FBI warns email users about rise in Christmas scams

Holiday shopping creates a perfect storm for cybercriminals.

The FBI says scammers target Gmail, Outlook and almost every other inbox this time of year while sending fake messages that trick you into handing over money or sensitive information.

These schemes move quickly and victims often don’t realize what happened until their bank accounts show charges they never made.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES

Why the FBI is raising the alarm

The FBI’s Internet Crime Complaint Center notes that Americans lose more than $785 million to non-payment and non-delivery scams during the holiday cycle and subsequent months. Credit card fraud increased losses by another $199 million. Complaints usually arise in the first months of the year, which the IC3 links to the Christmas activity that occurs in November and December.

The agency highlights four main schemes that increase during the season. They include non-delivery scams, in which you pay for items that never arrive; non-payment scams, where sellers get nothing after shipping items; auction fraud, where the product is not what the listing says; and gift card fraud, where criminals pressure victims to pay with prepaid cards.

The FBI says one click on a suspicious link can install malware. That malware can capture your name, password, and bank account number. Criminals use that information to break into accounts faster than most people expect.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO PASS FILTERS

A growing problem with account takeover scams

The agency is also tracking a sharp increase in account takeover attacks. Since January 2025, IC3 has received more than 5,100 complaints related to these scams with reported losses of more than $262 million.

These attacks start with social engineering. Criminals pose as bank workers, customer service staff or anti-fraud teams. They send fake emails, text messages or calls claiming that your account has a problem. Victims then face pressure to share login credentials, multi-factor authentication codes, or one-time passwords.

Criminals also create phishing sites that look like real banking or payroll portals. Some even buy search ads so that fake sites appear at the top of the results. Once the victim enters their information, the scammers log in, block the real owner, and move the money. Many transfers go through cryptocurrency wallets to hide the trail.

How to Stay Safe from Holiday Email Scams

You can reduce your risk with some simple habits.

1) Be careful with links and attachments

Avoid opening links or files in emails, websites, or social media posts that you weren’t expecting. Also, use strong antivirus software to detect malware if you accidentally click on something that is not safe.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

2) Search for companies on your own

If a message asks you to update your password or account information, find the company’s phone number yourself and call to verify it.

3) Be aware of pressure tactics

Scammers create a sense of urgency. Slow down and confirm what they tell you.

4) Limit what scammers can find out about you online

Use a data removal service to extract your personal information from data broker sites. These services scan dozens of brokers who publish their phone number, address, email, and even purchasing habits. When less of your data is exposed, scammers have fewer details to use when crafting convincing phishing emails or impersonating trustworthy companies. This makes it more difficult for criminals to target you with personalized attacks during the peak holiday shopping season.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

5) Limit what scammers can find out about you online

Use a data removal service to extract your information from data broker sites. This reduces the personal data that criminals use to craft convincing phishing messages.

6) Check the website address before logging in

Look for strange spellings or domains that seem out of place. Banks never send login links that redirect to unknown sites.

7) Protect your accounts

Allow two factor authentication (2FA), avoid reusing passwords and update them as soon as you become aware of a new scam or data breach that may affect you. Consider using a password manager, which stores and generates complex passwords securely, reducing the risk of password reuse.

Next, check to see if your email has been exposed in previous breaches. Our #1 pick for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

8) Use email aliases to protect your main inbox

Create alias email addresses for purchases and registrations. These aliases forward messages to your main inbox and help reduce spam. They also limit the amount of real information scammers can access if a retailer or website suffers a breach.

9) Act quickly if money is stolen

The FBI says victims should contact their financial institutions as soon as they detect fraud. Request a withdrawal or reversal and request a hold harmless letter or indemnity letter. Then reset all credentials connected to the exposed password, including any accounts that use the same login.

​​For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com.

10) Report scams immediately

The FBI encourages victims to report fraudulent activity to the Internet Crime Reporting Center (IC3.gov). Rapid reports help investigators track new scam patterns and can improve chances of recovery.

Kurt’s Key Takeaways

Cybercriminals have distractions during the holiday season. Staying alert helps keep your inbox, money, and personal information safer. Awareness is your most powerful tool, and even small steps make a big difference when scams advance each year.

What scams have you seen in your inbox this season and how did you handle them? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.