Whether you are a Christmas lover or more of a Grinch, probably everybody has to deal with some online shopping, presents hunt, charitable activities and so on during winter holidays. Consequently, everybody is, by default, vulnerable to winter holidays scams or, more specifically, to Christmas scams.  Learn what they are and how to stay safe from this extensive guide! 

1. Christmas Scams – How to Avoid Them

In 2016, London police officers estimated about £10 million lokeesses to winter holidays scams. One victim lost £86,000 when they tried to purchase a boat from a fraudster on eBay, police said. That’s just a very tiny tip of a very big iceberg. Only in Australia, a Commonwealth Bank report revealed that Aussie shoppers spent $11 billion during the 2017 Holiday season alone. Two years later, the numbers haven’t changed. Up to 13.3 million Australian citizens will also shop online. It stands to reason that the numbers are similar across developed nations, so protection against online shopping scams is essential. When surfing online looking for the perfect gift, there are so many options in front of us that we don’t know what to choose. Are they real, though? Online scammers and IT criminals post fake ads and run websites they control in order to obtain our online banking credentials and get access to our sensitive data. To stay safe from this type of scam look for a few clues:

  • Is the advertised price too low to be true? Check the price for the item on other websites and see where it should be.
  • Avoid any unusual payment system for an online item, like a money order or wire transfer.
  • If you choose to pay from the website’s payment system, look for details that could indicate you are on a hacker-controlled website. There are cases when the scammers direct you to a fake payment site, so check if the URL of the page includes HTTPS and if the name is correctly written. 

EXPERT ADVICE #1:  Verify the Web address of the shopping sites you visit. There are many copycat websites of large retailers, especially this time of the year. Also: 

  • Beware of websites with steep discounts on a brand name or highly sought-after products. If you’re visiting a website you’re not familiar with and the prices seem too good to be true, they probably are. Cybercriminals will purchase these products with stolen credit cards and quickly create a site to sell them at steep discounts. Or, you might place an order and never get anything. In both cases, the thieves obtain your credit card details when you place an order. 
  • Use caution when making purchases through advertisements on social media. Cybercriminals often place ads to phish for credit card information or to infect your computer or phone with malware. Use a search engine to verify if the company name is legitimate, search for the company’s name + “reviews” and/or look in the comments of an ad or post, since many times other consumers will comment if the ad is a scam.
  • Only purchase gift cards from reputable businesses. Credit-card thieves love purchasing gift cards with stolen credit cards because many hold their value well and there is a thriving secondary market.

2. Christmas Scams – How to Stay Away from Gift Card Scams

The holiday gift cards are usually promoted via social media networks, like Facebook or Twitter, and claim to offer exclusive or hidden deals. The problem appears when the gift card is fake and it’s just an excuse to ask the victim for its personal details or credit card numbers.  Christmas Scams - Amazon gift card example

Source: Sophos

To avoid being fooled into buying a fake gift card, make sure you:

  • Don’t click suspicious links on social media sites, even when the “special offer” comes from a friend.
  • Don’t fill online surveys that ask for your personal information.
  • Check the offer online if it’s just too good to be true. You can check the official website of the producer or you can look it out on search engines and see what results appear. The winter holiday scammers usually target a large number of people and some results should appear, in case this is a real scam.
  • Pay special attention when buying small animals, mobile devices, cars or motorbikes, since these are some of the most used scamming items.
  • Don’t use Amazon gift card generator tools, websites or apps, they’re all scams.

EXPERT ADVICE #2:  Never use Amazon gift cards for payment outside of Amazon. 

3. Christmas Scams – How Charity Scams Work and How to Detect Them

Christmas time is a good reason to be kind and generous with the less fortunate people around. That is why we find so many legitimate charity organizations appeal for money or food donations. At the same time, it is a good cover-up for winter holiday scammers and online crooks to steal your money. Here’s how this winter holiday scam works:

  • They claim to be an online store that donates to a charity or a charity selling wares to support itself.
  • They offer a guaranteed freebie, you just have to pay shipping fees.
  • You willingly give out all your sensitive personal info and pay a modest sum (5-10 dollars) for the product.
  • If lucky, you receive the product.
  • If you receive the product, you’re happy and advertise their scam to more friends.

