There’s one holiday tradition nobody likes: Fruitcake. Even worse, somehow, are all the scam and fraud attempts. Like clockwork, they pop up yearly as we shop for gifts.

The most ambitious scammers have started creating massive shopping websites where everything is fake. The site looks real, professional and filled with products at low prices. Get to the checkout, your online cart vanishes and now hackers have access to your bank account or card.

Don’t get caught up in the holiday glitter and fall for one of these carefully crafted traps. I’ve got your back with all the giveaways.

Phishing emails? Sure. Fake texts? OK

But faking an entire shopping website? Scammers are targeting (see what I did there?) popular brands like Best Buy, Macy’s, Tiffany’s, Bed Bath & Beyond, Hardaddy, Brooks Outlet and many more.

And dang, do they have details. The URL looks fine, the logos and slogans are there, product pages look normal and they’ll add legit payment platforms. Some even have the trusted HTTPS certification and (faked) reviews.

How do you end up there in the first place? It starts with social media ads and emails. Then you’re tempted by extra-low prices, special holiday discounts and free shipping. 

Spoiler: You aren’t getting that product you ordered, or it will be a cheap pile of plastic at best. You’ll likely end up with a malware download that steals even more personal information. 

Spot fake sites fast (before clicking confirm)

It’s a scam Scrooge himself would call too far. Here’s my quick cheat sheet to check before making a single click:

• Is everything discounted and well below 50% off? Real sites have discounts, but you’ll notice if it all feels too good to be true.
• Is the URL multiple words? Big brands have enough clout to get simple domain names, like Macys[.]com or Bestbuy[.]com. Fraudulent sites use longer, weirder titles like “MacyOutletShop.”
• Does this trendy boutique even exist? Many scam sites use names that sort of sound real, like “Homitage.” But if you’ve never heard of it, Google it. You should at least come up with reviews, additional landing pages or third-party sites selling the brand. Otherwise, run before you’re ghosted!
• Are there pushy pop-ups? Some websites have pop-ups for chats or discounts. But phony sites push pop-ups to ask for your contact or payment information while you’re still shopping.
• Where’s customer service at? Is there a chat or number to call for customer service? Can you easily find the return policy and privacy page? Counterfeit sites may have a “Contact Us” email form that goes nowhere, but real sites will have plenty of customer service information. 
• How do images look up close? Reliable sites use high-res images that are easy to expand or open in another window to see the many-pixeled details. Bogus sites typically use low-quality, sometimes blurry photos that don’t stand up under scrutiny.
• Where’s the IP address from? You can use this IP address tool to look up any URL. Click the IP address when it’s brought up to see where it’s located. Look for suspicious signs, like an American business with an IP address from overseas, including spots like China, India, Venezuela and other places that just don’t make sense.

Now you’re armed to evade the dodgy websites before they give you a bad time. Trustworthy antivirus software helps, too. My pick is our sponsor, TotalAV.