As the holiday season approaches, so does a surge in fraud attempts. Scammers are quick to exploit the festive rush, targeting both online and in-person shoppers with increasingly sophisticated schemes.
Visa’s Payment Ecosystem Risk and Control (PERC) team has identified the most common scams and outlined practical steps that clients can use to protect customers and maintain trust during this season.
1. Holiday Travel Scams
With millions travelling, scammers create fake travel sites, send phishing emails about flight cancellations, and post non-existent holiday rentals. Victims may lose money or have their payment data stolen.
Stay safe:
Verify travel providers’ URLs and book through reputable platforms.
Be cautious of deals that seem too good to be true.
Avoid paying outside official channels.
2. Phishing and Social Engineering
Fraudsters use emails, phone calls, and text messages that appear to come from trusted organisations to trick people into sharing sensitive information. During the holidays, these attacks often reference shopping deals, travel, or urgent account issues. Seasonal job scams and fake charity appeals are also on the rise.
Stay safe:
Don’t click on suspicious links or provide personal information in response to unsolicited messages.
Enable multi-factor authentication on accounts.
Research charities before donating and be wary of job offers that seem too good to be true.
3. Scam Merchants
Fake online shops and spoofed websites lure shoppers with heavily discounted goods, especially popular or luxury items. During the holiday season, the number of these fake sites are expected to increase due to more online shopping. Scammers steal payment data and personal information, as well as receiving funds into their accounts. Scammers also spoof well-known brand websites and use search engine optimisation (SEO) techniques to appear higher in search results, tricking shoppers into believing they are making legitimate purchases.
Stay safe:
Only shop on trusted websites—look for “https://” and check for spelling errors in URLs.
Use a debit or credit card whenever possible as this payment method carries zero liability, facilitates more expedient fraud resolution, and more advanced fraud protection.
Set up purchase alerts with your card issuer.
4. Malicious Holiday-Themed Apps
Fraudsters develop festive apps like Santa trackers or holiday games that contain malware. These apps can steal login credentials and payment information.
Stay safe:
Download apps only from trusted sources and check reviews.
Make sure device software up to date.
Do not click on unsolicited links and remain vigilant of the URLs you are visiting.
5. Physical Theft of Payment Cards and Phones
Crowded shops and travel hubs are prime spots for pickpockets. Scammers may also use skimming devices on ATMs or point-of-sale terminals due to increased shopping. They place devices called "skimmers" on terminals to steal payment card data. In crowded stores, scammers can install skimmers unnoticed, hiding the installation behind large items or distractions. Another method used to steal money is "digital pickpocketing," where scammers use mobile point-of-sale devices to conduct fraudulent contactless transactions by tapping against a victim’s purse, wallet or pocket.
Stay safe:
Keep wallets and phones secure and in sight.
Report lost or stolen cards immediately.
Watch for suspicious devices at ATMs and tills.
In an event of a stolen payment card, take advantage of identity and credit monitoring.
Fraudsters are constantly adapting, but so are the tools and advice available. By leveraging Visa’s guidance and implementing these best practices, clients can stay ahead of emerging threats, protect their customers and ensure a safer holiday season.
Brazil’s BC Protege+ Blocks Fake Bank Accounts Before They Can Be Opened
Brazil’s Central Bank launched BC Protege+, allowing individuals and businesses to block bank account openings in their name. With over 1 million activations, the tool offers a structural model for reducing identity-based fraud.
-1.jpeg)
From Vienna to Global Action: Key Takeaways from the UN Global Fraud Summit
Explore key insights from our participation at the UNODC's Global Fraud Summit in Vienna. Discover how AI is changing the scam landscape, the power of national anti-scam centres, and the introduction of the Public-Private Partnership Framework to protect communities from fraud.
League of Protectors: Women Fighting Against Scams
Explore key insights from our International Women’s Month webinar on combating scams. Discover how women leaders are driving cross-border collaboration, digital literacy, and collective action to protect communities from fraud.
The Real Gap in Fraud Defense Is Strategy, Not AI
Fraud losses keep rising despite advances in AI detection. The real challenge is fragmented strategy across banks, platforms, telcos and governments. Effective scam prevention requires coordination, shared signals and earlier intervention.
New Executive Order on Cybercrime and Fraud Marks a More Coordinated U.S. Response
A U.S. Executive Order targets cybercrime, scams, and global fraud networks with a more coordinated government response.
Global Anti-Scam Alliance Launches Scam.org with OpenAI and Key Partners
The Global Anti-Scam Alliance (GASA) launched today Scam.org, an AI-powered platform that provides scam education, prevention, detection, reporting, and victim support.
La Industrialización del Engaño: Por qué 2026 será el año en que las estafas cibernéticas cambien para siempre
El auge de la inteligencia artificial está eliminando las señales tradicionales de alerta y transformando las estafas en un sistema industrial a gran escala.
.jpg)
The Industrialization of Deception: Why 2026 Will Be the Year Cyber Scams Change Forever
The rise of artificial intelligence is eliminating traditional warning signs and transforming scams into a large-scale industrial system.