The holiday season is once again upon us. For cybersecurity researchers, this means one thing: holiday scams, fraud, and cyberattacks.
As cybercriminals seize the holiday season to launch malicious campaigns, we talk to experts to understand why this season is unlike any other, what is coming, and what users need to know and do.
The FBI sounds the alarm: AI will take holiday season scams to the next level
In late November, FBI offices across the United States warned the population to stay vigilant as they expect holiday season scams to spike.
“While it may seem like an uptick during the holidays, the reality is that as the volume of shopping transactions increases, so does the rise in fraudulent activity,” said FBI Special Agent in Charge Greg Nelsen.
The top holiday scams to watch out for include AI-based impostor scams, smishing, fake stores and phantom deals, fake charities or donations, and package delivery and shipping scams, according to Eric O’Neill, former FBI operative, cybersecurity expert, and founder of The Georgetown Group.
Why this holiday season is unlike any other
While most users expect scams every holiday season, this season will be unique.
“This year is worse because scammers are using AI to personalize their attacks,” said O’Neill. “They can mimic voices, draft convincing texts and emails, and push out thousands of targeted messages in seconds.”
The schemes that users tend to fall for most are those that blend into normal holiday life. These include fake delivery texts, preying on shoppers who are waiting on packages, lookalike retail sites promising deals that disappear the moment you pay, and bogus charity appeals that pop up just as people are feeling generous, O’Neill explained.
“We’re also seeing a rise in AI-generated ‘family emergency’ calls — where a cloned voice begs for money,” said O’Neill. “It’s emotionally manipulative and brutally effective, and costs families across the country thousands.”
“This season is very unique, as AI and automation have industrialized holiday scams,” Amy Mortlock, Vice President of Marketing at ShadowDragon, explained.
Fake domains, malicious bots, AI-generated traffic, and more
There has been a huge surge in scam domains, fraud committed via bots, and traffic generated by AI. These make attacks faster and more difficult for users and companies to spot in time.
“They are more convincing than ever,” said Mortlock.
“AI has eliminated the calls that used to make phishing obvious: no more broken English, generic greetings, or obviously fake logos,” said Michael Bell, founder and CEO at Suzu Labs.
AI has eliminated the calls that used to make phishing obvious: no more broken English, generic greetings, or obviously fake logos.
Michael Bell, founder and CEO at Suzu Labs
Attackers are generating personalized phishing emails, deepfake customer service voices, and thousands of unique fake product listings. And the volume is increasing dramatically due to the fact that AI lets a single operator run campaigns that previously required teams, explained Bell.
“This is the first holiday season where AI-generated scam content is indistinguishable from legitimate communications at scale, making the old ‘look for red flags’ advice increasingly useless,” Bell added.
“GenAI writes flawless messages, voice cloning sounds real, and one-tap payments drain accounts fast, so scams seem much closer to real life than any prior year,” Nic Adams, co-founder and CEO of 0rcus, an AI-driven cybersecurity company, told us.
Thousands of AI-generated fake online shopping stores
Recently, UK Cyber Defence warned that more than 2,000 holiday-themed fake stores had begun targeting shoppers during Black Friday and the festive sales events.
The operation that Cyber Defence uncovered is an example of what’s coming this holiday season. Large-scale AI-generated phishing sites are being designed to trick users with fake offers and steal payment card details and personal information at scale.
Some of the sites impersonate Amazon, a company that recently warned all of its more than 300 million customers to be on the lookout for holiday season scams.
Whether it be high-value luxury items, too-good-to-be-true offers, Amazon returns, or Amazon mystery boxes and pallets, lookalike sites can pop up in great numbers out of nowhere and operate for some time before authorities and researchers catch on and sound the alarm.
“Cybercriminals often create ‘ecommerce’ websites optimized for search engines and offer goods at below-market prices to entice consumers into making a purchase,” John Wilson, Senior Fellow and Threat Research at Fortra, told us.
“These sites may even be shared on social media platforms and circulate as fake, enticing ads to lure as many victims as possible,” he added.
When users hand over their payment details while shopping on these sites, hackers record them and use them to commit identity fraud and make fraudulent purchases later.
Fake, short-lived offers, ephemeral sites, and bot traffic
Shoppers and end users reach these fake sites via fake ads, search engine optimization, fake social media ads, and bots.
“We began seeing fraud networks pairing flash-pop storefronts with bot farms to seize on bargain-hunters seeking deals well ahead of last week’s Black Friday,” Zbyněk Sopuch, CTO of Safetica, a data cybersecurity company, told us.
The flash-pop storefronts play out with bot traffic driving credibility and cloned domains harvesting credentials. Then, the domain vanishes and reappears elsewhere, said Sopuch.
“Combining this personalization with bargain-hunting, scam operators are shifting away from long-term stores to ephemeral coupon sites, with personalized emails and texts directing users to those sites, offering one-day deals, intrusive pop-ups, and minimal inventory,” said Sopuch.
