The holiday season brings joy, generosity, and time with loved ones—but it also brings scammers working overtime. From Des Moines to Dubuque, and everywhere across the Midwest and beyond, fraudsters are counting on busy schedules, generous spirits, and online shopping to make you their next victim.
But here's the good news: awareness is your best defense. Think of this as your holiday scam "advent calendar" except instead of chocolate, you're getting the knowledge to protect yourself, your family, and your financial security.
We've organized 12 of the most common holiday scams into 4 main categories to make them easier to remember and spot.
Category 1: Shopping & Package Scams (Days 1-4)
The holidays mean packages, deliveries, and last-minute shopping. Scammers know this, and they're ready.
Day 1: Fake Delivery Notifications
You receive a text or email claiming USPS, UPS, or FedEx can't deliver your package unless you click a link or provide personal information. The link often installs malware or takes you to a fake website.
What to watch for: Legitimate carriers don't request personal information via text. If you're expecting a package, go directly to the carrier's app or website rather than clicking links in messages.
Day 2: Phony Order Confirmations
"Your Amazon order for $487.99 has been confirmed!" But you didn't order anything. The email includes a link to "view details" or "cancel the order."
What to watch for: Hover over links (don't click) to see if the URL matches the actual retailer. When in doubt, log in to your account directly through your browser, not the email link.
Day 3: Counterfeit Merchandise Websites
Scammers create professional-looking websites selling brand-name goods at unbelievable discounts. You pay full price, then receive counterfeit items or nothing at all.
What to watch for: If it seems too good to be true, it probably is. Check for secure payment options (look for "https" in the URL), read reviews from multiple sources, and research the company before purchasing.
Day 4: Tampered Gift Cards
Fraudsters tamper with gift cards on store racks, recording card numbers and PINs, then monitor when they're activated. Once you load money, they drain it immediately.
What to watch for: Inspect gift cards carefully before purchase. Look for signs of tampering. And remember: no legitimate business or government agency will ever ask you to pay with gift cards. Ever.
Category 2: Digital Payment & Financial Scams (Days 5-8)
As digital payments become the norm, scammers have adapted to target Zelle, Venmo, and similar platforms.
Day 5: Zelle & Venmo Payment Scams
Fraudsters pose as sellers, buyers, or even bank representatives to trick victims into sending irreversible peer-to-peer payments. Once the money is sent, it's nearly impossible to recover.
What to watch for: Only use these apps with people you know and trust. Never send money to strangers and be skeptical of anyone claiming to represent your bank asking you to move money "for security purposes."
Day 6: Subscription Renewal Scams
You receive an email claiming your Costco membership or streaming service is auto-renewing for an inflated amount unless you "click to cancel."
What to watch for: Check your actual account or credit card statement directly, not through email. Legitimate companies provide clear cancellation instructions in your account settings not through urgent emails.
Day 7: Identity Theft from Data Breaches
With holiday shopping transactions at an all-time high, hacked accounts and stolen card numbers spike between November and January.
What to watch for: Monitor your bank and credit card statements closely. Set up transaction alerts. Consider freezing your credit if you're not planning to apply for new credit soon. Also, remember you're entitled to free reports from all three bureaus each year at AnnualCreditReport.com.
Day 8: Public Wi-Fi Risks
Holiday travelers using free Wi-Fi in airports, coffee shops, or hotels become prime targets for hackers.
What to watch for: Avoid accessing financial accounts on public Wi-Fi. Use a VPN if you must conduct business on public networks. Better yet, use your phone's hotspot for secure access.
Category 3: Charity, Job & Social Engineering Scams (Days 9-11)
The holidays bring out our generous side, and scammers exploit that goodwill ruthlessly.
Day 9: Fake Charity Scams
Scammers create fake charities or mimic real ones to take advantage of year-end giving. They use emotional pleas, urgent requests, or look-alike websites (think "RedCr0ss.org" instead of "RedCross.org").
What to watch for: Research charities before donating. Use sites like Charity Navigator, GuideStar, or the Better Business Bureau's Wise Giving Alliance. Donate directly through the charity's official website, not through links in emails or social media. Iowa residents can verify registered charities through the Iowa Attorney General's office.
