Insights & Stories

Holiday Hoaxes: How to Spot Holiday Scams

Reading time: 6 minutes

December 13th, 2023

delivery packages on house front door delivery packages on house front door

Amid holiday deals and buying gifts for friends and family, spending often increases dramatically during November and December. Retail sales in the United States during the holidays is expected to reach a record high of around $960 billion this year. However, it's not only Americans who are making big plans this winter. Cybercriminals are also committing an increasing number of scams in recent years, especially during the holiday season.

A 2022 global study reported that one in three Americans (34%) admitted to taking more risks when shopping online during the holiday season, and nearly just as many people (36%) fell victim to online shopping scams during the holidays. Shoppers lost $387 on average to cybercriminals via email scams, over social media, third-party websites, phone calls, and texts. Overall, three out of every four U.S. consumers experience some type of fraud. This holiday season, don't let these statistics include you!

Here's a quick guide to common holiday scams, tactics often used by scammers, and ways to protect yourself—and your finances.

Types of holiday scams

There are many types of scams from fake giveaways to urgent requests for funds that cybercriminals may use to try and trick you into giving them your money or other personal information.

For example, the online shopping scam involves cybercriminals who pretend to be legitimate online retailers, either with a fake website or a fake ad on a genuine retail site. Fake websites may appear so similar to legitimate shopping sites, such as Amazon or Target, that consumers believe they are authentic. After making a purchase on these fake sites, people may receive an off-brand or knockoff version of the product—or nothing at all. Even worse, scammers now have your credit card or bank information.

Another popular scam involves holiday travel. Many people look for discounted airline tickets and travel packages during the holidays. Cybercriminals may offer cheap tickets on bogus flight-booking websites, asking people to make purchases quickly while prices are low or to take advantage of a significantly discounted travel package.

Gift card scams may occur through phone calls, texts, emails, or messages on social media, as scammers urge people to purchase gift cards for popular retailers, such as Amazon, Apple, or Google Play. Once you give a cybercriminal your credit card information and personal identification number (PIN) to purchase a card, they may use this information to commit identity fraud and secure your funds. Another version of this scam has fraudsters asking you to make payments with gift cards from major retailers. These scams are incredibly problematic because if you purchase a gift card and share the number, you will not be able to recover any of the lost money.

On social media, scammers may create posts offering fake holiday giveaways or surveys to complete in exchange for gifts that are literally too good to be true, such as expensive gadgets, dream vacation packages, or “free cash" in exchange for participation and your personal information. Contests created by cybercriminals will often have links to fake websites to collect your information.

You may receive a “delivery notification" text or email message from cybercriminals posing as a reputable delivery service, including USPS, FedEx, USP, DHL, or Amazon. These alerts may claim that an item you ordered has arrived—but delivery cannot be completed due to incomplete home address information. Scammers will often provide a link where people can confirm their address, and possibly provide credit card information to pay for additional shipping costs.

There are even charity scams, where cybercriminals impersonate other charities and reach out to people through the phone, asking for a donation. Scammers may make a heartfelt pitch on behalf of the (fake) charity organization for a large one-time donation or recurring donations. They may even claim that you have previously donated in the past, asking you to donate again.

Common scammer tactics

Cybercriminals will often employ specific tactics to either make their scam seem more credible or to try and convince you to take action. Be cautious if you encounter any of the following behaviors and warning signs:

