Watch out for these digital holiday scams

Every holiday season, digital shopping scams and phishing attacks increase, and this holiday season is no different. As holiday shopping is in full swing, we wanted to let you know about a few of these scams and cyberattacks as well as give you a few tips about how to stay safe this season.

Holiday scams to watch out for:

  • Gift card fraud: When a seller asks you to pay with a pre-paid card.
  • Gift card phishing: Involves emails that appear to come from a trusted person, sometimes requesting the recipient’s cell phone number or other personal information, with the intent of convincing the recipient to purchase gift cards on their behalf and to then send the codes from those gift cards to the fraudster.
  • Google Drive/Adobe/DocuSign scam: When a fraudster impersonates a NEOMED official or family member and sends you a malicious Google Drive, Adobe or DocuSign link that either tries to capture your credential information or other personal information.
  • Charity scam: Fraudsters target you using social media feeds, asking you to donate to nonexistent charity organizations.
  • Travel phishing: Fraudsters may send you an email stating that a booking has been canceled, sending you to a spoofed (fake) site where you’re asked to enter your credit card information to set up a new reservation.
  • Discount scam: Fraudsters, after placing cookies on your browser(s), serve up ads offering coupons, re-directing you to spoofed (fake) sites, and then requesting credit card information to purchase the fraudulent item(s).
  • Non-delivery scam: A buyer pays for goods or services they find online, but those items are never received.
  • Non-payment scam: Involves goods or services being shipped, but the seller is never paid.
  • Shipping scam: Scammers may send you an email/text alerting you that your package delivery has been delayed/cancelled and offers to have it expedited for a fee if you click on a malicious link or message them back.

Tips to help defend against these scams:

  • No one at NEOMED will ever email you requesting you purchase gift cards for them nor to provide your password. If you receive a message such as this or any other suspected phishing attempt to your NEOMED account, please do not click on any links or download any files from the email. Please contact the NEOMED Help Desk at help@neomed.edu as soon as possible.
  • Whenever you receive an urgent email from someone you know, you should contact the sender using another known method, such as via phone or text message, and confirm that the message is legitimate. Do not respond or use contact information provided within the suspicious message you receive.
  • Ask yourself - Was this request unexpected? Have I received a request from this person before? If something seems off to you, it likely is.
  • Review the email address of the sender. Does the sender’s email address include an extension that you would expect – such as “@neomed.edu?” You can search the Outlook Address Book to determine if the email address is legitimate, and therefore, exists.
  • Use credit cards -- not debit cards -- when shopping online as credit cards have federally mandated protections.
    • Consider using digital wallets (Apple Pay, Google Pay) or “virtual” credit cards (which are temporary card numbers issued by your credit card companies to mask your real credit card information. Check your credit card company for more information on this.)
    • Never buy from online sellers accepting payment only by gift cards, money transfers or cryptocurrency.
  • Vet unfamiliar websites before shopping by searching online for the merchant’s name and the word “complaint” or “scam.” Sometimes a deal that is too good to be true is indeed not true!
  • Never buy anything from a site that doesn't have SSL encryption (the URL should begin with https://)
  • Never provide credit card information over social media.
  • Do not conduct financial transactions when using public Wi-Fi (i.e., credit card payments, accessing bank information, etc.)

What to do if you’ve been scammed:

  • When in doubt, report it out. If you think you may have encountered a phishing email, the quickest way to report it is to use the Report button in Outlook, found under the “Home” or “Message” tabs in Outlook. You can also contact the NEOMED Help Desk at help@neomed.edu if you suspect phishing or something amiss with your NEOMED account.
  • Call your credit card company or your bank. Dispute any suspicious charges.
  • Contact local law enforcement.
  • Report the scam to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.

As a reminder, in accordance with University policy, credit card information is not permitted to be transmitted via NEOMED email; such information must be communicated via phone or traditional mail. If you have additional questions or concerns, please reach out to us.

We hope these tips help you during this time and wish you a pleasant holiday season.

NEOMED IT Help Desk 

December 11, 2025
Share this post