Scammers don’t take a Christmas break. In fact, December is one of their busiest months. As people focus on shopping, social plans and end-of-year admin, criminals look for any moment of distraction. Here’s what to watch out for this month.
Christmas scams
December brings a spike in delivery scams, “missed parcel” texts, fake gift cards, bogus charity appeals and fraudulent customer-service accounts. Many of these use stolen details from earlier data breaches to make messages look convincing.
A few rules go a long way:
- Don’t click links in texts or emails — go to the retailer or courier’s official site.
- Be wary of urgency (“act now”, “account closing”, “final warning”).
- Never share verification codes, PINs or full passwords.
- Don’t rely on caller ID — numbers can be spoofed.
- If in doubt, stop and call the organisation on its official number.
Forward suspicious texts to 7726 (it’s free) and phishing emails to [email protected]
Beauty treatment scams
Santander is warning Christmas shoppers to be extra careful after almost £50,000 has already been reported stolen this year in beauty-related scams. Fraudsters are using social media ads, fake influencer profiles and private messaging apps to sell counterfeit cosmetics or heavily discounted aesthetic treatments — from fillers to Botox — that either never arrive or turn out to be unsafe.
With average losses of around £227, the financial hit can be painful, but the bigger risk is to your health: fake or unlicensed cosmetic products can cause serious, lasting harm.
APP fraud
Christmas is peak season for bank-impersonation scams, also known as authorised push payment (APP) fraud.
Love Island’s Amy Hart recently revealed she lost £5,000 after fraudsters phoned her from what looked like her bank’s genuine number, read out real transactions to gain her trust, then pressured her into sharing a security code that gave them access to her account. She later got her money back – but like many victims, the shock and embarrassment lasted far longer than the scam itself.
In December, when we’re juggling shopping, deliveries and year-end money worries, it’s easier to be caught off guard. Even the most tech-savvy among us can be fooled, which is exactly why it pays to slow things down.
You can find out more about getting your money back after APP fraud in our handy guide.
Hackers targeting smart-home devices: the new frontline for cybercrime
Cybersecurity experts are warning that the gadgets we rely on every day — doorbell cameras, smart speakers, TVs and thermostats — are becoming prime targets for criminals.
The good news is that a few simple habits go a long way.
- Updating router software, changing the default login and switching off features like remote access can dramatically cut the number of routes attackers can use.
- Putting smart-home gadgets on their own Wi-Fi stops a compromised doorbell, speaker or thermostat from easily reaching more sensitive devices like phones, laptops or work computers.
- A device that updates itself quietly in the background is far less likely to become the weak link in the chain.
Every home has its own way of managing practical jobs — testing smoke alarms, clearing gutters, filing paperwork. Checking smart-home settings now needs to join that list.
Fake FreeAgent websites: warning for accountants and small businesses
FreeAgent users are being targeted by a new wave of phishing sites designed to steal login details. Criminals have created look-alike versions of FreeAgent’s login pages — complete with convincing branding and near-identical web addresses — and are pushing them through fake Google ads. Anyone who clicks through and enters their credentials hands scammers direct access to their accounting data.
The safest approach is simple: don’t rely on Google search results to access your accounting software.
Stay one step ahead
For clear, practical scam updates throughout 2026, and guidance on your rights if something goes wrong, sign up to the Join the Claim newsletter.
