Holiday shopping creates a perfect storm for cybercriminals. The FBI says scammers target Gmail, Outlook and nearly every other inbox this time of year as they push fake messages that trick you into giving up money or sensitive information. These schemes move fast, and victims often do not realize what happened until their bank accounts show charges they never made.
Why the FBI is raising the alarm
The FBI’s Internet Crime Complaint Center notes that Americans lose more than $785 million to non-payment and non-delivery scams during the holiday cycle and the months that follow. Credit card fraud pushed losses higher by another $199 million. Complaints usually surge in the early months of the year, which the IC3 ties to holiday activity that happens in November and December.
The agency highlights four major schemes that spike during the season. They include
- non-delivery scams where you pay for items that never arrive
- non-payment scams where sellers get nothing after shipping items
- auction fraud where the product is not what the listing claimed
- and gift card fraud where criminals push victims to pay with prepaid cards.
The FBI says one click on a suspicious link can install malware. That malware can capture your name, password and bank account number. Criminals use that information to break into accounts faster than most people expect.
A growing problem with account takeover scams
The agency is also tracking a sharp rise in Account Takeover attacks. Since January 2025, the IC3 has received more than 5,100 complaints tied to these scams with reported losses of over $262 million.
These attacks start with social engineering. Criminals impersonate bank workers, customer service staff or fraud teams. They send fake emails, texts, or calls that claim your account has a problem. Victims then face pressure to share login credentials, multi-factor authentication codes or one-time passcodes.
Criminals also create phishing sites that look like real banking or payroll portals. Some even buy search ads so the fake sites appear at the top of the results. Once a victim enters their information, scammers log in, lock out the real owner and move money. Many transfers go through cryptocurrency wallets to hide the trail.
How to stay safe from holiday email scams
You can lower your risk with a few simple habits.
1) Be cautious with links and attachments
Avoid opening links or files in emails, websites or social media posts you did not expect. Also, use strong antivirus software to catch malware if you accidentally click on something unsafe.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
2) Look up companies on your own
If a message asks you to update your password or account information, find the company’s phone number yourself and call to verify it.
3) Watch for pressure tactics
Scammers create a sense of urgency. Slow down and confirm what you are being told.
4) Limit what scammers can find about you online
Use a data removal service to pull your personal information off data broker sites. These services scan dozens of brokers that publish your phone number, home address, email and even shopping habits. When less of your data is exposed, scammers have fewer details to use when crafting convincing phishing emails or impersonating trusted companies. This makes it harder for criminals to target you with personalized attacks during the holiday shopping rush.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
| 🎙 Now Streaming [Ep. 34] Is that Social Security email in your inbox real? How one convincing SSA scam nearly tricked a reader, and the five red flags to check before you click |
| 📱 Lock down your phone in 30 minutes: Join Kurt “CyberGuy” Knutsson for a free live class on Saturday, June 13 at 10 AM ET and learn simple, real-time steps to protect your personal data and stay safer from scams. Register free: CyberGuyLive.com |
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
5) Limit what scammers can find about you online
Use a data removal service to pull your information off data broker sites. This reduces the personal details criminals use to craft convincing phishing messages.
6) Check the website address before signing in
Look for odd spellings or domains that seem out of place. Banks never send sign-in links that redirect through unfamiliar sites.
7) Protect your accounts
Enable two-factor authentication (2FA), avoid reusing passwords, and update your passwords as soon as you hear about a new scam or data leak that could affect you. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
8) Use email aliases to protect your main inbox
Create alias email addresses for shopping and sign-ups. These aliases forward messages to your primary inbox and help reduce spam. They also limit how much of your real information scammers can access if a retailer or website faces a breach.
You can get an Exclusive deal for CyberGuy readers: 50% off: $23.98 for first year ($2.50 per month, billed annually). Includes a free 7-day trial.
Some of StartMail's best perks include:
- StartMail email address
- 20 GB of email
- Unlimited aliases
- Access email on any device
- Import your contacts easily
- No ads, no tracking
- Send encrypted emails to anyone
Why it matters: You stay anonymous, avoid data leaks, and never have to change your main email address again.
9) Act fast if money is stolen
The FBI says victims should contact their financial institution as soon as they notice fraud. Request a recall or reversal and ask for a Hold Harmless Letter or Letter of Indemnity. Then reset every credential connected to the exposed password, including any account that uses the same login.
10) Report scams right away
The FBI urges victims to report fraudulent activity to the Internet Crime Complaint Center (IC3). Quick reporting helps investigators track new scam patterns and may improve recovery chances.
Related Links:
- Surprising places your personal data is exposed and how to remove it
- Protect your data before holiday shopping scams strike
- Take back your privacy with custom data removals
Kurt’s Key takeaways
Cybercriminals count on distraction during the holiday rush. Staying alert helps keep your inbox, money and personal information safer. Awareness is your strongest tool, and even small steps make a big difference when scams grow more advanced every year.
What scams have you seen hit your inbox this season, and how did you handle them? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
