Skip to main content
  • Cybersecurity

Don’t fall-a la la la for these 3 online scams this holiday season

By Eric Brynaert
Product Marketing Manager

‘Tis the season for warm sweaters, eggnog, and—unfortunately—an increase in online scamming. While most Canadians will be busy spending time with their friends and families over the holiday seasons, bad actors are hard at work coming up with creative ways to swindle people out of their personal information and hard-earned money.  

The tactics used by criminals are becoming increasingly sophisticated, however there are steps you can take to ensure that you and your loved ones do not fall victim to these attacks. At CIRA, we want you to be safe, so our gift to you is sharing three scams you might encounter over the holidays.  

Faked missed delivery notifications 

Online shopping is taking up a larger share of Canadians’ holiday shopping every year. In 2021, more than half of Canadian shoppers planned to shop online for the holidays, many for the first time. Scammers have taken note and are taking advantage of this change in shopping habits.  

The scam: faked missed delivery notification scams can take a few forms but follow a similar pattern. A fraudulent email or text message is sent to people claiming that there has been a failed delivery attempt of a package, that it’s stuck at customs, or is delayed. The messages will prompt users to click on a link which will either include a malicious payload, prompt users to input sensitive information (login credentials, credit card information) or both. Clicking on the links can be costly—infecting your device with malware or accessing your payment information.  

How to stay safe: for emails, always check the address sending the message. Scammers will use close variations of actual email addresses (e.g. [email protected]). They will also try and create a sense of urgency by claiming that you must act now, or your order will be lost. If you suspect there are actual issues with your package, log back onto the platform where you placed your order and check the status there. Do not click on the link in the text/email.  

Fraudulent online stores  

As e-commerce grows at a fast clip, naturally the number of online stores increases along with it. While many new stores are legitimate, there is an increasing number of fraudulent online stores 

The scam: criminals create fraudulent e-commerce websites featuring popular gift items and will take payment but not deliver the item ordered, or ship something of considerably less value. In some cases, users are directed to these fraudulent online stores via legitimate platforms such as Facebook, Instagram or Twitter. These platforms can often take time to detect fraudulent websites and turn off their ads. This problem might be exacerbated this holiday season as there have been many layoffs at Facebook and Twitter in the past month, leaving them with smaller moderation teams handling a larger number of requests.  

According to the Better Business Bureau, fake online scams account for the largest percentage of complaints that they receive.  

How to stay safe: if you are using an e-commerce website for the first time, make sure to verify the seller through third-party sites, reviews, ratings and more. Deep discounts, grammatical errors, awkward wording, and missing return policies are all telltale signs that a website might be fraudulent. Remember, just because a website begins with https does not mean that it is safe. Criminals can add SSL certificates to their websites. If you have any doubts about a website’s authenticity, we recommend playing it safe and using websites you already know and trust (or ones recommended by CIRA in our .CA Holiday gift guide!).  

Gift card scams 

Gift cards are popular holiday presents, often given in place of cash so that the recipient treats themselves instead of using the money to pay bills or other mundane necessities. Gift cards are also the source of one of the most common online and phone scams, even in the offseason. 

The scam: in the most common version of the scam, criminals will email, call, or text a potential victim impersonating a well-known business or government agency. The scammers will say that the victim owes them money and will threaten jail time or fines if they are not paid right away. They will encourage the victim to purchase gift cards and send over the activation codes.  

Criminals are creative and have come up with a holiday twist on the common gift card scam. They will target businesses and send a spear-phishing email pretending to be a high-level executive or manager. The scammer will ask the victim to purchase gift cards as a holiday gift for employees, often asking them to keep the purchase secret. They will then ask for the activation code, allowing them to steal all the money held on the gift cards in an instant.  

How to stay safe: if anybody requests gift cards, end the conversation right away and do not engage any further. No legitimate business or agency demands gift card payments. These criminals prefer gift cards because they are easy for most people to find and buy and have far fewer protections compared to other payment options. The transactions are largely irreversible, and the scammer can remain anonymous.  

Six Tips to staying safe online this holiday season 

These scams are far from the only criminals will attempt these holidays. While online criminal activity will become increasingly creative and audacious, there are tips you can follow to reduce your risk as you shop online.  

1. Never give out your password or pin numbers: while most of us know not to share this information, cyber criminals are skilled manipulators who can often extract this information from individuals. Never click on an email or text message link and enter your credentials—instead, navigate directly to the website from your search bar or a trusted search engine.  

2. Exercise a healthy degree of skepticism: we hate to be the bearers of bad news, but if a deal sounds like it’s too good to be true, it probably is.  

3. Triple check email addresses: when you receive one requesting action, double check it and then check it again. Spelling errors and subdomains (e.g., are telltale signs that the email is coming from a scammer. 

4. Avoid uncommon payment methods: never send payment in the form of gift cards and avoid e-transfers and money orders. Unlike credit cards, these payment methods do not offer much protection in the event of a scam.  

5. Be wary of people pushing you to act quickly: creating a sense of urgency is a hallmark of a scam. The idea is to get you to act before you can accurately assess the situation and notice other red flags.  

6. Always look for third-party reviews and ratings: do not trust the reviews you see within the website, look for third-party reviews on other platforms such as Google My Business, Trustpilot, Better Business Bureau and more. If the website does not have a presence on these platforms, that’s a red flag.  

About the author
Eric Brynaert

Eric is a Product Marketing Manager with CIRA Cybersecurity Services. His background in digital marketing has led him to appreciate the vital role data plays for Canadian organizations and individuals, and the need to keep it safe. Eric has an MBA in International Business from Sup de Co La Rochelle.