Holiday shopping creates an ideal opportunity for cybercriminals. The FBI reports that scammers target platforms like Gmail and Outlook with deceptive messages aimed at tricking individuals into revealing money or personal information.
Often, these scams happen so quickly that victims are unaware until they spot unauthorized charges on their bank statements.
Why the FBI is raising concerns
The FBI’s Internet Crime Complaint Center (IC3) indicates that over $785 million was lost to non-payment and non-delivery fraud during the holiday season and afterward, with credit card fraud adding $199 million more. Typically, complaints surge at the year’s start, a trend linked to holiday shopping in November and December.
Four main schemes are especially prevalent this time of year: non-delivery fraud (where items paid for never arrive), non-payment fraud (where sellers receive nothing post-delivery), auction fraud (where delivered items differ from listings), and gift card fraud (where the victim is coerced into using prepaid cards).
The FBI warns that just one click on a dubious link can install malware, capable of capturing personal details like names, passwords, and bank information, enabling criminals to access accounts surprisingly quickly.
New tactics in email scams
Recent email scams employ hidden characters to bypass security filters.
The growing threat of account takeover fraud
The rise in account takeover incidents is alarming, with the IC3 reporting over 5,100 complaints and losses exceeding $262 million since January 2025.
These schemes often involve social engineering. Criminals pose as bank employees or customer service agents, sending fake emails or texts claiming issues with accounts, pressuring victims to share sensitive information.
Phishing sites mimicking legitimate banks can also trap individuals. Many criminals use search ads to ensure these deceptive sites appear at the top of results. Once victims enter their data, scammers log in, locking out the rightful owner and transferring funds, often through cryptocurrency for anonymity.
Protecting yourself from holiday email scams
There are several proactive measures you can take.
1) Exercise caution with links and attachments
Be wary of opening anything from unexpected emails, websites, or social posts. If you click something potentially harmful, strong antivirus software can help detect malware.
2) Verify company communications
If asked to update login or account details, find the company’s contact number yourself and verify the request.
3) Be skeptical of urgency
Scammers often create a sense of crisis. It’s wise to stay calm and confirm claims made before reacting.
4) Limit your online information
Data deletion services help remove personal info from data brokers, lowering the chances of being targeted by scams since less information is available for attackers to exploit.
5) Scrutinize website addresses
Look for unusual spellings in domains before signing in. Legitimate businesses won’t redirect you to unknown sites.
6) Enhance account security
Enable two-factor authentication, avoid reusing passwords, and regularly update them, especially after hearing about a new scam. A password manager can help maintain secure, diverse passwords.
7) Create email aliases for shopping
Setting up alias addresses for shopping can minimize spam and limit the access fraudsters have to your real email.
8) Act quickly if defrauded
Immediately contact your bank if you suspect fraud. Request a recall or cancellation, and reset your passwords.
9) Report any fraudulent activity
The FBI encourages quick reporting of any scams to the IC3, as this aids in tracking fraud trends and can help in recovery efforts.
Key takeaways
During the bustling holiday period, cybercriminals thrive on distractions. Maintaining vigilance can protect your money and personal information. Awareness is crucial, and even small steps can significantly impact your safety.
Have you encountered any scams recently? Share your experiences with us.
