This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers

McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into clicking on malicious links in the first weeks of this holiday shopping season. As holiday excitement peaks and shoppers hunt for the perfect gifts and amazing deals, scammers are taking advantage of the buzz. The National Retail Federation projects holiday spending will reach between $979.5 and $989 billion this year, and cybercriminals are capitalizing by creating scams that mimic the trusted brands and categories consumers trust. From October 1 to November 12, 2024, McAfee safeguarded its customers from 624,346 malicious or suspicious URLs tied to popular consumer brand names – a clear indication that bad actors are exploiting trusted brand names to deceive holiday shoppers. 

McAfee’s threat research also reveals a 33.82% spike in malicious URLs targeting consumers with these brands’ names in the run-up to Black Friday and Cyber Monday. This rise in fraudulent activity aligns with holiday shopping patterns during a time when consumers may be more susceptible to clicking on offers from well-known brands like Apple, Yeezy, and Louis Vuitton, especially when deals seem too good to be true – pointing to the need for consumers to stay vigilant, especially with offers that seem unusually generous or come from unverified sources.  

McAfee threat researchers have identified a surge in counterfeit sites and phishing scams that use popular luxury brands and tech products to lure consumers into “deals” on fake e-commerce sites designed to appear as official brand pages. While footwear and handbags were identified as the top two product categories exploited by cybercrooks during this festive time, the list of most exploited brands extends beyond those borders: 

Top Product Categories and Brands Targeted by Holiday Hustlers 

  • Product categories: Handbags and footwear were the two most common product categories for bad actors. Yeezy (shoes) and Louis Vuitton (luxury handbags) were the most common brands that trick consumers into engaging with malicious/suspicious sites. 
  • Footwear: Adidas, especially the Yeezy line, was a top target, with counterfeit sites posing as official Adidas or Yeezy outlets. 
  • Luxury goods and handbags: Louis Vuitton emerged as a frequent target, particularly its handbag line. Cybercrooks frequently set up fake sites advertising high-demand luxury items like Louis Vuitton bags and apparel. 
  • Watches: Rolex was one of the most frequently counterfeited brands, with fraudulent sites openly selling counterfeit versions of the brand’s coveted watches. 
  • Technology: Scammers frequently used the Apple brand to trick consumers, including fake customer service websites and stores selling counterfeit Apple items alongside unrelated brands. 

By mimicking trusted brands like these, offering unbelievable deals, or posing as legitimate customer service channels, cybercrooks create convincing traps designed to steal personal information or money. Here are some of the most common tactics scammers are using this holiday season: 

Unwrapping Cybercriminals’ Holiday Shopping Scam Tactics 

  • Fake e-commerce sites: Scammers often set up fake shopping websites mimicking official brand sites. These sites use URLs similar to those of the real brand and offer too-good-to-be-true deals to attract bargain hunters. 
  • Phishing sites with customer service bait: Particularly with tech brands like Apple, some scam sites impersonate official customer service channels to lure customers into revealing personal information. 
  • Knockoff and counterfeit products: Some scam sites advertise counterfeit items as if they are real; there is often no indication that they are not legitimate products. This tactic was common for scammers leveraging the Rolex and Louis Vuitton brands, which appeal to consumers seeking luxury goods. 

 With holiday shopping in full swing, it’s essential for consumers to stay one step ahead of scammers. By understanding the tactics cybercriminals use and taking a few precautionary measures, shoppers can protect themselves from falling victim to fraud. Here are some practical tips for safe shopping this season: 

Smart Shopping Tips to Outsmart Holiday Scammers 

  • Stay alert, particularly during shopping scam season: The increase in malicious URLs during October and November is a strong indicator that scammers capitalize on holiday shopping behaviors. Consumers should be especially vigilant during this period and continue to exercise caution throughout the holiday shopping season. 
  • Wear a skeptic’s hat: To stay safe, consumers should verify URLs, look for signs of secure websites (like https://), and be wary of any sites offering discounts that seem too good to be true. 
  • Exercise additional caution: Adidas, Yeezy, Louis Vuitton, Apple, and Rolex are brand names frequently used by cybercrooks looking to scam consumers, so sticking with trusted sources is particularly important when shopping for these items online. 

Research Methodology 

McAfee’s threat research team analyzed malicious or suspicious URLs that McAfee’s web reputation technology identified as targeting customers, by using a list of key company and product brand names—based on insights from a Potter Clarkson report on frequently faked brands—to query the URLs. This methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands. Additionally, the team queried anonymized user activity from October 1st through November 12th. 

Examples: 

The image below is a screenshot of a fake / malicious / scam site: Yeezy is a popular product brand formerly from Adidas found in multiple Malicious/Suspicious URLs. Often, they present themselves as official Yeezy and/or Adidas shopping sites. 

 

The image below is a screenshot of a fake / malicious / scam site: The Apple brand was a popular target for scammers. Many sites were either knock offs, scams, or in this case, a fake customer service page designed to lure users into a scam. 

 

The image below is a screenshot of a fake / malicious / scam site: This particular (fake) Apple sales site used Apple within its URL and name to appear more official. Oddly, this site also sells Samsung Android phones. 

The image below is a screenshot of a fake / malicious / scam site: This site, now taken down, is a scam site purporting to sell Nike shoes. 

The image below is a screenshot of a fake / malicious / scam site: Louis Vuitton is a popular brand for counterfeit and scams. Particularly their handbags. Here is one site that was entirely focused on Louis Vuitton Handbags. 

The image below is a screenshot of a fake / malicious / scam site: This site presents itself as the official Louis Vuitton site selling handbags and clothes. 

 

The image below is a screenshot of a fake / malicious / scam site: This site uses too-good-to-be-true deals on branded items including this Louis Vuitton Bomber jacket. 

The image below is a screenshot of a fake / malicious / scam site: Rolex is a popular watch brand for counterfeits and scams. This site acknowledges it sells counterfeits and makes no effort to indicate this on the product.  

 

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.

FacebookTwitterInstagramLinkedINYouTubeRSS

More from

Back to top