Day 10: Fake Seasonal Job Offers
Scammers target people looking for part-time holiday work, requesting Social Security numbers, bank account information, or upfront payment for "training materials."
What to watch for: Legitimate employers don't ask for sensitive information before an interview or job offer. Never pay upfront fees for job opportunities. Research the company thoroughly by checking their website, reading reviews, and verifying their physical address.
Day 11: Social Media Giveaway Scams
"Share this post and tag 3 friends to win $5,000!" or "Free iPhone 15 for the first 100 people who click here!" These too-good-to-be-true contests often lead to stolen personal information or malware downloads.
What to watch for: Be skeptical of giveaways from accounts with few followers, poor grammar, or no verified checkmark. Real companies announce winners publicly and don't require extensive personal information to claim prizes.
Category 4: Tech Support & Family Emergency Scams (Day 12 + Bonus)
These scams prey on urgency and emotion—two things the holidays amplify.
Day 12: Tech Support Schemes
A pop-up or email warns that your computer has a virus. You're told to call a "support line" immediately. Once connected, scammers take remote access to your device and request payment to "fix" problems they invented.
What to watch for: Legitimate tech companies don't send unsolicited pop-ups about viruses. Never call numbers from pop-ups or give remote access to anyone who contacts you unexpectedly. If concerned, contact the company directly using official information from their website.
Bonus: Family Emergency ("Grandparent") Scams
"Grandma, it's me! I'm in trouble and need money right away. Please don't tell Mom and Dad." Scammers pose as grandchildren or other family members claiming to be in an accident, arrested, or stranded.
What to watch for: Always verify. Hang up and call the family member directly using a number you already have saved. Ask questions only the real person would know. A real emergency can wait five minutes for verification.
Your Protection Checklist
✓ Enable two-factor authentication on financial accounts, email, and social media
✓ Use strong, unique passwords for each account (consider a password manager)
✓ Monitor bank and credit card statements closely
✓ Think before you click—when in doubt, go directly to the source
✓ Verify before you trust, especially when money or personal information is involved
✓ Educate family members, particularly older relatives who may be targeted more frequently
A Midwest Reminder: We Look Out for Each Other
Here in Iowa and across the Midwest, we pride ourselves on looking out for our neighbors. That same spirit applies to protecting each other from scams. If something feels off, trust your instincts. If you've been targeted, report it to local authorities, the Iowa Attorney General's Consumer Protection Division, or the Federal Trade Commission at ReportFraud.ftc.gov.
Your vigilance doesn't just protect you—it protects your community.
Questions We Hear Often
Q: What should I do if I think I've been scammed?
Act fast. Contact your bank or credit card company immediately to freeze accounts and dispute charges. File a report with the FTC and local law enforcement. If personal information was compromised, consider placing a fraud alert or credit freeze.
Q: Are older adults really targeted more often?
Yes. Scammers often target retirees because they may have more savings, be more trusting, or be less familiar with digital threats. If you have aging parents or grandparents, have proactive conversations about these scams.
Q: How can I tell if a website is secure?
Look for "https://" (not just "http://") in the URL. A padlock icon should appear in the address bar. Check that the URL matches the actual company name. If shopping on a new site, research the company first.
Q: What's the best way to donate to charity safely?
Donate directly through the charity's official website. Verify the organization is legitimate using Charity Navigator or GuideStar. Avoid giving to anyone who pressures you or asks for payment via gift cards, wire transfers, or cryptocurrency.
Stay Vigilant, Stay Joyful
The holidays should be about joy, connection, and generosity, not stress about scammers. By staying informed, you can protect yourself and your loved ones without letting fear ruin the season.
Think of cybersecurity like locking your front door. It's not paranoia, it's common sense. A few simple precautions can make all the difference.
From our family to yours, we wish you a safe, secure, and joyful holiday season. And if you have questions about protecting your financial accounts or suspect fraudulent activity, don't hesitate to reach out.
Happy Holidays from RetireRight!
Have you encountered a holiday scam we didn't cover? Share your experience by emailing us. Now that you’ve seen the list, know that we're always checking it twice to catch those who are naughty and protect those who are nice.