12 Holiday Scams to Avoid this Christmas

Dec 8, 2023 | Privacy Tips

Holiday scams can ruin your holidays in seconds, so here’s what to look for to avoid falling victim.

Most holiday scams are everyday scams dressed up for the season when we’re too busy to notice. Our best advice is to take care, and if something doesn’t feel right or seems too good to be true, PASS on it.

Here, we explore 12 common holiday scams to watch out for this holiday season:  

  • Smishing
  • Gift card scams
  • Missing package scams
  • Travel scams
  • Fake website scams
  • Fake charity scams
  • Social media privacy
  • Porch pirates
  • Fake prize-draw scams
  • Door-to-door scams
  • Phony phone calls
  • Letter from Santa scams


It might be a cool word, but there’s nothing cool about falling victim to a smish. Smishing is simply phishing conducted via SMS as opposed to the usual email. Phishing + SMS = smishing.

A smish is when you receive an SMS from a service or agency with a link to follow-up. Common smishing comes from parcel delivery services pretending to be Amazon or similar, from scammers masquerading as government agencies (e.g. the passport office), and from unknown senders offering prizes or telling you you’ve won a competition.

The SMS will say something like your package is delayed or your passport number was stolen, for example, and will ask you to click a link for more information. If you click it, the link will either install malware (malicious software) on your phone or lead to a fake web site. In either case, criminals behind the attack are hoping you’ll take the bait and enter your personal details, especially financial information.

Bottom line? Don’t click on links in SMS these holidays or any time. If you are legitimately concerned about a delayed parcel or any other topic outlined in the smish SMS (e.g. your passport), contact the legitimate agency or service directly by phone to find out more.

Read this advice from the FTC on scam text messages.

Gift card scams

Gift cards are America’s favorite holiday gift, but scammers love them too. Scammers want to steal your holiday money via gift cards, and they have many ways to do it. It’s crucial to know how to safely buy and protect your gift cards, and never pay by gift card no matter who asks.

Stay alert to the signs of fraud. Follow the FTC advice about gift card scams.

Missing package scams

Beware fake shipping or missing parcel notifications from scammers disguised as UPS, FedEx or the US Postal Service these holidays.

Do not click on links or give out your name or credit card unless you’re certain of the sender.
Use MySudo so you know which email and phone number you used with the authentic store and verify it’s them before you click.

Our tip? Always ask yourself: Are they who they say they are? Shop and ship safely this holiday with MySudo.

Travel scams

Beware spoof travel booking sites and email offers. Book only with trusted services and never click suspicious links. Use MySudo to organize travel so you always know the context of calls, texts and emails.

Watch for these warning signs of travel scams:

  • Offer too good to be true
  • Typos and poor grammar on sites or in emails
  • No phone number or street address (only an email or contact form)
  • Links in an email from unknown sender

Remember, we recommend you use MySudo for travel bookings and only book and pay through trusted sites.  

Fake website scams

In the rush to buy gifts, don’t accidentally shop with a scammer this holiday. Scam shopping sites are common and hot deals that sound too good to be true usually are. Check that you’re buying from a trusted retailer by checking the URL starts with https://

Our other top tip? Use MySudo to set up a dedicated shopping email and phone number. At any time of year, there are so many privacy and cybersafety benefits from using MySudo email and phone numbers, not least of which are the power to compartmentalize or ‘silo and organize’ your personal information to limit the extent to which companies can surveil and use your digital exhaust, and limit damage if one of your accounts is involved in a data breach.

When you use MySudo for your shopping, you can also browse privately using the in-built private browser and pay securely using a MySudo virtual card.

Fake charities

Criminals prey on our holiday generosity. Beware fake charities with names that sound like those of registered ones. Other signs that you might be being duped into a donation are forceful sales pitches and pressure tactics from the so-called charity’s “representative” and fake emails.

Donate only to trusted charities and use a secure MySudo virtual card to pay.

Other important advice:

  • Check the charity on Charity Navigator or Give.org
  • Never give your credit card over the phone. Ask to be sent a form for your donation.
  • Check the sender’s email address and that any links match the organization’s official URL.
  • Never wire donations or pay in gift cards.

Social media privacy

We probably don’t have to point out this common pitfall of our collective social media obsession, but anything you put on social media can identify you and your location and alert criminals to the fact you’re not home.

Our best advice is to check the privacy settings on all your social accounts so you know who can see your posts, and only post your holiday snaps once you’re back home.

Porch pirates

Porch pirates steal parcels off porches and it’s a crime on the rise. This holiday use MySudo for online shopping and set up notifications with retailers so you know when your deliveries will arrive. It’s also a good idea to provide a secure place for delivery drivers to put your parcels until you get home to collect them.

You’ll find more tips in this article on The Conversation.

Fake prize-draw scams

Everyone loves to win but you definitely won’t feel like a winner if a fraudster fleeces your hard-earned cash this holiday. The FTC says if you must pay, it’s not a prize. They also advise never wire money or deposit checks that a so-called prize draw “representative” sends you.

Remember, legitimate prize offers won’t ask for money, ask you to a meeting or call you randomly. Check this FTC advice for more.

Door-to-door scams

Don’t answer the door to scammers this holiday. Door-to-door scammers are common, particularly at this time of year when we tend to be home more often and possibly feeling generous.

Watch for sellers that ask for a deposit or full payment or for your personal info like your SSN. Legitimate sellers will give their ID, a receipt and a cancellation form. Know the signs of door to door scammers, which sadly tend to prey on the elderly more than any other age group.

Phony phone calls

Fake phone callers are out to steal your time, money and identity. Stay alert to robocalls, bogus IRS “representatives”, family and friend impostors, fake prize offers, dubious free trials and travel offers and more. Hang up on anyone you’re suspicious about.

Most importantly, never give your credit card details or ID over the phone. The FTC tell you all the signs to watch out for here.

Letter from Santa scams

Letters from Santa can be a lovely surprise for your children or grandchildren, but if you book and pay for the letter through a bogus service, the surprise can quickly turn into a nightmare.

Some nefarious Letter from Santa services are designed to steal your child’s personal information for identity theft, which can do irrefutable damage to their future credit rating, and/or your credit card for fraud.

Here are seven ways to avoid a Santa letter scam:

  • Beware calls for immediate action on the web site.
  • Hover over links in emails to check they’re from a legitimate source.
  • Confirm contact details on the web site are real.
  • Check out the business on BBB.org and do a web search.
  • Pay through a secure connection or use MySudo virtual card.
  • Use a Sudo email and phone number to book the Santa Letter.
  • Watch for poor grammar and spelling on site or in emails. This is often a giveaway of fraudulent contact.

Bottom line to all these holiday scam warnings? Take care online and off and do everything you can to proactively protect your privacy and safety. MySudo is the world’s only all-in-one privacy app, and it’s available for iOS and Android. Explore it today. From all of us at here at MySudo and Anonyome Labs, we wish you and your family a happy and healthy holiday season.

Get privacy, cyber safety and decentralized identity insights in your inbox:

You May Also Like…

Download Mysudo

Plans start at USD 0.99 a month.
Try SudoFree today.

Browse plans

Download Mysudo

Plans start at USD 0.99 a month.
Try SudoFree today.

Browse plans