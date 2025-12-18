Watch out for these festive season scams

As the season of giving unfolds, cybercriminals are taking advantage of holiday stress and the rush.

In 2025, scams are not only more common, they’re powered by AI and automation, making them harder to spot.

Researchers at Check Point detected 33 502 Christmas-themed phishing emails in the past two weeks alone, along with more than 10 000 fake advertisements being created daily on social media channels.

Many mimic festive promotions, while others push fake Walmart or Home Depot deals, fraudulent charity appeals, and urgent delivery notices.

Tip: Always verify deals on official retailer websites and avoid clicking on suspicious links.

The top three Christmas scams of 2025 are:

AI-Enhanced Delivery Phishing (SMS & WhatsApp)

This is the most successful holiday scam worldwide. AI-generated smishing messages mimic alerts from logistics giants like Royal Mail, FedEx, UPS, and DPD. Clicking the link leads to credential theft or payment fraud.

AI-generated delivery scams doubled this season, with a 100% spike in November–December compared to last year.

Victims receive realistic “missed parcel” texts with links to cloned sites.

Fake Retail Sites with AI-Powered Chatbots

Threat actors now create entire e-commerce stores offering fake “Christmas mega deals.” These sites often include AI-driven chat assistants to simulate real customer service.

Holiday-themed retail scam domains surged from Black Friday through December.

Some fake stores feature working checkout carts, email confirmations, and bogus tracking pages.

Social Media Giveaway & Holiday Promotion Scams

Fake giveaways flood Facebook, Instagram, and TikTok, cloning brand pages and claiming victims have “won a Christmas prize.” They then request a small “shipping fee.”

Most giveaway scams originate from accounts created within the last 90 days.

Platforms have issued multiple warnings as these scams spike during the holidays.

How to Spot the Red Flags

Spoofed URLs: Look for typos or suspicious domains.

Look for typos or suspicious domains. Unusual payment requests: Gift cards, crypto, or bank transfers = scam.

Gift cards, crypto, or bank transfers = scam. Missing customer support: No phone, no address, only generic email.

No phone, no address, only generic email. New or inactive social accounts: Real giveaways don’t come from blank pages.

Real giveaways don’t come from blank pages. Emotional triggers: Messages like “You’ve won a Christmas giveaway!” or “Your parcel is held, pay $xx to avoid delays” are designed to create urgency.

Messages like “You’ve won a Christmas giveaway!” or “Your parcel is held, pay $xx to avoid delays” are designed to create urgency. Brand impersonation: Scammers misuse major retailers’ names (e.g., Walmart, Home Depot) to make fake holiday rewards seem legitimate.

Scammers misuse major retailers’ names (e.g., Walmart, Home Depot) to make fake holiday rewards seem legitimate. Name–address mismatch: If the display name shows a trusted brand but the sender address or link domain is unrelated, it’s almost certainly a scam.

How scammers are targeting you this Christmas

Holiday scams are spreading across SMS, email, social media, and even search ads.

What’s different this year?

AI-written phishing emails mimic real brands flawlessly.

Entire fake e-commerce sites spun up with AI chatbots and checkout pages.

Deepfake voices and AI-powered call scripts make phone scams emotional weapons.

Automated infrastructure creates thousands of scam messages and domains at scale.

How to Stay Safe