Financial Health
November 16, 2023

How to avoid holiday scams this shopping season

Don’t let cybercrime diminish your holiday cheer. Learn about cyber scams to look out for during the shopping season, how you can avoid them, and what to do if you’ve become a victim.

Woman reviewing tips to avoid holiday scams

Holiday cyber shopping scams at a glance

  • Holiday shopping scams may involve emails, ads, or applications with phishing links, fake products, or malware that could be used to steal your money, personal information, or login credentials.
  • Scammers often target deal hunters with urgent messages marketing hard-to-find products or huge discounts.
  • Using strong passwords or password managers and limiting information sharing are easy ways to help avoid scams year-round.

Soon, many Americans will join the holiday shopping frenzy with a few taps of their fingertips. About three in four of the 235 million holiday shoppers are expected to buy gifts online this year, according to the 2023 ICSC Holiday Intentions Survey.

That gift-buying mania can be fraught with fraud. Quick financial decisions we make under pressure — like that dash to grab a hard-to-find present or limited-time deal — can put us at greater risk of cybercrimes like credit card fraud, phishing, or buying fake products.

“With the holiday season in sight and the rise of online shopping, this really is an opportune time for cyber criminals to launch fraudulent scams,” said Tami Hudson, Wells Fargo’s cybersecurity client officer. “There are some things, however, that you can do to help protect yourself and your finances, especially during this time of year.”

Knowing the red flags to look out for can help you spot the imposters to avoid becoming a victim of cybercrime while gift shopping for friends and family. Here are three common cybercrime scams Hudson is seeing leading up to the holiday shopping season.

3 holiday shopping scams to watch out for

1 Holiday phishing or malware emails

The number of promotional emails is at an all-year high during shopping season. Yet phishing, which most often happens over email, remains the most reported cybercrime (PDF) to the FBI. In this scam, emails that look like they’re from legitimate or even well-known brands lure recipients in with bargains but will instead collect their information or lead to fake websites.


Does a price look too good to be true? Try finding the brand’s official product page or see if the deal is reflected on other pages for the same product. Look for signs of phishing.

2 Fake ads

Scammers may target shoppers looking for specific hard-to-find or valuable gifts with fake ads that are really designed to collect your financial information. These too-good-to-be-true ads can be attractive because they may promise incredible markdowns, but buyers are often pressured to act fast to secure their rare item.


If an ad looks suspicious, check if “https” is at the beginning of the linked webpage’s URL and that there’s a closed lock or broken key icon next to it. If so, then the site is valid, and the data submitted on the site is encrypted.

3 Fraudulent applications

When it comes to holiday shopping, shoppers are looking for special low prices. Three in four are expected to hunt for deals this year, according to PwC’s Holiday Outlook 2023 report. Another scam involves dubious apps promising coupon codes or steep discounts on popular products. But clicking a link or downloading the app leads shoppers to give up personal information via phishing or install malware.


Before downloading or using a new application, read recent reviews, look for spelling or grammatical mistakes in its advertising, and be wary of excessive permission requests on your devices.

Why holiday cyber shopping scams work — and how to avoid them

With millions of Americans expected to spend more than $1.5 trillion between November and January according to Deloitte, scammers likely see ample opportunity to cash in on distracted online shoppers. Fortunately, simply learning about these common financial scams may reduce your risk of becoming a victim when you’re targeted.

Criminals often target online shoppers with the same tactics and urgency that marketers use to advertise their products. It’s no wonder one in three Americans report being a victim of online financial fraud or cybercrime, according to a recent Ipsos poll conducted on behalf of Wells Fargo.

“When it comes to online shopping,” Hudson said, “this is the time of year when scammers are really zeroing in on targets who are searching for the best promotions and deals and are really moving faster than usual.”

Here are a few other good cyber hygiene tips to help protect yourself this holiday season:

  • Never give more information than you need. Avoid storing payment data and personal identifiable information on websites, such as those of retailers.
  • Use strong passwords and store them with password managers. For an additional layer of security, use multi factor authentication (MFA). For example, along with a password, users may be asked to enter a code sent to their email or answer a secret question.
  • Watch out for spoofed calls of legitimate companies asking for financial or personal information.
  • Credit cards are a safer gift-buying option. Another is shopping with a virtual credit card linked to your credit card account. These virtual cards have unique numbers and can be used for a short time, such as the holiday shopping season.

What to do if you’ve fallen victim to holiday cybercrime

If you think you’re a victim of a holiday scam or cybercrime, don’t be embarrassed. These scams are dangerous not only because they affect our finances or sensitive information, but because they’re convincing and spread quickly.

Here are a few steps to consider if you think you’ve been a victim of a holiday cybercrime or have fraudulent charges on a debit or credit card:

  1. Contact the bank or company that issued your card and tell them about the fraudulent charge or withdrawal. They may recommend turning off or canceling the card and sending a new one.
  2. If you haven’t already, check your card account for suspicious transactions. Change your password.
  3. If you think the scam involved your personal information, reach out to the Federal Trade Commission to report the fraud and follow next steps, which may include monitoring your credit for suspicious behavior.
  4. Make sure you’re regularly scanning your financial statements for unauthorized charges, unknown merchants, or other suspicious transactions.