Bolster AI Warns: These Are the Top 7 Scams for Consumers to Look Out for This Holiday Season

New threat intelligence reveals attackers exploit holiday shoppers with smishing surges, personalized phishing lures, and multi-channel fraud campaigns to steal their money

SANTA CLARA, Calif., Nov. 19, 2025 /PRNewswire/ -- While consumers hunt for Black Friday deals and track holiday deliveries, cybercriminals are unleashing more sophisticated seasonal scams to trick them.

Bolster AI, the leader in AI-driven brand protection, today released new threat intelligence revealing the top seven scams consumers need to watch out for this holiday season.

And these scams are getting more sophisticated.

"Scammers aren't just slapping a logo on a fake site or sending poorly written emails anymore," said Rod Schultz, CEO of Bolster AI. "Today, they're using AI and kits purchased on the dark web to build complete storefronts, using fake chatbots to provide customer service, and running ads for fake stores on social media that look and feel like your favorite brands."

The 7 Scams to Watch Out for This Holiday Season

Tis' the season for holiday scams. Using its Signals technology, Bolster Research examined phishing and scam data over the last 12 months. We found:

• 118% increase in phishing scams during Thanksgiving
• 229% spike over Black Friday
• 14% increase around Christmas
• 128% overall increase in phishing activity as compared to the 2024 holiday period

The 7 most active threat categories this season include: 

1. Delivery notification scams impersonating UPS, FedEx, USPS, and Amazon with fake "missed delivery" or "customs fee" messages designed to steal payment information and logins.
   
   The data: These attacks have surged 105.8% this November compared to the same period last year.
   
   
2. Fake online stores advertising 60-90% discounts on premium brands through paid social ads and search results. These storefronts look real but exist solely to harvest credit card data or fail to deliver anything to customers.
   
   
3. Smishing attacks (fraud via SMS) have become one of the most dominant attack channels. Short, urgent text messages with tracking numbers and payment demands convert better than email because people are more likely to trust texts from their phones.
   
   The data: We're projecting a 122% increase in smishing attacks for November 2025.
   
   
4. QR code fraud has exploded. Scammers embed malicious QR codes in mailers, posters, and text message images, redirecting mobile users to phishing pages while evading URL filtering systems. 
   
   
5. Gift card schemes targeting both consumers ("claim your holiday bonus") and employees (e.g. manager impersonation requesting urgent gift card purchases for "client gifts"). 
   
   The data: We're tracking a 14.5% uptick in gift card scams for November 2025.
   
   
6. Fake charity appeals exploiting holiday generosity with emotional stories and donation pages that funnel money to criminals rather than causes.
   
   The data: The numbers indicate charity scams will climb 38% this November versus 2024.
   
   
7. Seasonal job scams offering immediate employment but requesting Social Security numbers, bank details, or upfront "training fees." 

"Scammers exploit our trust, fear, and curiosity," added Schultz. "If you feel yourself thinking 'that's weird' or 'that's too good to be true,' listen to your gut because it's probably a scam."

Staying Safe This Season 

Bolster recommends consumers follow these practices to avoid getting scammed: 

• Verify before clicking. If you get a delivery notification, open the carrier's official app or website and enter your tracking number there. Don't click links in unsolicited messages. 
• Question extreme deals. Legitimate premium brands rarely discount 70-90% off. If the price seems impossible, it probably is. 
• Treat QR codes like links. Preview the URL before scanning the QR code. Most phones will show you the URL first. 
• Never pay with gift cards for business use. No legitimate business, tech support team, or employer will ask for payment via gift cards. 
• Check the URL carefully. Scammers register lookalike domains with tiny typos. Hover before clicking. 

For brands and security teams, Bolster recommends: 

• Monitor newly registered domains containing your brand name combined with terms like "shop," "sale," "deals," or "delivery." 
• Publish your official sale URLs and legitimate communication channels before Black Friday to help customers distinguish real from fake. 
• Establish rapid takedown partnerships with registrars, hosting providers, and social platforms. 

About Bolster AI 

Bolster AI protects enterprises from external digital threats, detecting and removing phishing attacks, brand impersonation, fraudulent apps, and social media scams before they reach customers. The company's AI-powered platform monitors across web, email, social, app stores, and the dark web, delivering automated takedowns with 99.999% accuracy. Bolster serves leading financial services, technology, e-commerce, and consumer brands globally. 

For more information, visit www.bolster.ai. 

SOURCE Bolster