AI-voice clone scams and classic smishing
One of the ways cybercriminals are using AI this holiday season is through AI-driven impersonation.
“Scammers use AI to clone the voices of people you trust — your boss, your spouse, or even your kids — then call or message in a panic asking for help,” said O’Neill.
“You hear their voice, your guard drops, and your money disappears.”
Of course, the classic SMS smishing scam, saying for example, “Your package is delayed — click here to reschedule delivery,” is also guaranteed to show up during these holidays.
Links in smishing scams will take you to a site designed to steal login credentials, financial details, or install malware, O’Neill explained.
Government tariff rebates and other Christmas classics
A recent Protegrity report found that the social-engineering economy, where emails are a skeleton key and a family’s “personal information is a slim jim,” is booming. The report warns of a 25% year-over-year increase in money lost to scams, with Americans reporting $12.5 billion in losses.
“This holiday season, the US economy may be wavering, but the social engineering economy is booming,” Clyde Williamson, Senior Product Security Architect at Protegrity, told us.
“Scammers are exploiting recent economic news by sending emails claiming the government or a retailer owes users a ‘Tariff Rebate’ (Consumer Affairs) or ‘Inflation Adjustment’ refund (New York Department of Taxation and Finance),” said Williamson.
“Of course, all the Christmas classics are still playing on repeat,” Williams added.
Despite the complexities that the 2025–2026 holiday scam season brings, all scams share a common weakness, said Williams.
“They fall apart if we slow down.”
The scam economy runs on urgency. It relies on overriding users’ critical thinking with the promise of a deal or the threat of a delay.
“To secure your holidays, you have to break that rhythm,” he said.
Travel, work, gift card scams, and fraud
There are a couple of other holiday trends that scammers will exploit. These include scams associated with travel, work, gift cards, and donations.
“Victims can receive phishing emails offering discounted travel deals and offers that impersonate legitimate online travel service providers,” Wilson from Fortra said.
As Moonlock recently reported, a black market full of stolen data from Airbnb and Booking.com customers and professional accounts exists on the dark web. This data, combined with automated phishing kits and fake site builders, helps low-level scammers target the travel industry more efficiently than ever.
“Booking travel plans through these fake, malicious sites can compromise your sensitive personal information and even lead to financial losses,” said Wilson.
Scams based on seasonal job offers
For many gig workers, the holiday season is a chance to earn an extra buck or get a seasonal job. However, cybercriminals even take advantage of the increase in job offers to lure victims with fake jobs.
“(Scammers) pose as recruiters from well-known companies, send fake job offers to collect personal information, and demand upfront payments for ‘training’ or ‘equipment,’” said Wilson.
“They are even incorporating AI, making scams increasingly difficult to identify,” he added.
Before accepting an offer, verify the opportunity directly through the company’s official website or HR department. Legitimate employers will never ask for money or sensitive data during the hiring process, Wilson explained.
“The use of gift cards during the holiday season ramps up, and so does the attackers’ exploitation of them,” Wilson added.
These scams usually start with attackers contacting victims via email, social media, or other channels, telling them they’ve won a gift card or received a gift. Using AI and customizable templates that they fill in with stolen user data bought on the dark web, scammers impersonate popular brands to increase the authenticity of the fake gift card.
The red flag in this scam is when they ask you for your personal information or say a shipping fee applies, said Wilson. If you receive a message like this, remember that legitimate companies will not ask you for a payment before you can receive a gift card.
How you can stay safe this holiday season
While the scams covered in this report only scratch the surface of the wide range of variants that cybersecurity researchers and authorities are seeing in the wild, users can take simple but highly effective steps to have a safe holiday season.
To beat scammers at their own game, follow this checklist:
- Turn on multifactor authentication — everywhere. It’s your best defense against stolen credentials.
- Use antivirus software like Moonlock. Phishing attacks often aim to spread stealer malware that can extract data from your Mac.
- Trust your gut. If it doesn’t feel right, it probably isn’t. Think before you click.
- Remember: If it looks too good to be true, it is. The internet doesn’t hand out miracle deals or free luxury gifts.
- Avoid clicking ad links. Go directly to the retailer’s site to verify deals or deliveries.
- Use credit cards for online purchases. Credit cards offer fraud protection; debit cards can drain your account.
- Give smart. Donate only through known charities. Verify names through Charity Navigator or BBB Wise Giving.
The FBI has also set up a dedicated FBI website for holiday season scams and fraud. Check it out for more resources, tips, and contact information.
Final thoughts
This holiday season is bound to be packed with online scams and fraud campaigns. How users respond depends mostly on how informed and how aware they are of the risks and types of techniques scammers and large cybercriminal groups use against them.
As a golden rule, cybersecurity experts agree that the best thing you can do this holiday season to avoid scams is to simply slow down and think before you click, respond, download, or buy.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Amazon.com, Inc. Amazon is a trademark of Amazon.com, Inc.
