.

If you prefer to shop online, only shop from trusted retailers and use credit cards as much as possible, which usually offer inherent fraud protection. And if you come across any advertisements for a potentially malicious site, practice caution and avoid clicking.

The Vacation Rental Scam

Travel-related scams traditionally increase during the holiday season and this year is no different. With nearly 47% of consumers planning to hit the road this year, scammers will be looking to capitalize on the traffic.

With the rise of rental sites like Air BNB and VBRO, many travelers are on the lookout for good rental deals, and many threat actors are advertising fraudulent ones that simply don’t exist. Once a party is interested, they try to persuade them to communicate and place a deposit through unsecured or untraceable methods and disappear. Here are some best practices to avoid falling for this popular scam.

• Book rentals through established travel websites such as VRBO and Air BNB, and while there are surely some legitimate postings on sites like Craigslist, it’s best just to avoid them altogether.
• Never send money via wire or payment services like CashApp or Western Union for rentals. Any legitimate renter or agency will take payment via credit card on a secure app or website.
• If somebody offers a better price if you pay them directly (i.e., send me the deposit via payment app as friends and we can avoid the website fees), report them and move on.

The Fraudulent Charity Scam

The holiday season is also the season of giving. Unfortunately, the season of giving means the season of stealing for scammers who use fake charities to solicit donations, which reached $1.6 billion in 2021 alone. Below are some of the best practices to ensure you are donating securely and safely to legitimate organizations.

• Avoid unsolicited donation requests – including phone calls, emails and texts, chances are they are fraudulent.
• If you’re not sure about a charity, ask for their Tax Identification Number or use the IRS’s online Tax Exempt Organization search to verify charitable organizations.
• Stick to well-known charities such as the United Way, Salvation Army or Red Cross, or to known local organizations you have previously worked with.
• Use trusted websites like Charity Navigator and Guidestar.org to verify charities and understand how they allocate donations.

Tying it All Together: Identifying and Avoiding Scams During the Holiday Season

While there are many other scams out there with different coats of paint, they often share the same red flags, which include: 

• The offer or request is unsolicited from an unknown sender.
• There is a sense of urgency to click or send funds.
• You are asked to pay with gift cards, wire transfers or cash transfers.
• You are asked for sensitive information like your social security number.
• The offer is simply too good to be true.

No matter what scam is used, you can protect yourself online by using simple, yet effective online shopping behaviors, including:

• Use a credit card whenever possible.
• Do not answer, click or respond to suspicious communications.
• Be wary of social media advertisements and pages.
• Verify you are on the actual retailer's website before purchasing.
• If you are unsure about a deal, simply call the verified company phone number.

Remember, these scams are around all year, but go into overdrive during the holidays. We hope this article helps you and yours enjoy the holiday season securely.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.