Protecting Your Festive Shopping
(and Your Sanity) This Season

Picture this: It’s the week before Christmas and there is so much to do! Juggling office Secret Santa, your children’s wish lists, and trying to remember whether you’ve already bought something for Aunt Maureen. Your phone pings. “Congratulations on your purchase of 10 pairs of genuine suede moccasins in ‘Mushroom Beige’ for £847.99!”

Welcome to the fake purchase confirmation scam—the gift that keeps on taking. BBC Radio 4’s Scam Secrets recently unpacked this festive fraud, and with online shopping reaching fever pitch during the Christmas period, it’s become the Grinch that’s stealing more than just Christmas.

The Twelve Scams of Christmas (Well, One Really Big One)

The beauty—if we can call criminal deception beautiful—of this scam is its simplicity. You receive what appears to be a genuine order confirmation.

The message looks legitimate: official logos, proper formatting, an order number that seems plausible enough. It thanks you for your purchase and provides helpful options to “cancel” or “dispute” the transaction. There’s usually a 24-hour deadline because nothing says “make a rash decision” quite like artificial urgency.

Here’s where our moccasin scenario gets sinister. When you panic and click that cancellation link or ring the “helpline” number you will be diverted to a land which is just more grotty than grotto! All options are designed to get hold (steal) your personal data. The moccasins are a mirage. Your personal data is what is on their Christmas list.

Spoiler alert – it is unlikely the moccasins will ever turn up.

Spotting the Scam: Red Flags Brighter Than Rudolph’s Nose

Before you click that cancellation link, look for these warning signs:

The Email Looks… Off:

• It addresses you as “Dear Valued Customer” (when did Amazon forget your name?)
• The sender is “[email protected]” (Amazon’s IT budget runs to their own domain, we promise)
• There are spelling mistakes (“Thankyou for you’re purchas”)
• The logo looks like it was drawn by someone who once saw the real logo from a moving vehicle

The Content Raises Eyebrows:

• Why would you buy 10 pairs of identical moccasins?
• The item is something you’d never purchase
• Urgent language: “IMMEDIATE ACTION REQUIRED” (legitimate companies aren’t shouty)
• It’s for an amount that would make you check your bank immediately if real

Technical Troublemakers:

• Hover over links before clicking—if it says “amazon.com” but the URL shows “amaz0n-security-refund.xyz,” that’s a nope
• Attachments you weren’t expecting, especially .exe or .zip files
• Requests to “enable macros” or “enable content” (no legitimate retailer does this)

Your Festive Fraud-Prevention Checklist

Before You Start Shopping:

Keep a note of all gifts purchased. When the suspect email arrives, you’ll know immediately you didn’t order them because you were too busy buying sensible gifts like socks and book tokens.

Fortress Your Accounts:

• Enable two-factor authentication on everything.
• Use different passwords for different sites – auto generated and password managers are a good option.
• Check your bank statements regularly—scary at this time of year but important.

If You’ve Already Clicked (Don’t Panic, But Do Act Fast):

Immediate Damage Control:

• Contact your bank immediately—most have 24/7 fraud lines, and they’d rather you called at 2am than waited until Monday
• Change all passwords—start with banking, then email, then shopping accounts
• Run security scans if you downloaded anything or enabled content
• Monitor your credit report for unusual activity (you can check for free through services like ClearScore)
• Report to Action Fraud (0300 123 2040 or actionfraud.police.uk)—they’re the UK’s national fraud reporting centre
• Keep everything: screenshots, emails, transaction records, the works
• Document every conversation with banks and authorities (times, names, reference numbers)

The Law Express Take

Here’s the thing: these scams work because they exploit perfectly reasonable human emotions.

The fraudsters know we are busy multitasking to make sure the magic happens. They’re not targeting stupid people—they’re targeting busy, stressed people during the most hectic shopping period of the year. Anyone can fall for it, and there’s no shame in being human.

Legitimate retailers will never:

• Ask for sensitive information via email or text to cancel an order
• Demand you click links to prevent charges
• Create artificial urgency with countdown timers
• Request you enable content in documents
• Call you unexpectedly about purchases you definitely didn’t make

If something feels off, it probably is. Your gut instinct that you didn’t order 10 pairs of moccasins? Trust it. That moment of “wait, this doesn’t seem right”? Listen to it.

The Christmas season should involve too much food, questionable cracker jokes, and possibly one too many sherries. It should not involve handing your bank details to criminals because of fictional footwear.