Don’t let scammers steal your holiday cheer 

The holiday season is prime time for phishing scams. This year, scammers are using AI to make their attacks more convincing than ever with polished phishing emails, deepfake voices and videos, and cloned websites that look nearly identical to legitimate retailers. They know you’re shopping, traveling, and looking for deals, and they’re ready to pounce. Learn how to avoid getting hooked. 

What’s different in 2025 

AI has changed the game. Scammers now use generative AI to create flawless emails without the typos and awkward grammar we used to spot. They’re generating deepfake celebrity endorsements on social media, creating realistic fake storefronts, and even buying ads so their scam sites appear at the top of search results. The FBI reports over 5,100 account takeover complaints since January 2025, with losses exceeding $262 million. 

Watch for these red flags 

Here are things to look out for, this holiday season and year-round: 

• Package delivery scams: Texts or emails claiming a missed delivery and asking you to “confirm your address” or pay a redelivery fee. These lead to fake USPS, UPS, or FedEx sites designed to steal your information. 

• AI-generated deepfake ads: Videos on TikTok and Instagram that use celebrities’ cloned voices and faces to promote fake deals and bogus storefronts. 

• Cloned retail websites: Fake sites mimicking Amazon, Temu, and luxury brands with URLs that differ by just one letter. They steal credit card details and ship counterfeit goods. 

• “Free gift card” traps: Pop-ups claiming you’ve won a $750 Walmart or Target gift card. These forms harvest your personal data to sell to advertisers or use in future scams. 

• Fake charity requests: Emotional appeals for donations, especially around disasters or holiday giving, that pocket your money instead of helping anyone. 

• Account takeover attacks: Urgent emails or texts from “bank representatives” claiming there’s a problem with your account and pressuring you to share login credentials or multi-factor authentication codes. 

• Unrealistic deals: First-class flights at economy prices or luxury items at impossible discounts. 

• Suspicious URLs: Web addresses that are slightly misspelled or don’t match the company’s official site. 

• Requests for unusual payment: Gift cards, cryptocurrency, or wire transfers are major red flags. 

How to protect yourself 

These tried and true tips continue to be effective, even as scammers have upped their game: 

1. Slow down: Scammers count on quick, emotional reactions. Take a breath before clicking any link. 

2. Verify directly: Don’t click links in messages about packages or account issues. Go directly to the company’s official website or app to check. 

3. Use credit cards for online shopping: They offer better fraud protection than debit cards and make disputes easier. 

4. Check for HTTPS: Before entering payment information, make sure the URL starts with “https://” and shows a lock icon. 

5. Hover before you click: Place your cursor over links to see where they actually lead. If the destination doesn’t match the description, don’t click. 

6. Enable multi-factor authentication: Even if scammers get your password, MFA adds an extra layer of protection. 

7. Research charities: Use official verification tools to confirm an organization is legitimate before donating. 

8. Report it: Forward suspicious emails to phishcatcher@northeastern.edu for review and report the fraudulent email. 

Enjoy the holidays without the hassle—stay alert, stay informed, and keep the season merry and bright (and scam-free). Remember, if you see something, say something. If you suspect a phishing email or want to verify its legitimacy, visit the Phish Bowl at Northeastern, a resource that can help you identify phishing attempts that have been reported or caught.