Scam Season Continues: Holiday Fraud

December 19, 2024

This year’s Black Friday online shopping set a new record, with a total of $10.8 billion in sales. Meanwhile, according to Forbes, holiday shopping sales are expected to exceed $260 billion this year. With much shopping left to be done before the holidays, it is vital that buyers be cognizant of the types of holiday-related fraud often observed during this season. In light of the FBI’s recent warning to consumers regarding holiday fraud, this blog examines some of the most frequently observed holiday scams as well as recommendations for how to best defend oneself in the face of increased cybercriminal activity.   

Online Shopping Scams 

Online shopping-related scams remain some of the most prevalent during the holiday season, as previously highlighted in DarkOwl’s Black Friday Scams blog. Among these, so-called “non-delivery” scams are especially common, and involve criminals offering deals—often via phishing emails or fake online advertisements—to attract consumers. The advertised items tend to be highly coveted goods, such as electronics or designer products, and are listed at a suspiciously low price. As the name “non-delivery” implies, the items are purchased but never received. The FBI’s Internet Crime Complaint Center (IC3) revealed in a 2023 report that non-delivery and non-payment scams (when goods are shipped by sellers but payment is never received) cost victims more than $309 million that year.  

In a recent report from EclecticIQ, analysts identified a phishing campaign targeting online shoppers in Europe and the U.S. for Black Friday. EclecticIQ assesses with high confidence that the campaign was likely carried out by a Chinese threat actor which the firm dubbed “SilkSpecter.” The report lists several identified phishing domains, including one posing as the American company The North Face. DarkOwl analysts located an additional fake North Face domain featuring the keyword “Christmas,” instead of “Black Friday.” As can be seen in the screenshots included below, the fake website uses a simplistic font that does not match that of the legitimate North Face website. Moreover, the website’s listings appear to be limited entirely to deals, all of which feature up to an 80% discount. The significant discount in and of itself stands out as a red flag, particularly when paired with promises of “free gifts” if buyers meet a baseline purchase amount. Additionally, most items appear to be in low stock, a detail meant to pressure buyers into purchasing the item as quickly as possible while supplies last. Finally, in the “contact us” section, the fake website lists an email that does not appear anywhere on the official North Face website. Unlike genuine customer service emails, the one included on the scam website does not use a North Face domain or any associated keywords.  

Figure 1: Legitimate North Face Website 
Figure 2: Legitimate North Face Website 
Figure 3: Illegitimate Listing   
Figure 4: Illegitimate Listing  Featuring “Free Gifts” 
Figure 5: Fake Customer Service Email 

Holiday Getaway Scams 

Similar to fake shopping websites mimicking legitimate businesses, scammers may also attempt to attract individuals to fake travel websites. In these instances, the scammers’ goals are the same: obtain victims’ personal information, including full names, social security numbers, and credit card numbers. Illegitimate travel-related websites may advertise non-existent getaways, flights, and accommodations.  

Phishing/Smishing 

Phishing emails, which aim to deceive victims into sharing personal information or installing malware, increase significantly during the holiday season. In an effort to mislead targets, senders often spoof a legitimate business and convey a sense of urgency. Claims of a failed package delivery or a delay in delivery are particularly common, especially during the holiday season when there is a greater urgency to receive packages on time. These fraudulent messages will often encourage the receiver to click a link to track/change a delivery or to update the payment method. Smishing—phishing via text message—has seen a notable rise over the past few years, particularly since 2020, and continues to persist. This method of delivery combined with the use of AI to fabricate convincing messages free of spelling errors has rendered the phishing threat landscape even more complex and difficult to navigate.   

Fraudulent Charity Scams 

In addition to shopping-related scams, the FBI has warned of charity scams being carried out during the holiday season. These scams are characterized by scammers creating fake charities or imitating legitimate charities to solicit donations through “phone calls, emails, crowdfunding platforms, and social media.” As highlighted by Forbes, these scams often prey on sympathy by appealing to victims emotionally. Moreover, as is often the case with phishing emails and texts, fake charity scams may also be characterized by a sense of urgency to pressure victims into donating.  

Gift Card Scams 

The IRS has notably warned of an increase in gift card scams in which scammers impersonate a legitimate company or government official to request gift cards. The agency has warned that scammers may send requests via email or call its victims to demand payment. In some instances, the fraudsters may even impersonate a colleague or acquaintance to request the purchase of a gift card and to subsequently share the card information.  

The FBI has also warned of gift card “draining,” another form of gift card fraud in which criminals steal the number and security code from a gift card in a store and re-seal the card for future purchase by an unknowing victim. 

  • Do not click on any suspicious links received via email or text, or located online. Phishing emails and texts often include links which, when clicked, may prompt the receiver to enter personal information or can even download malware on the device.  
  • Do not respond to any suspicious texts or emails; doing so may prompt further phishing and smishing messages.  
  • Verify websites, as scammers may spoof legitimate businesses and advertise fake deals. Before making any purchases, inspect the website’s URL to ensure that it is legitimate and has an “https” address, indicating that the site is secure. Fake shopping websites may also include grammatical errors and low-quality images.  
  • Do not pay with pre-paid gift cards when prompted by sellers. Scammers often request payment via gift card to steal the card’s funds. Using a credit card instead can allow consumers to dispute charges and recover funds, if needed. 
  • Inspect gift cards in stores; do not purchase the card if the packaging appears to have been tampered with.  
  • Research advertised charities through trusted sources to avoid being scammed by fake charities.  

Ultimately, while holiday scams may be on the rise, there are steps individuals can take to safeguard themselves against these threats. It is also encouraged that suspicious websites, (fake shopping sites, fake charities, etc.), phishing emails, and phishing texts be reported to the Federal Trade Commission (FTC) and the FBI’s Internet Crime Complaint Center (IC3). Additional information can support these agencies’ investigations into reports of fraud and help prevent further scams.  


Never miss a thing from the DarkOwl team. Subscribe to email.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.