In the best-case scenario, you got yourself a product, after only paying 8 dollars in shipping fees. Meanwhile, that product costs around 50 cents in China and is delivered to you through a tactic called ‘dropshipping’. That means the store you make your purchase at doesn’t actually have the products available, it just places an order on your behalf to a Chinese factory. This factory processes your order and requires absolutely no shipping fee. The original store in which you placed your order has absolutely nothing to do with the product in question, it just gets your money and your data, then makes the manufacturer send you that product.

Christmas Scams - Dropshipping example


Dropshipping is a popular and respected e-commerce practice, but it also leaves room for shadiness like these scams.  In the process, if you haven’t paid by Paypal, you also willingly gave out your name, address, phone number and credit card info to the scammers. They will use this data to line your pockets with other scams as well, then sell their “customer” database to any takers (most of them with bad intentions). To send your money in the right direction and avoid these holiday winter scam, make sure you take the following measures:

  • Check if the website is genuine before sending your money. The site may use official logos and appear as real. This doesn’t mean it is.
  • Contact the real charity groups directly to make your donation. Do not donate anything to intermediary people or suspicious sites.
  • If you are approached by a charity group or person and you are in doubt, check online for the organization’s name or the person’s name who requested the money.
  • Never pay shipping for a “freebie” like this. Just use the money and buy the freebie directly from a reputable seller, it’s often much cheaper and safer for your personal information.

EXPERT ADVICE #3: Do your research first to make sure your contributions go to actual causes and not scammers’ pockets.

4. Christmas Scams – How to See Christmas e-card Scams for What They Are

Christmas time period is that time of the year when we give presents to friends and family members, but we also send Christmas e-cards to people we appreciate. Of course, we too receive Christmas e-cards, which is a good thing – unless we are dealing with a winter holiday online scam.

Christmas Scams - e-card


In these unfortunate cases, the Christmas e-cards we receive could contain hidden malicious software or a link to a hacker-controlled website. For this reason, we need to pay attention to the animations, pictures, videos or links in the e-card that could download malware or send us to a site that contains malicious content. Therefore, in the end, it is the malicious content that should worry us, because it may be used to steal sensitive data or valuable information from our computers. To stay safe from special holidays’ compromised e-cards, follow these general guidelines:

  • Pay attention to spam campaigns that try to push these phishing attempts to you.
  • If you receive a suspicious email, do not open it, do not click any link or download any attachment.
  • Make sure you have not only antivirus protection, but also a good anti-spyware program.
  • Even if you receive such an email from a friend, it doesn’t mean that he or she actually sent that email.

EXPERT ADVICE #4:  Not sure if the e-card you received is a scam? One simple thing you can do before opening an e-card is to contact the sender and ask them if they really sent you the card. If they did, you’ll get peace of mind before opening it and the opportunity to thank them properly!

5. Christmas Scams – How to Be Safe from Catfishing and Other Romance Scams

This is an old one and we have all seen it in one form or another. In 2016, there was a 20% increase in this type of spam, with an estimated $230 million in losses. However, the FBI says that only about 15% of romance scams are reported, so the true number must be much higher. A classic romance scam usually starts with a conversation on a social media account or by exchanging a few emails. Since we are dealing with an old scam, this one involves a lot of experience from the scammers and a little knowledge of human psychology. All of us want company and affection, especially in wintertime, and all of us spend even more time connected to the Internet. Just to name a few practices from what we mentioned in a previous article, online crooks use fake profiles on apparently legitimate sites in the famous practice called catfishing, run Tinder, Viber or Kik bots in phishing attempts to obtain your data and even inject malware into your computer or smartphone. Source To avoid a romantic disappointment and protect yourself:

  • Do not trust anyone you meet online or someone who asks for money or your credit card information.
  • Beware of sharing your most intimate information on social media or dating sites. Even if you receive similar information from the other person, you cannot verify the truth of this info.
  • Take advantage of these security guides and be proactive with what you care most about
  • If targeted by spammers, warn others of their methods.

EXPERT ADVICE #5: Getting the information out there is the number one way to disrupt spammers. Put all that stuff out there so other people can be warned. 

