Traditional scams haven’t changed much over the years, but the way they’re executed has. Instead of emails full of typos, you’re now seeing messages that sound legitimate because an AI model crafted them. Instead of fuzzy photos of “rare” items for sale, scammers use image generators to produce perfect-looking products that don’t exist. With AI, one person can run the kind of operation that once required a whole crew.

That means even people who consider themselves careful online are being caught off guard. To help you steer clear, here’s what’s showing up now and how to protect yourself.

The most common doorway into a scam remains the phishing message. AI makes these messages far more personalized. Instead of a generic “Dear customer,” a scammer can feed an AI tool a batch of public information and get back a message that uses your name, references a store where you’ve shopped and mimics the tone of legitimate order updates. According to McAfee’s survey, the most frequent lures this season are fake prize alerts and package-delivery problems, followed by refund notices, subscription renewals and loyalty-point reminders. They all try to trigger a quick reaction, which is exactly what scammers count on.

Another challenge is that AI never runs out of patience. It experiments with wording, layouts and timing until its messages slip past security filters. It also rotates through domains at high speed, testing credentials at a rate many times faster than humans can achieve with ordinary programs.

One of the fastest-growing involves fake product listings built with AI-generated images. These are photos of luxury items, collectibles or hard-to-find toys offered at prices that should raise suspicion. The listings appear on marketplace platforms, newly created fake brand  sites or in ads that look professionally designed. Once you pay, there is no product and no seller to contact for a refund. 

Charity scams also surge this time of year. Scammers clone the look of real nonprofits or launch completely fake ones, complete with AI-generated videos and success stories that appear genuine. If you want to make a donation, go directly to a well-known charity’s website. Be cautious of requests sent by text or social media, especially from accounts you don’t follow.

Fake retail and service websites are another problem. Using AI website builders, scammers can now create convincing replicas of login pages or shopping portals in minutes. Norton cybersecurity researchers have documented hundreds of new malicious sites appearing each day, many of them with slight changes to the URL that are easy to miss. These pages exist solely to capture account credentials or payment information.

Social media impersonation rounds out the list. Scammers set up accounts that mimic brands, creators or influencers and then promote fake giveaways, discount codes or “exclusive” links. Profile photos may be AI-generated, but they look like the real thing. The red flags are subtle differences in usernames, missing verification badges and direct messages asking for personal information.

So what can you do? The FBI’s guidance lines up with what security professionals have been saying for years, but it’s even more important now. Slow down when you see messages that try to create urgency or fear. Scammers want you to act without checking details.

Avoid clicking links in texts or emails you weren’t expecting. If a message claims to be from a company you use, go to the app or website directly. Turn on multi-factor authentication wherever it’s available, which means you’ll use your phone to log into the site with a one-time code. Minimize what you share on social media, so that those details don’t wind up in a phishing email.

Online shopping has never been easier, nor have the tools to scam consumers ever been more sophisticated and easy to use. Be extra vigilant this year to avoid the risk of holiday scams.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.