  • Scammers often try to create a sense of urgency, so victims act quickly and impulsively without pausing to think rationally and confirm scammers' claims. This might mean pressuring people to collect a prize or take advantage of a special deal that is “expiring soon." Cybercriminals might invent a false emergency—for example, saying you need to pay an overdue bill or protect your identity (usually by visiting a fake website and entering your credit card information). Fraudsters may even use threatening phrasing by saying money is owed to the IRS, 401(k) plans or passports could be frozen, or that you could be facing jail time.
  • Cybercriminals sometimes will impersonate a legitimate company, government agency, or even your loved ones to gain your confidence. By pretending to be a trustworthy individual or organization, they may be able to gain access to your sensitive personal information before you realize it's a scam. Fraudsters may also use fake websites, email addresses, or phone numbers as a way to reach out in an attempt to defraud you.
  • Too good to be true deals.Scammers may attempt to entice potential victims with generous giveaways and prizes. Legitimate retailers sometimes offer premium goods, such as smartphones or video game consoles, at discounted rates (especially during the holidays on promotional days like Cyber Monday). However, if you encounter incredibly low prices on items or unrealistic promises, it may be a trap by scammers.
  • Unusual payment methods.Secure online payment methods like PayPal have buyer protection programs in place that can help refund your money in the event of a scam. Similarly, credit and debit cards issued by insured banks and reputable financial organizations will track, monitor, and record all transactions. Instead of using these payment methods, cybercriminals will often prefer to be paid through means that are more difficult to trace or recover, such as wire transfers, cryptocurrency, or gift cards.

Protecting yourself and your finances

The best way to protect yourself from holiday scams is by identifying and avoiding them before giving cybercriminals your credit card information. A good general rule is: When in doubt, don't click on unknown links or send your personal info.

When shopping online, stick to reputable online stores. Double check the spelling of company names and correct website URLs—for example, or—to confirm that you're at a legitimate retailer. Check the company's “About Us" page on their website to verify information, such as phone numbers and addresses, and be wary if you encounter poor spelling or grammar, low quality images of products, or fake-sounding reviews. When shopping from smaller stores, do a Google search of that company to make sure they're a legitimate business.

When considering travel packages, make purchases directly from the airline or reputable third-party travel companies, such as Expedia, Travelocity, Booking, or Kayak, among others that you've used in the past or that close friends or family members recommend. If you receive any messages about your trip, contact the airline or travel service provider directly (not through the link given to you from the suspicious message) to verify the message is not a phishing attempt.

Only purchase gift cards from the actual retailer issuing the card or reputable companies. Make sure cards haven't been tampered with, and get a receipt to verify your purchase later, especially if the card is stolen or becomes lost. Never pay for services, goods, fines, fees, or taxes with gift cards. No government agency, bank, credit union, or other reputable business will ever demand payment in the form of gift cards.

If you encounter an ad or message on social media, check to see if the ad was created by the actual retailer offering the promotion or a newly created social media account, or one with an unusually low follower count. Be wary of too-good-to-be-true deals on high-ticket gadgets or in-demand luxury items.

If you receive a message about a delivery, verify the message by contacting the company directly. (Not by clicking the link in the suspicious message.) Check the URLs of websites for legitimate delivery organizations, such as,, or; variations or misspellings of these domain addresses are cybercriminals, likely fake websites.

Additionally, ask your family and friends to let you know if they're planning to ship you anything, and what carrier they're using to help minimize unexpected packages.

When making a donation to charity, research that organization ahead of time. Check the Better Business Bureau's Charity Navigator or Wise Giving Alliance to make sure the charity is legitimate. When contributing to a GoFundMe campaign or similar donation platforms, GoFundMe or similar online donation platforms, look into what individual or organization is organizing the campaign before donating.

Whether it's the holiday season or anytime during the year, it's important to regularly be vigilant against suspicious websites and unsolicited messages. Regularly monitor your bank statements, keep your contact information up-to-date with your bank, and make sure you use two-step authentication (such as a password as well as a text to your phone) when logging onto social media and banking apps.

For more ways to bank safely and securely, visit our Bank of Hawaii Security Center. Learn more about ways to help your money go further through our Bank of Hawaii Financial Wellness Center.

You're about to exit

Links to other sites are provided as a service to you by Bank of Hawaii. These other sites are neither owned nor maintained by Bank of Hawaii. Bank of Hawaii shall not be responsible for the content and/or accuracy of any information contained in these other sites or for the personal or credit card information you provide to these sites.