Article Summary: 5 Holiday Season Scams to Watch for in 2025
This article outlines five emerging holiday scams, from AI-powered phishing to fake government rebates, and provides practical steps to help individuals shop safely and protect sensitive data this season.
- AI-Driven Social Engineering: Criminals are using generative AI and deepfakes to craft convincing brand communications and impersonate family members in urgent “emergency” money requests.
- Delivery, QR and Rebate Cons: Fake shipping alerts, tampered QR codes and non-existent “tariff rebate” offers attempt to capture personal, financial and login information during peak shopping.
- Verify Before You Click or Pay: Individuals should avoid links in unsolicited messages, confirm requests through trusted channels, use official retailer and government sites, and share awareness to help others stay safe.
With Black Friday, Cyber Monday and peak holiday shopping season approaching, cybercriminals are preparing too. Every year brings a new wave of scams designed to steal personal data, payment information and login credentials from unsuspecting shoppers.
Before you start hunting for deals, it helps to understand the top threats circulating this season, including phishing emails, fake delivery alerts, QR-based scams and false government payout claims. Below are five scams to watch for this holiday season and practical ways to avoid them.
AI-Powered Phishing Attacks
Phishing makes the holiday scam list every year because it still works. This season, the risk is even greater. Scammers are now using AI to create realistic emails, text messages and social posts that look like they came directly from trusted brands. Since 2023, there has been a 1,265% increase in phishing attacks linked to generative AI, which means inboxes are flooded with convincing scams during peak shopping season.
AI tools can now copy brand language, mimic logos and personalize messages, making fake holiday deals feel more real than ever. With so many “limited-time offers,” it is easy to click without thinking.
Watch for low-quality logos, odd wording, typos and suspicious sender addresses like “[email protected].” If a deal looks questionable, do not click the link. Go directly to the retailer’s website or app to confirm the offer. You can also check store flyers or mailers you already received…yes, some of us still read those. If the deal is real, you will find it elsewhere.
Deepfake Family Impersonation Scams
Deepfakes are becoming a dangerous holiday scam tactic. These scams work because people are busy, emotional and more willing to help a loved one without thinking twice.
A deepfake is a synthetic audio or video clip created with AI to mimic someone’s voice or face. While they are often used for harmless social media filters, scammers now use them to sound like a relative who needs urgent money for a “holiday emergency.” As wild as this may sound, deepfake fraud in North America has grown more than 1,700% since 2022, and their sophistication has increased significantly as well making them harder to spot.
If you receive a sudden call or message from a relative asking for money, gift cards or personal information, do not respond right away. Contact them directly through a separate number or message you already know is real. Always confirm the request with another family member. As crazy as it is, a familiar voice or face is no longer proof of identity, so treat any urgent request as suspicious until you verify it.
Fake Delivery and Shipping Notifications
Online shopping increases dramatically during the holidays, and scammers use this to their advantage. Fake delivery alerts, both in email and text messages, pretend to offer tracking updates and then ask you to click a link or submit personal information. In 2024, consumers lost more than $470 million to text scams, and fake delivery messages were the most common.
These alerts succeed because we are expecting packages and want instant updates. On phones, warning signs are easier to miss. Fake messages often come from random numbers and include shortened links that hide the destination website.
Do not click or call from the message itself. Instead, check your original order confirmation for tracking information. Visit the retailer’s website manually to track your package and call the customer service number listed on the retailer’s site, not the one in the message.
QR Scams: A Growing Threat in Stores and Restaurants
QR codes made a major comeback during COVID, and criminals took notice. Quishing scams use QR codes to redirect people to fake websites, download malware or steal login and financial information. During the holidays, shoppers are even more likely to scan them for coupons, menus, store apps or quick checkout options.
Most QR codes are harmless, but scammers can swap real ones with fake versions on flyers, parking meters, restaurant tables, posters and checkout counters. If a code looks tampered with, has a sticker over it, or appears on a random flyer you found on the floor, think twice before scanning. Let common sense beat curiosity. Scanning an unknown QR code today is like plugging in a mystery USB you found on the ground. You know better, so skip it.
If you want to redeem a coupon or download an app, search for it directly in the Apple App Store or Google Play Store. That extra step can be the difference between getting a deal and getting scammed.
“Tariff Rebate” Scam Claims
Scammers love rumors about government payments, especially when people are hoping for extra holiday cash. Recently, false claims of a “tariff rebate” have spread online even though no official program or eligibility details exist. Do not let the promise of a little extra money make you suspend belief. Until the government confirms it, treat it like any other too-good-to-be-true offer.
Any message about a tariff rebate right now is a scam. Fraudsters are sending calls, emails and texts asking you to “verify your identity” to get a refund. Do not share personal or financial information. Until the federal government publishes official details on irs.gov or home.treasury.gov, assume all tariff rebate messages are fake. Report them and delete them immediately.
Keep Each Other Safe This Season
The best way to stay ahead of scammers is to look out for each other. If this article helps you, please share it with friends, family and your network so they can shop smarter and stay a little more secure this season. A little awareness goes a long way and helps everyone enjoy a safer, stress-free holiday, or at least as stress-free as the holidays can be.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page.