6. Christmas Scams – How to Stay Clear of Games Giveaways and Lotteries Scams

There ain’t such a thing as a free lunch. This old adage applies to both giveaways and lotteries scams – all very common winter holiday scams.  There is no Microsoft Email Lottery, no Uber Online Lottery with free rides and no Linkedin Online Lottery, just to name a few common ones. The lottery scam will never truly go away because people will always hope to win something. A lottery scam starts with a message being sent to the victim, who is announced that a ridiculously large amount of money or benefits has been won. All the victim needs to do is “just” pay for the small processing fees or complete some forms. To stay safe from this online scheme:

  • Do not trust such an email or offer. Google it beforehand.
  • Do not even open such an email, least of all click anything in it.
  • Do not complete forms in a giveaway

A similar lottery scam, a much harder one to detect, is targeting gamers around the world. This winter holiday scam is even harder to detect because many game companies or influencers do host giveaways offering free games. Source In general, with games giveaways you should remember:

  • Do not click on links sent via private messages in the game client (League of Legends, Steam, Battlenet etc) or on streaming platforms like Twitch.
  • Don’t sign up for quizzes promising that the winner will get a free game.
  • Don’t sign up for contests requiring more than a simple comment on Reddit or a forum.
  • Go to the official webpage of the supposed giveaway provider and check if they mention the contest. If League of Legends, for example, hasn’t announced a giveaway, then there is none.

EXPERT ADVICE #6: The primary advice we would offer is to choose a secure password that is not used on any other sites – and definitely not your email account password.  A long, non-recycled password is a great way to protect your account in combination with email verification

7. Christmas Scams – How to Identify Winter Holidays Travel Scams

We wrote one of the most comprehensive guides on protecting yourself against airline scams and also about the pros and cons of Airbnb.  Since the holidays are approaching, we really need to underline the fact that winter holiday scams and airline scams are interconnected and just a tiny part of a booming industry: online travel scams. The worst types of these winter holiday scams simply take your money and don’t send you anywhere, maybe just to the police to file a report. This is what happened when a couple was just one of the many to lose thousands of pounds on fake Airbnb listings. The “happy” cases of Christmas scams based on holiday bookings hide the real costs of your trip. You will end up paying more than initially thought. To make sure you are not the victim of travel scams:

  • Always buy airline tickets or book a travel offer from official travel websites.
  • If the price for the trip or for the flight is too low to be true, it may actually be some sort of scam.
  • Read another 3 useful tips to avoid airline scams online

EXPERT ADVICE #7: It’s really simple. Don’t click on anything in any unsolicited email you receive, even if they mention your name.  If it’s a bona fide deal, open a new browser window and go to the agent’s or retailer’s website, and you’ll find it. However, even official airline websites don’t exactly help foster consumer trust. 

8. Christmas Scams – How to Avoid Christmas Screensavers Bundle Malware

Sites hosting screensavers have long been plagued by malware and trojans, and the biggest vector for infection might just be the biggest problem in town. As Emsisoft also highlights, holiday search terms are loaded with additional downloads like potentially unwanted programs. In essence, they’re the gift that keeps on giving. Not joy or beautiful Christmasy landscapes, but pop-ups and dangerous types of malware and ransomware. So, before decorating your PC with snow-laden houses, do make sure you’re visiting safe websites and not downloading anything malicious. You can do this by using a traffic-filtering software that blocks malicious websites and, of course, by having an antivirus installed. EXPERT ADVICE #8: Be mindful of unsolicited download prompts, unusual friend requests and fake bank emails. 

9. Christmas Scams – How to Identify Shipping Notification Christmas Scams

This time of the year marks a big increase in the number of items purchased online and, at the same time, in the number of confirmation emails and shipping notifications we receive. But are all these notifications real? As we previously highlighted, some of them may be fake and dangerous! An email requesting an update on your shipment could be a disguised attempt to retrieve valuable information from your online banking account. This email might or might not have an attachment that you are requested to download. You could be dealing with a phishing email, an email designed to spread ransomware or any other combination commonly found in winter holiday scams, so take precautions! EXPERT ADVICE #9: Should you receive any of these emails, do not follow any links provided or click any attachments. Simply delete the email instead. If you’ve accidentally selected a link, run a virus scan immediately. 

