Experts at Psono.com highlight 10 modern scams to watch out for during and after the festive shopping season, and advise what your customers should do when encountered with such scams. 

As AI technology advances, scams become more realistic and harder to detect. The year-end festive shopping season is often the reason scammers and cybercriminals unleash their arsenal to prey on bargain-hunting and unsuspicious shoppers, and AI tools help them quickly and effectively leverage personal data to create highly convincing attacks. 

And it’s not sophisticated deepfakes we should be concerned about. Besides deepfakes, what else should we be watching out for during and after the year-end festive shopping season? 

Experts at Psono.com offer 10 tips to understanding how these scams work, as an essential guide to helping our customers protect personal information and money:

  1. AI-powered scams

    Scammers now use AI to impersonate family or friends, creating realistic voice recordings or videos from social media content. These deepfakes are used to ask for money or personal information, making the scams feel alarmingly real.

    What to do: If you receive an unexpected request, ask questions or details only the real person would know. A wrong or vague answer is a strong sign of a scam.

  2. Gift card scams

    Scammers analyze online shopping habits to target victims with gift card requests from stores they frequently use, especially during busy shopping seasons. The cards are quickly redeemed once the codes are shared, leaving the victim with financial loss.

    What to do: If someone asks for gift card codes, especially for payment or problem resolution, it’s likely a scam. Always verify requests directly with the person or organization before taking action.

  3. Vishing

    Vishing involves phone scams where attackers impersonate trusted organizations, like banks or government agencies, creating urgency — such as reporting “suspicious activity” — to pressure victims into sharing sensitive details.

    What to do: No legitimate organization will ever ask over the phone for sensitive information, like PINs or card details. If unsure, hang up and contact the institution directly using a verified number. Always take a moment to verify before acting on any request.

  4. Smishing

    Smishing scams use fake text messages that mimic delivery updates or account alerts, often targeting online shoppers, to steal credentials or spread malware.

    What to do: Always check the sender’s number. If it doesn’t match the official organization, it’s likely a scam. Verify messages directly with the company before taking action.

  5. Clone phishing

    Clone phishing replicates real emails, like receipts or notifications, but replaces links or attachments with malicious ones. The familiarity makes them easy to fall for.

    What to do: Check the sender’s email address and double-check any links by hovering over them. If the email feels off, contact the sender directly using their official contact details.

  6. Social media phishing

    Social media phishing uses fake or hacked profiles to send messages that mimic giveaways or urgent requests. These scams aim to steal login credentials or personal information.

    What to do: Avoid clicking links in unsolicited messages. Verify requests directly with the sender and double-check login pages for authenticity.

  7. Man-in-the-middle attacks

    Man-in-the-middle attacks happen when hackers intercept what you send or receive on public Wi-Fi, like passwords or banking details. Using Wi-Fi at places like cafés or airports can make customers’ data a target.

    What to do: Avoid logging into important accounts on public Wi-Fi. Use a VPN for extra security and look for “https://” on websites to ensure they are encrypted.

  8. Ransomware

    Ransomware blocks access to files or devices by encrypting them and then demands payment to unlock them. These attacks often start with phishing emails or fake downloads and target personal data like photos or documents.

    What to do: Back up important files offline and avoid clicking on suspicious links or attachments. If attacked, report the incident to relevant authorities and seek professional advice on the next steps.

  9. DNS spoofing

    DNS spoofing redirects users to fake websites that look like real ones. These sites are designed to steal sensitive information like passwords or credit card details.

    What to do: Always check the website address carefully before entering any information. Use secure websites with “https://” and consider tools that protect against DNS attacks.

  10. Fake job offers

    Scammers post fake job offers, often promising high pay or remote work, to steal personal details or money. They may ask for fees or sensitive information, pretending to be real companies.

    What to do: Before paying or sharing personal information, ensure the request comes from the right source. Research the company and confirm details through official channels.

Commenting on the list, Sascha Pfeiffer, CEO, Psono, stated: “AI is changing how scammers operate, making their attacks more personal and harder to spot. They use tools to mimic voices, create fake videos, or send messages that seem to come from trusted contacts. It’s now easier than ever to fall for a scam, whether it’s a text from a friend asking for help or a gift card offer from a favorite store.” 

Sascha Pfeiffer, CEO, Psono

For customers, he added: “Staying alert is important, as these scams can lead to serious financial losses. Under no condition should you share very personal data, such as passport details or credit card CVV, via email, phone, or any other method that can be easily accessed by hackers. Additionally, if you hear the voice of a close person asking for help, take extra precautions to verify their identity by asking specific questions or details only they would know, ensuring you’re speaking to the real person.”