Ahead of the holiday season, scammers are flooding social feeds and shoppers’ inboxes with fraudulent messages, spoofed emails, and deepfakes. Thanks to generative AI, these schemes now look so polished that spotting them has become increasingly difficult. Cybersecurity and financial firms report a rise in phishing campaigns, fake online storefronts, and deepfaked promotional videos emerging just before the annual surge in consumer activity.
According to Norton’s October report, 62% of Americans admit they tend to make a purchase as soon as an appealing offer appears online. Such impulsive behavior leaves almost no time to notice warning signs. Experts highlight several of the most common schemes worth watching for.
Fraudsters continue cloning major e-commerce platforms to steal bank-card data and sell counterfeits. They register domains that differ from the originals by just a single letter and promote them through social media and phishing emails. Forcepoint notes that the most frequently spoofed pages mimic Amazon, Temu, and well-known luxury brands. As large language models and autonomous AI agents advance, these fake sites can be deployed far more quickly: chatbots draft product descriptions and marketing copy, agents generate and launch site code, and AI tools create logos and images of “products.” Mastercard’s survey shows that 72% of shoppers have bought goods from unfamiliar websites; nearly one in five never received their order, and 16% ended up with counterfeit items.
A wave of email campaigns is also expected, disguised as offers from retail brands promising steep discounts or “exclusive” holiday releases. These messages often replicate the style of genuine marketing campaigns and lead to fake sites designed to harvest login credentials. Forcepoint and McAfee report that attackers are also sending fabricated alerts about returns or order issues, with AI helping them eliminate the spelling and grammar mistakes that used to serve as red flags.
Another widely used tactic involves fraudulent delivery texts. Researchers warn that the volume of such messages will increase as shoppers grow more eager to track their parcels. These texts often mention a “missed delivery” or demand an extra payment to confirm an address; in some cases, the requests go as far as asking for a Social Security number, the Federal Trade Commission notes. Scammers redirect users to spoofed websites styled after USPS, UPS, or FedEx, or hide malware behind “tracking” links. According to the FTC, Americans lost $470 million to SMS-based fraud in 2024, with delivery-related schemes proving the most common.
Deepfaked promotional videos are spreading as well. Generative AI now produces convincing clips advertising fictitious stores, while voice- and face-cloning tools allow scammers to impersonate celebrities and push false discounts through TikTok and Instagram, directing viewers to fraudulent sites. McAfee researchers, for example, identified a video using a voice mimicking Taylor Swift to promote a nonexistent Le Creuset sale. According to Norton, 54% of Americans make holiday purchases through social-media ads, amplifying the risks.
Gift-card schemes also remain widespread, Retail & Hospitality ISAC notes. RH-ISAC expects sales of these cards to surge around Black Friday and Cyber Monday, and an AARP survey shows that 72% of consumers plan to buy at least one this season. Yet one in three has encountered a card with an unexpectedly empty balance. Scammers steal card numbers and PINs by tampering with the packaging and then drain the funds as soon as the card is activated. Experts advise checking packaging carefully for signs of interference.
If an offer looks too good to be true, the safest option is to go directly to the retailer’s official website and verify the details there. Any email or text message asking for payment—especially for delivery fees or gift cards—should be treated with caution. When in doubt, it is worth calling customer support before entering any bank-card information.