10. Christmas Scams – How to Spot Fake Jobs, Financial Opportunities and Christmas Scams for Loans

One of the busiest periods in recruitment is the holiday season. Job seekers around the world flock to job sites in order to boost their careers and malicious hackers get a present as well: the personal details of the job seekers. A popular method of gathering sensitive information is phishing via fake job sites. Unsuspecting victims simply give out their name, address, phone number and even SSN, thinking they’re applying for a job through an established career portal. Another one is good old-fashioned emails from “recruiters” or “staffing agencies” – click the link and at best you give out your personal information, at worst you find yourself with a malware infection.   EXPERT ADVICE #10:  Beware of forms asking for your personal information like bank account and passport numbers.  Be rational. Unless you’ve been actively applying for jobs, it’s unlikely that someone is going to find you in the “internet resources” and offer you an amazing job. The holidays are a time for presents, not falling prey to Christmas scams, so use this guide to stay safe and spread the cheer (and valuable info!) to your loved ones. Christmas Scams Guide

11. Christmas Scams – How Can Companies Avoid Them? 

Companies also need to prevent the unpleasant consequences of online winter holiday / Christmas scams – of which phishing is the most significant. 

What can you do to avoid scams? 

– don’t click on every link you find and be careful where you share personal information. – hover on links before clicking on them.  – beware of emails that contain grammar and spelling errors – even the slightest variation can mean you’re about to become the victim of a scam. – don’t share personal information on social media sites. – verify the contact info of the unknown websites you intend to use and lookup for reviews. Don’t forget to share this info with all your employees and remember to: 

Have an Antivirus Installed

A good antivirus solution will help you detect and stop viruses, APT’s, brute force attacks, and malware. Our very own Enterprise Endpoint Security will prevent incoming attacks through connections and login activity monitoring, while the Windows Firewall will isolate devices in case of major outbreaks. 

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Its Heimdal™ Patch & Asset Management​ component will strengthen the security of your endpoints by keeping them updated according to your configured policies, without the need for manual input. 

Protect your Email

When it comes to avoiding Christmas scams, email protection is essential. Our Heimdal™ Email Security can help you protect your email communication by using market-leading spam detection and filtering engines that go beyond simple spam definitions. It proactively prevents even the most sophisticated email exploits so that you can enjoy a peaceful winter holiday, without countless phone calls or emails trying to deal with a security incident. 

Heimdal Official Logo
Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.
  • Completely secure your infrastructure against email-delivered threats;
  • Deep content scanning for malicious attachments and links;
  • Block Phishing and man-in-the-email attacks;
  • Complete email-based reporting for compliance & auditing requirements;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Also, if you have a retail business, keep in mind what my colleague Alina Petcu wrote in her article about CyberMonday (another prolific occasion for online scammers) when it comes to brand impersonation scams:

Creating deceitful websites that mimic the branding of popular retailers is the oldest trick in the opportunistic Cyber Monday scammer’s book. Are you the owner of a large-scale national or international store? Then your client base is a prime target for fraudsters. Smaller businesses aren’t safe either, as they tend to have a loyal customer list that shows massive support during sales season. For this reason, you need to be on the constant lookout for pages impersonating your enterprise. Don’t wait until the influx of shoppers coming in on Monday starts reporting these cons to you. Stay one step ahead of hackers by doing constant research. Scour social media and SERPs for suspicious activity, then isolate fraud attempts and pursue appropriate legal action against them. This is something that you should ideally do all year round, but it is particularly important on Cyber Monday. My advice is to integrate this practice into the workflow of your IT and security department. If you have the budget for it, you can go as far as to recruit a designated person to handle this process or create a task force-type team for it.

Everything she said here is perfectly valid for winter holiday scams too.

Christmas Scams: Wrapping Up

Winter holiday scams can create many nuisances that can be avoided by having prevention in mind and paying a little attention to details.  Keep the advice from this guide in mind and please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it.

P.S.: We’d love to hear from you about your experience: were you ever tricked or almost tricked into a Christmas scam? Let us know how you handled it in the comments below.

Did you see any Christmas scams online?
 Last edited by Elena Georgescu on December 2020. 

Here are the Top Online Scams You Need to Avoid Today

10+ Cryptocurrency Fraud and Scams You Need to Pay Attention to

11+ PayPal Scams: How They Work and How to Protect Your Account

Why Malware as a Business is on the Rise

6 Cyber Threats You Didn’t Have to Worry About 10 Years Ago


Aw, this was an incredibly nice post. Spending some time and actual effort to create a good article… but what can I say… I put things off
a lot and don’t manage to get anything done.

Leave a Reply

Your email address will not be published. Required fields are marked *