Nearly one-quarter of survey respondents reported being a victim of identity theft or fraud during the holidays, according to a 2020 Experian survey.

Each year, cybercriminals try to take advantage of online holiday shoppers through a variety of scams. Keep your holiday season merry and bright by keeping an eye out for these common online shopping scams.


Fake Package Delivery Notifications

HOW IT WORKS: You get an email or text message that claims there is an update or problem with your package. A link or tracking URL is included, but the link will take you to a fake website or survey that asks you to enter a credit card to pay a small fee to resolve the issue. Scammers do an excellent job of impersonating popular delivery services and often include your actual name in the message.

WHAT TO DO: DO NOT CLICK LINKS. If you are concerned about a package, navigate separately to the seller’s website to check your order status and tracking number.


Fake Retail Websites and Ads

HOW IT WORKS: You get an email or text message or see an online ad promising a can’t-miss sale or deep discount on a popular item. The ad links to a website where you can purchase the item—but it’s all fake. It’s a scheme to grab your credit card information and other valuable personal information.

WHAT TO DO: Ignore ads that promise discounts or sales that are too good to be true. Only shop with familiar, trusted retailers. Double-check that you are using the correct URL or use the store’s official app. If you’re not sure, search the store name and “scam” to see if others have reported problems.


The Bait and Switch: Social Media Marketplace Scams

HOW IT WORKS: You see a handmade product advertised online by a private seller or artisan, place your order, and pay via PayPal or a similar cash app. But, the item you receive is completely different and of no value. Scammers have impersonated a real seller, copying their profile and photos, and you have no way to get a refund.

WHAT TO DO: Before making a purchase from a private seller or marketplace storefront, take a few minutes to review the seller’s profile. Look for misspellings and odd phrases, search for additional information on the seller to see if anyone has reported an issue. Look for a way to contact the seller to confirm their business is legitimate and ask about the return policy.


Social Media Gift Exchange = Illegal Pyramid Scheme

HOW IT WORKS: You see an invitation in your Facebook feed to sign up for what seems like a little holiday fun: provide your name and address to be added to the gift exchange group. You send a modest gift or bottle of wine to five or ten other people in the group, and you’ll get 20 gifts in return. A new take skips the gifts and goes right for the cash by asking you to send cash through PayPal or Venmo.

WHAT TO DO: If it seems too good to be true, it is! You’ll be left with buying and shipping gifts or money, hoping that others return the favor. This is a classic pyramid scheme, relying on the recruitment of new participants to keep the scam afloat. Once people stop participating in the gift exchange, the gift supply stops as well, leaving hundreds of disappointed people without their promised gifts or cash.


Pixel’s Top Tips for Staying Safer Online

  • If you don’t know, don’t click. Scammers routinely try to trick people into clicking on links, often claiming there is a problem with your account or that you need to claim a free gift. Beware of any message where the sender is urgently trying to get you to click on a link.
  • Use credit cards for online shopping, not debit cards. Using a debit card can expose your bank account to cybercriminals, plus credit cards often have excellent fraud detection and protection programs in place to protect consumers.
  • Use a password manager. A password manager is an application that generates and stores strong, unique passwords on behalf of users. The user only needs to remember one strong password to access the app, and the app takes care of the rest. While nothing is hackproof, it is exceedingly more difficult for a cybercriminal to hack a password manager app than to hack the average person’s self-created passwords.

  • Be skeptical of alerts and warnings—legitimate organizations use good old-fashioned snail mail if there is truly a problem. Scammers have become very good at impersonating law enforcement, government agencies, and financial intuitions, sending email and text messages that claim you have to pay a parking ticket, court fee, or some other type of penalty or fee. Sometimes, they use good news, claiming the IRS owes you money. Government agencies and legitimate businesses will always use the U.S. Postal Service to notify people about such issues.