Holiday 2025 Guide to Scams

The 20 cons most likely to target you (and how to outsmart them)

The holidays are peak season for fraud. Scammers lean on urgency (“act now”), secrecy (“don’t tell anyone”), and authority (“I’m from your bank/Amazon/Medicare”) to push you into quick decisions. I created this guide along with Hannah (My ChatGPT) for friends and clients to use to spot the red flags fast and know exactly what to do next.

1) “Amazon order/problem” and refund–impersonation scams

How it works: Fake “order confirmation,” “account locked,” or “refund” messages pretend to be Amazon and steer you to a look‑alike site or push you to text/call.

Red flags: Generic greetings, links that don’t go to amazon.com, requests for gift cards or remote access.

Do this instead: Go directly to Your Orders in the Amazon app/site; never use the link in the message. See Amazon’s current scam trends and safety tips. Trustworthy Shopping at Amazon+2About Amazon+2

2) Fake retailer sites and social‑ad “deals”

How it works: Ads on social media lead to polished but bogus stores (often with stolen brand photos) that take your money and vanish—or ship counterfeits.

Protect yourself: Be wary of “too‑good‑to‑be‑true” pricing; pay with a credit card; search the store name + “scam/complaint.” Consumer Advice

3) Delivery “missed package” texts (USPS/UPS/FedEx)

How it works: Smishing texts claim there’s a delivery issue and ask you to “verify address” or pay a small fee—capturing cards and credentials.

Protect yourself: Don’t click text links; check tracking only from the shipper’s official app/site or your retailer account. Consumer Advice

4) Gift‑card payment demands

How it works: The caller says pay with Apple/Google/Amazon gift cards for fines, bills, tech support, or to “protect your money.”

Rule: Gift cards are for gifts, never for payments. If you paid, contact the card issuer immediately and report to the FTC. Consumer Advice+1

5) QR code “quishing” (including codes in unexpected packages)

How it works: QR codes on notes, parking meters, flyers—or in a package “to see who sent the gift”—lead to phishing pages or malware.

Protect yourself: Open the official app/site directly; don’t scan surprise codes. Internet Crime Complaint Center+1

6) Bank‑impersonation + Zelle® “pay yourself to reverse fraud”

How it works: A spoofed call/text claims there’s fraud and tells you to send money “to yourself” with Zelle to secure the account.

Protect yourself: Hang up; contact your bank using the number on your card/app. Banks warn they will never ask you to Zelle yourself. Chase+1

7) One‑time passcode theft & MFA “push bombing”

How it works: Criminals trick you into reading back a 2FA code or approving rogue prompts to hijack your account.

Protect yourself: Use an authenticator app or passkeys; never share codes; deny unprompted login approvals; enable number‑matching. CISA+1

8) Check washing & mail‑theft fraud

How it works: Stolen checks are chemically “washed” to change payee/amount.

Protect yourself: Pay online when possible; if mailing a check, use inside‑the‑post‑office drop slots; monitor accounts and report immediately. USPS+1

9) Tech‑support renewals/invoices (Geek Squad, “antivirus expired”)

How it works: Fake renewal emails/invoices tell you to call a number; the “agent” seeks remote access or payment.

Protect yourself: Don’t call the number in the email; check your real subscriptions directly; never let unknown callers remote into your device. Consumer Advice+1

10) Look‑alike login pages & phishing websites

How it works: Cloned sites harvest logins and payment info (often with perfect spelling thanks to AI).

Protect yourself: Check the URL carefully, use a password manager (it won’t fill on the wrong site), and turn on phishing‑resistant MFA. CISA+1

11) Website‑platform imposters (Wix and others)

How it works: Emails/texts claim “Wix security alert” or “your domain has malware—pay a partner to fix. ”

Protect yourself: Manage your site only via your logged‑in dashboard; enable 2‑step verification; report phishing to Wix. Wix Help Center+1

12) Government imposters: tolls, traffic tickets, IRS/SSA

How it works: Urgent texts about unpaid tolls or tickets, or calls demanding tax/Social Security payments.

