How to avoid scams and beat the fraudsters this festive shopping season

With fraud surging just as festive spending peaks, new research from Microsoft shows how vulnerable people feel – and provides practical steps that can turn worried shoppers into confident reporters. 

The run-up to Christmas should be a time of bargains, parties and parcel deliveries. Instead, many people are spending it worrying about messages from fake “couriers”, “banks” and even fake friends and family members.  

New research commissioned by Microsoft suggests that two-in-five people in the UK have been affected by a digital scam in the past year, either directly or through someone close to them, and three quarters say they are seeing more scam attempts than last year.* 

“Digital scams are becoming so sophisticated that anyone can be caught out,” says TV personality Amy Hart, who previously lost £5,000 to a phone scam and now wants others to feel able to pause, question and report anything that doesn’t seem quite right. 

AI raising the stakes 

Criminal groups are using artificial intelligence (AI) tools to sharpen their scams. Four-in-five shoppers in the survey believe AI is making digital scams harder to spot, while almost two thirds worry they could fall for an AI-generated message from someone they trust.  

Jo Miller, National Security Officer at Microsoft UK, says the scale and speed of AI-driven scams are the real game-changers. 

“Criminals are using AI to produce convincing, targeted scams at a speed we haven’t seen before, and no one is off limits,” she warns.

Miller says people need to develop a set of simple habits they use every time: 

PRACTISE GOOD HABITS

• Slow down
• Double-check any request for money or personal details
• Use trusted links or apps rather than whatever appears in an unexpected message

‘Stop! Think Fraud’ 

Microsoft’s research lands as the government launches its latest ‘Stop! Think Fraud’ campaign, led by the Home Office with support from the National Cyber Security Centre (NCSC), City of London Police, and the National Crime Agency.  

The campaign gives people a single, trusted hub where they can learn about common fraud tactics and report suspicious activity, bringing together advice that was previously scattered across different services. 

For Jonathon Ellison, Director for National Resilience at the NCSC, the festive period is a perfect storm.  

“Cyber criminals seek to exploit this surge in spending,” he says, often leaning on trust in well-known brands or the rush to secure popular products. 

The Microsoft research highlights a cluster of scams that are particularly common in the UK and tend to spike when shopping peaks:

KNOW YOUR SCAMS

• Delivery scams, with fake texts about missed parcels or tracking issues
• Banking scams – messages claiming that an account has been locked or a payment needs urgent approval
• Prize scams that promise a win that never existed
• Subscription scams that mimic expiring antivirus or streaming services to harvest card details
• Government imitation scams that pretend to be bodies such as HMRC or the DVLA to demand refunds, fines or urgent paperwork

Don’t panic, pause 

What links all these scams is the way they create pressure. Scammers rely on countdown timers on fake websites, or texts that insist a bank account will be frozen in minutes, to force rushed decisions. Microsoft’s guidance starts with a simple rule: if something makes you feel panicked, slow everything down. 

Instead of replying to the message in front of you: 

THINK BEFORE YOU CLICK

• Check the source independently using official websites, apps or phone numbers you already trust
• Look closely at small details, such as slightly wrong web addresses or links that don’t match a company’s usual domain
• Requests for full bank details, passcodes or remote access are another warning sign: legitimate organisations will not ask for these over email, text or unsolicited calls

From concern to action 

Perhaps the most important step is the one many people still miss: reporting.  

The survey found that most victims don’t know where to raise the alarm, which means valuable evidence never reaches the people who can act on it. Miller is keen to change that by making reporting routes simpler and more visible. 

“Reporting these attempts through official channels matters, because every alert can stop someone else from getting caught,” she says. 

Here’s a list of things you can do:

REPORT IT!

• Send suspicious emails to the NCSC’s Suspicious Email Reporting Service (report@phishing.gov.uk)
• Forward scam texts to 7726
• Log any fraud attempts via the Stop! Think Fraud site
• Use Microsoft security tools, such as phishing and malware reporting options in Outlook

And checking basic security settings is another low-effort, high-impact step:

IMPROVE YOUR SECURITY

• Turn on two-factor authentication
• Make sure recovery phone numbers and back-up email addresses are up-to-date
• Review which devices and apps have access to key accounts
• Use strong, unique passwords or a password manager
• Keep software updated to reduce the chances of a successful attack

Taking all these steps will make it harder for criminals to turn a single mistake into a full account takeover. 

Shared responsibility 

Miller believes progress depends on everyone playing their part: technology companies building safer products and clearer reporting routes; government bodies co-ordinating campaigns and enforcement; and individuals taking that crucial moment to stop, check, and report.  

As festive shopping continues, the message is simple:

• trust your instincts;
• take a breath before you click;
• if something feels wrong, tell someone.

When shoppers, government and technology companies pull together, scammers will find it that much harder to rip us off.  

* The research was commissioned by Microsoft and conducted by Censuswide with a sample of 5,000 UK Consumers in November 2025.