Morgan Stanley
  • Wealth Management
  • Nov 9, 2023

Five Holiday Scams to Avoid

Stay a step ahead of cybercriminals this season by being aware of these scams.

It’s no wonder so many of us look forward to the holidays. It’s a time to gather with family and friends, share memories and gifts, and make plans for the coming year.

Manage your Wealth

Find a Financial Advisor, Branch and Private Wealth Advisor near you

Cybercriminals look forward to the holidays, too—but for starkly different reasons.

This time of year represents an opportunity to unleash their schemes on a busy, distracted audience that’s focused on merriment, not mayhem. But being aware of some common scams can help keep you safe throughout the holidays.

1. Package Delivery Scams

An estimated three billion packages were shipped during the last holiday season.1 So, it’s not surprising that cybercriminals have concocted several schemes related to package deliveries.

A popular scam involves receiving a text or email that asks you to click on a link for a number of phony reasons, such as to get an update about the delivery date, track the package location, give your payment preferences, provide delivery instructions or pay a shipping fee. You may also be given a phone number to call for more information about your delivery. Since fraudsters want you to act without thinking, they may convey a sense of urgency in their message.

While some of these communications are obviously fraudulent—perhaps containing multiple misspellings or other errors—many are carefully crafted, even replicating a shipping company’s logo or email format in some cases.

So, it’s easy to get duped, especially during the hectic holidays.

Unfortunately, clicking on the link may infect your phone or computer with malware that enables a cybercriminal to capture your passwords or take control of your device. Or it may direct you to a form that requests personally identifying information, which can be a gateway to identity theft.

Calling the number typically leads you to a friendly-sounding individual who asks you to verify your personal information or provide the credit card number used for your purchase. You might also be requested to pay an additional delivery fee, customs fee or tax for the package.

If you receive any of these communications, it’s best to simply go to the shipper’s website for more information about your alleged delivery using the tracking number provided. (Type the website address directly into your browser because search results may lead you to a fake or phishing site that mimics the authentic one.) Or call the shipper using a verified phone number.

Sometimes scammers take a more aggressive approach and call you pretending to be a representative from a package delivery service. If this happens, don’t provide any personal information—just hang up. If you receive a voicemail with a call-back number, don’t return the call. 

2. Missed Package Scams

Who doesn’t hate missing a package delivery?

Cybercriminals know this. So, they’ve created a ruse that involves leaving a note on your door claiming to have a package for you that couldn’t be delivered. The note contains a phone number to call to reschedule the delivery. If you call the number, you’ll be greeted with questions related to your personal identity that can later be used to commit fraud.

If you receive a missed delivery note, look at it closely for any mistakes or other signs that it could be fraudulent. (It’s also a good idea to check your recent orders to see if a delivery was scheduled for that date.) Even if the notice looks legitimate, don’t call the number listed on the note. Instead, visit the company’s website to find the official customer service number.

3. Gift Card Scams

'Tis the season for gift cards. So, naturally scammers have devised some ploys to take advantage of this.

A common gift card scam involves receiving a phony or “phishing” email or text that appears to be from someone you know—such as an executive at your company—and asks you to purchase multiple gift cards for a work-related function. Or perhaps it’s a personal request allegedly from a relative or friend who claims to need some help with ordering gift cards.

If you receive any unusual requests for gift cards during the holidays, reach out directly to the individual by phone to confirm the authenticity of the request. 

4. Social Media Scams

During the holidays, you might see promotions or contests on social media sites offering gift cards or vouchers in exchange for simply completing an online survey. Unfortunately, the survey usually isn’t legitimate. It’s only a means of capturing your personal information to commit identity fraud or other types of cybercrime.

Or you might be offered a prize for just liking or sharing a social media post. But doing either could infect your device with malware.

The bottom line? Be extra cautious during the holidays on social media, especially with enticing offers that seem unusually generous.

5. “Brushing” Scams

While the name of this scam is odd, the scam itself is even odder.

You’ll receive a package you didn’t order bought from an online marketplace that allows customers to post reviews of their purchase. The item is typically cheap and lightweight.

Since it’s the holiday season, you might think it’s just a gift from a stranger looking to pay it forward. In reality, it’s likely from someone who sells products on online marketplaces who wants to create fake, positive reviews. But, in order to post a review, the marketplace requires that a transaction be verified with a legitimate tracking number that shows a successful delivery.

And that’s where your mystery package comes into play. That purchase creates a tracking number. So, after the package is delivered, your fake gift giver can write the review.

The good news? You won’t be charged for the item, and don’t have to return it. Often the sender just randomly found your name and address online.

However, it’s possible the fraudster created an online account for you at the marketplace, or hijacked your existing account. So, you should report the activity to the marketplace. If you have an account at the site, change your password immediately. The United States Postal Inspection Service offers additional information about this scam.

Taking Action

We hope you’ll enjoy the holidays without the stress of dealing with fraud.  But, if you’re a victim, here’s what to do:

  • Report the crime to local law enforcement
  • Alert your banks and credit institutions
  • File a complaint with the FBI
  • Report the scam to the FTC

Even if you simply encounter a scam, the FTC encourages you to report it to help others avoid becoming a victim. 

Find a Financial Advisor, Branch and Private Wealth Advisor near you. 

Check the background of Our Firm and Investment Professionals on FINRA's Broker/Check.

Reporting an Online Security Concern

If you suspect you may be the victim of fraud or identity theft, or if you notice suspicious account activity or receive a questionable email or text that appears to be from Morgan Stanley, please contact us immediately at


888-454-3965
(24 hours a day, 7 days a week)