Protect yourself: Agencies don’t demand payment by text, gift card, crypto, or wire. Verify via the official website or app. Consumer Advice

13) Medicare Open Enrollment & “free” medical/genetic testing

How it works: Unsolicited offers say “free testing/equipment”—they just need your Medicare number.

Protect yourself: Don’t share your Medicare number; review plans only through Medicare.gov or known plan reps. Report suspicious offers. Medicare+1

14) Weight‑loss drug (Ozempic/Wegovy) counterfeits & rogue online pharmacies

How it works: Illegitimate sites sell unapproved or counterfeit semaglutide/tirzepatide.

Protect yourself: Use licensed pharmacies; check FDA alerts and avoid “too cheap to be true” offers. U.S. Food and Drug Administration+1

15) Travel booking & vacation rental traps

How it works: Fake booking sites and hijacked listings collect payment and vanish; imposters pose as airline support.

Protect yourself: Book through the brand’s official site/app; pay by credit card; know your DOT refund rights for canceled or significantly changed flights. Consumer Advice+1

16) Ticketing scams & junk‑fee bait‑and‑switch

How it works: Resellers and fake sites mimic venues; scammers sell void or overpriced tickets; hidden fees appear at checkout.

Protect yourself: Start at the artist/venue site for official sellers; beware search‑ad resellers; review refund policies. Better Business Bureau+1

17) Investment & crypto “pig‑butchering” schemes

How it works: A friendly contact (often on WhatsApp/LinkedIn) “mentors” you into high‑return investments, then drains deposits.

Protect yourself: Treat cold investment messages as scams; verify firms on investor.gov; be skeptical of “guaranteed” returns. Consumer Advice+1

18) Romance scams (a.k.a. financial grooming)

How it works: Relationship first, “emergency” money next—often tied to investments, medical bills, or travel.

Protect yourself: Don’t send money, gift cards, or crypto to someone you haven’t met; reverse‑image‑search profile photos. Consumer Advice

19) Charity & crowdfunding fakes

How it works: Imposters ride seasonal giving or disasters with urgent appeals.

Protect yourself: Research before donating; use charity evaluators; donate through the charity’s site—not links in messages. Consumer Advice+1

20) “Free trial” and subscription traps (negative‑option)

How it works: “$0 trial” flips into recurring charges, with hard‑to‑find cancel buttons.

Protect yourself: Read terms, calendar the end date, and know the FTC’s newer “click‑to‑cancel” rule. Federal Trade Commission

Always‑Check Checklist (print or pin this)

STOP & VERIFY — before you click, call, or pay

1. Pause 10 seconds. Urgency = red flag. Consumer Advice

2. Check the sender. Tap the “from” address/number; look for typos and look‑alike domains. Consumer Advice

3. Don’t use the link/number that contacted you. Go to the official app/site or the phone number on your card/bill. Consumer Advice

4. Preview links. Long‑press to see the real URL; avoid shortened or misspelled links. CISA

5. Use safer payments. Prefer credit cards (dispute rights). Never pay strangers by gift card, wire, or crypto. Consumer Advice

6. Protect logins. Turn on MFA/passkeys; never share one‑time codes; deny unexpected prompts. CISA

7. Scan QR codes with caution. If a code arrives out of the blue, don’t scan—go direct. Consumer Advice

8. Search before you donate/buy. “[Name] + scam/complaint/review.” Check charity evaluators. Consumer Advice

9. Report spam texts. Forward to 7726 (SPAM) and delete. Federal Communications Commission

10. When in doubt, talk it out. A quick gut‑check with someone you trust breaks the scammer’s pressure.

If you clicked or paid

• Paid by card? Contact your card issuer and dispute. Consumer Advice

• Gave passwords? Change them, enable MFA, and monitor accounts. Consumer Advice

• Exposed personal info/identity? Go to IdentityTheft.gov for tailored recovery steps. Consumer Advice

• Lost money online? Report to the FBI’s IC3 and at ReportFraud.ftc.gov. Internet Crime Complaint Center+1

• Mail theft/check fraud? Contact your bank and the U.S. Postal Inspection Service. USPS