Attention Last-Minute Holiday Shoppers: Scammers Are Coming for You

Experts say procrastinators need to be wary of last-minute Christmas-shopping deals.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
3 min read
An image of a woman shopping on her phone in front of a Christmas tree.

If a deal looks too good to be true, it probably is.


Better ho, ho hold up before jumping on that seemingly great deal on that must-have holiday gift. Scammers are looking to take advantage of procrastinators still trying to finish their Christmas shopping.

With Christmas just days away, experts say last-minute shoppers need to be especially wary of deals that look too good to be true, because they most likely are. Cybercriminal attempts to steal the money and personal information of consumers have spiked in recent weeks and aren't going to stop anytime soon.

What's more, as gift giving draws closer, increasingly desperate shoppers will be more apt to click on links they shouldn't and shop at sites that they otherwise might think are a little questionable.

Shoppers need to be aware that they're being targeted with an epic amount of phishing and other kinds of online scams right now, said Kurt Baumgartner, a principal security researcher for the cybersecurity company Kaspersky.

"For the crooks that are behind this stuff, It's a numbers game and they're willing to put a lot more behind these efforts," Baumgartner said.

The volume of Christmas-themed spam has increased consistently since Nov. 27, with big spikes in the emails spotted between Dec. 6 and Dec 9, according to researchers at the cybersecurity company Bitdefender.

The emails covered the usual holiday topics, including product giveaways, fake surveys and discounts on designer goods, along with non-shopping related offers geared toward the lonely including online-dating pitches and access to premium adult content.

Scammers impersonated brands such as Dollar General, Netflix and Lowes, hoping to entice consumers to hand over their personal or financial information in exchange for bogus gift cards, Bitdefender said.

In addition to seemingly never-ending streams of phishing emails, scammers are also reaching consumers through text messages, a practice known as "smishing," as well as ads posted on social media. Those kinds of attacks have a better chance of getting past typical consumer antivirus software, which screens emails for phishing and spam.

The attacks themselves aren't a new invention. Phishing in all of its forms is a year-round plague. What's different during the holidays is that people are in a rush and less apt to think before they click, Baumgartner said.

About 12% of Americans polled for a Kaspersky study done before the start of the holiday season said they planned to do the bulk of their shopping during the last nine days before Christmas.

Of those expected last-minute shoppers, 40% admitted they'd be willing to shop on a site that struck them as sketchy, if the offer was enticing enough.

Baumgartner said that given the potential risks, those numbers are "alarming." That said, there are some easy ways for last-minute shoppers to protect themselves.

Here are some tips from Baumgartner and others for warding off the cyber Crampus as you finish your holiday shopping.

Tips for safe last-minute online shopping

If a deal looks too good to be true … Yep, it probably is. Stop and think. Ask yourself if the deal you're considering would look realistic in January, after the Christmas rush has passed.

Use good AV and a password manager. Security software will screen out a lot of unsolicited email and help protect you from known malware if you accidentally download it. A password manager won't autofill your critical usernames and passwords if it thinks you're on a site that they're not intended for.

Always use a credit rather than debit card. If you get scammed, credit card companies are usually great about making you whole, ASAP. And it's a lot less traumatizing to deal with that rather than an empty bank account.

Don't buy gift cards online. When it gets down to crunch time, gift cards are better than nothing, but resist the temptation to buy one online from a third-party site. Instead, head to a brick and mortar retailer like a drug store. When you pick out your card, make sure it hasn't been tampered with.