Spoiler: They’re more sophisticated, more convincing, and harder to spot than ever.
At Bolster Research, our team tracks threat actors the way they operate across domains, networks, and digital ecosystems. We map campaign infrastructure, analyze attack kits, and surface new patterns before they hit consumers.
While consumers hunt for Black Friday deals and track packages, scammers deploy highly coordinated attacks designed to steal money, credentials, and personal information. And this year, their tactics have become far more advanced.
Scams Aren’t What They Used to Be
A few years ago, a phishing attempt was often easy to spot. Today, that’s no longer the case.
As CEO Rod Schultz explains: “Scammers aren’t just slapping a logo on a fake site anymore. They’re using AI and dark-web kits to build full storefront experiences, run fake customer-support chats, and launch paid social ads that look identical to the brands you trust.”
In other words: these attacks now operate like real businesses. That’s what makes them so dangerous.
The Numbers Don’t Lie
We pulled data from our Signals technology covering the last 12 months, and the patterns are crystal clear. Scammers go into overdrive during the holidays:
- 118% increase in phishing scams during Thanksgiving
- 229% spike over Black Friday
- 14% increase around Christmas
- 128% overall increase in phishing activity as compared to the 2024 holiday period
This isn’t just anecdotal. The threat is real and measurable.
The 7 Scams Dominating This Season
1. Delivery Notification Scams
You know that text saying your package couldn’t be delivered? It might be fake. Scammers are impersonating UPS, FedEx, USPS, and Amazon with fake “missed delivery” or “customs fee” messages designed to steal your payment info and login credentials.
The data: We’re seeing a 105.8% increase in these scams in November 2025 compared to last year.
2. Fake Online Stores
That Instagram ad promising 80% off designer handbags? Probably too good to be true. Scammers are building incredibly convincing fake storefronts advertising 60-90% discounts on premium brands. These sites look legitimate, but they exist solely to harvest your credit card data or simply take your money and deliver nothing.
3. Smishing Attacks
Smishing (SMS phishing) has become the weapon of choice for scammers this year. Why? Because people trust text messages more than emails. Short, urgent texts with tracking numbers and payment demands have much higher conversion rates for scammers.
The data: We’re forecasting a 122% increase in smishing attacks this November compared to 2024.
4. QR Code Fraud
QR codes are everywhere now, and scammers know it. They’re embedding malicious QR codes in mailers, posters, and text message images. When you scan them, you get redirected to phishing pages while the scammers evade traditional URL filtering systems.
5. Gift Card Schemes
These come in two flavors: Consumer-targeted (“claim your $500 holiday bonus!”) and employee targeted (your “manager” urgently requesting gift cards for “client gifts”). Both are scams.
The data: We’re predicting a 14.5% increase in gift card scams this November.
6. Fake Charity Appeals
Scammers exploit holiday generosity with emotional stories and professional-looking donation pages. But instead of helping those in need, the money goes straight to criminals.
The data: We’re forecasting a 38% increase in charity scams this November.
7. Seasonal Job Scams
“Start immediately! Work from home! Great pay!” Except they need your Social Security number, bank details, or an upfront “training fee” first. No legitimate employer does that.
Trust Your Gut
Rod Schultz nailed it when he said: “Scammers exploit our trust, fear, and curiosity. If you feel yourself thinking ‘that’s weird’ or ‘that’s too good to be true,’ listen to your gut because it’s probably a scam.”
How to Stay Safe
Here’s what we recommend:
- Verify before clicking. Got a delivery notification? Open the carrier’s official app or website directly and enter your tracking number there. Don’t click links in unsolicited messages.
- Question extreme deals. Legitimate premium brands rarely discount 70-90% off. If the price seems impossible, it probably is.
- Treat QR codes like links. Preview the URL before scanning. Most phones will show you the destination first. Look at it.
- Never pay with gift cards for business. No legitimate business, tech support team, or employer will ask for payment via gift cards. Ever.
- Check URLs carefully. Scammers register lookalike domains with tiny typos (like amaz0n.com). Hover before clicking.
- Monitor newly registered domains containing your brand name combined with terms like “shop,” “sale,” “deals,” or “delivery.”
- Publish your official URLs and legitimate communication channels before the holidays to help customers distinguish real from fake.
- Establish rapid takedown partnerships with registrars, hosting providers, and social platforms.
The Bottom Line
This holiday season, scammers are counting on consumers being busy and moving fast. Slowed vigilance is exactly what they exploit.
Stay skeptical, verify everything, and remember: If something feels off, it probably is.
From all of us at Bolster Research, stay safe out there.
