Safe + Secure
PC Matic Complete Security
Products
Antivirus
PC Matic VPN
Identity Protection
PC Matic Privacy
Support Unlimited
Threat Awareness
How PC Matic Protects You
SuperShield Allowlist
Business Protection
PC Matic Pro
PC Matic for SMB
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
The Cyber Scam Report
Town Hall Sessions
Tools & More
Password Generator
Internet Speed Test
What Is My IP?
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

Top 5 Holiday Scams to Watch Out For

The holiday season is here, bringing with it a flurry of online shopping, charitable giving, and travel planning. But while you’re hunting for the perfect gift, cybercriminals are hunting for something else: your data.

This year, scammers are leveraging AI and sophisticated social engineering to make their attacks harder to spot than ever. To keep your season merry and your digital identity secure, we’ve rounded up the top 5 cybersecurity threats to watch out for, and how to stop them.

1. The “Delivery Exception” Phishing Notification

This is arguably the most pervasive scam of the season. You receive an email or text (SMS + Phishing = “Smishing”) claiming a package is delayed, requires a “redelivery fee,” or has a blurry address label. It often mimics major carriers like UPS, FedEx, or USPS perfectly.

The Cyber Threat: The link provided usually leads to a credential-harvesting site designed to steal your login info or prompts a “drive-by download” of malware onto your device.

How to Stay Safe:

  • Never click the link. Instead, go directly to the carrier’s official app or website.
  • Verify the tracking number. Copy the number from the message and paste it into Google or the official carrier site. If it’s fake, it often won’t register.

2. AI-Generated “Lookalike” Storefronts

Gone are the days of scam sites riddled with typos and poor design. Cybercriminals now use AI tools to generate convincing, professional-looking e-commerce sites in seconds. These sites often advertise “sold out” items at unbelievable prices via social media ads.

The Cyber Threat: These sites exist to skim your credit card details or harvest your personal data for identity theft. You will likely receive a counterfeit item or nothing at all.

How to Stay Safe:

  • Check the URL age. Use a tool like whois.domaintools.com to see when the domain was created. If a “major retailer” site was created 2 weeks ago, it’s a scam.
  • Stick to credit, not debit. Credit cards offer far robust fraud protection and don’t drain your actual bank account if compromised.

3. The “Gift Card” Business Email Compromise (BEC)

This scam targets you while you’re at work. You receive an urgent email or text appearing to be from your CEO or a direct manager. They claim they are stuck in a meeting/conference and need you to buy gift cards for “client gifts” immediately and send them the codes.

The Cyber Threat: This is a social engineering attack that bypasses traditional firewalls because it relies on human manipulation rather than malicious code.

How to Stay Safe:

  • Verify out of band. Do not reply to the email. Call or message your boss on a separate platform to confirm.
  • Check the sender address. Often the display name says “CEO John Smith,” but the actual email address is [email protected].

4. “Quishing” (QR Code Phishing)

With holiday travel and pop-up winter markets, QR codes are everywhere—from parking meters to restaurant menus. Scammers are now pasting their own malicious QR code stickers over legitimate ones.

The Cyber Threat: Scanning the code directs your mobile device to a phishing site that asks for payment info or login credentials. Because URL bars are often hidden on mobile browsers, it’s harder to spot a fake domain.

How to Stay Safe:

  • Inspect the physical code. If the QR code is a sticker placed on top of another sign or laminated card, do not scan it.
  • Preview the link. Use your phone’s camera to preview the URL before tapping it. If it looks shortened or suspicious, type the URL manually.

5. The Fake Charity Heartstring Pull

During the “season of giving,” scammers create fake charity websites or GoFundMe campaigns that mimic real causes.

The Cyber Threat: Beyond stealing your donation money, these sites collect your full name, address, and financial data, which is then sold on the dark web.

How to Stay Safe:

  • Donate directly. Navigate to the charity’s official website manually rather than clicking links in emails or social media posts.
  • Vetting is vital. Use sites like Charity Navigator or GuideStar to verify the legitimacy of the non-profit before opening your wallet.

Quick Cyber-Safety Checklist

DoDon’t
Enable MFA (Multi-Factor Authentication) on all financial and shopping accounts.Reuse passwords. Use a password manager to generate unique ones.
Use a VPN when shopping on public Wi-Fi (airports, cafes).Save payment info on websites you don’t frequent often.
Run reputable Antivirus software and keep it updated.Download attachments or files from unknown or unverified sources.
Update your OS to patch security vulnerabilities before the holidays.Click “Unsubscribe” on suspicious spam emails.

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles