eCommerceNews UK - Technology news for digital commerce decision-makers
United Kingdom

Guides

#
commerce systems
#
customer data platforms
#
data analytics
#
digital signage
#
payment technologies

Search

Holiday online shopping spain cozy apartment security alerts
#
Firewalls
#
Data Protection
#
VPNs

Softonic issues guide to avoid scams in festive sales

Tue, 9th Dec 2025
Author image
By Kaleah Salmon, News Editor

Softonic has issued a detailed warning about a rise in online fraud during peak digital shopping months and has set out a practical framework for consumers to avoid scams and misleading downloads.

The software marketplace has reviewed recent cases on its own platform and wider user behaviour. It has identified recurring patterns in fraudulent websites, mobile applications, browser extensions and delivery notifications.

The company said scam activity tracks the extended discount cycle, which now runs from early Black Friday promotions through Christmas and New Year's sales. Fraudsters exploit the volume of offers and the pressure on consumers to act quickly.

Copycat retail sites

Softonic reports a steady flow of fake shopping pages that imitate well-known retailers. These sites reproduce logos and layouts and promote extreme discounts on popular brands.

One sign is pricing. The guide notes that discounts above 70% on new or in-demand products are "almost always" suspect.

Another indicator is weak legal information. A legitimate online shop usually publishes a legal notice, a privacy policy, a returns policy, contact details, and its company name. Missing elements point to a higher risk.

Fraudsters often use newly created domains. The guide advises users to treat very generic designs, recycled images or obvious design errors as warning flags.

Payment options can also reveal problems. Sites that only accept bank transfers, certain instant payment services, cryptocurrencies or card payments through obscure gateways are classed as unreliable.

Review patterns form another part of the checklist. Pages that contain only very positive and similar comments, or that lack any external reviews, should prompt caution.

Risk in mobile apps

Softonic says official app stores have tightened screening, but they still host malicious or misleading products.

The guide highlights excessive permissions as a key signal. A shopping app should not need full access to contacts, SMS messages or the microphone if it has no clear function. Full storage access without justification is also presented as a risk.

Imitation is a second theme. Some fraudulent apps change only one letter in the name of a well-known service or alter the colour of an icon.

Low download counts are another factor. A shop app with a highly polished page, but only a few hundred downloads, can be a bait product.

User reviews within app stores still provide useful hints. Complaints about apps closing unexpectedly, displaying aggressive adverts or asking for bank details for unclear reasons are treated as immediate alerts in the guide.

Emails and messages

Phishing through email remains one of the most common techniques during the shopping season, according to Softonic.

Scammers often register domains that resemble household names. Examples include addresses that bolt words like "offers" or "shipping" on to well-known brands.

Messages typically adopt an urgent tone and give very short deadlines for action. Another feature is suspicious attachments, especially ZIP files that claim to contain parcel information.

Design quality in emails is also used as a marker. Poorly translated text, pixelated logos and clashing colours point to an unprofessional origin.

Fraud carried out through SMS or messaging apps has grown in recent years. The guide flags shortened links without explanation, generic greetings, vague references to undelivered parcels, and any request to install external apps in red.

It states that no legitimate delivery company distributes applications via SMS.

Supportive tools

Softonic argues that a mix of utility tools can give shoppers extra protection beyond traditional antivirus software.

Price comparison services can show a product's historical price. They also show whether a discount is genuine or manufactured.

Browser extensions that analyse shop reputation, certificates and reviews serve as an early-warning layer. These tools scan visited sites in real time and flag patterns that often appear in fraudulent pages.

Expense tracking and budgeting apps are presented as an indirect defence. These products highlight unusual charges and prompt users to review transactions. They can also curb impulsive purchases, which are a common entry point for scams.

Parcel tracking applications reduce reliance on links sent by text or email. Users can check the status of shipments from inside a known app instead of following third-party URLs.

Security and privacy tools, such as antivirus products, firewalls, hardened browsers, VPNs and permission scanners, provide further checks. They monitor software behaviour, network connections, and install sources for anomalies.

Password managers are another element in the set. They store unique passwords and refuse to auto-fill credentials on domains that do not match known services. The guide says this can expose fake login pages.

Multi-factor authentication applications add temporary codes to passwords. This reduces the impact of credential theft because an attacker must also possess a user's device or token.

Practical habits

The document sets out a set of simple rules for everyday use during the sales period.

Users are advised to review the requested permissions before installing any app and to match each permission to a clear function. They should avoid APK files from unknown websites and stick to official sites, verified repositories or recognised specialist download platforms.

Regular software updates remain important because attackers exploit known security flaws. Checking external information and reviews about an app or site before installing is another repeated message.

The guide includes a recent example from Spain that involves fake parcel messages. Victims receive an SMS asking them to download an app to reschedule a delivery. Once installed, the malware reads SMS messages, including bank codes, and collects notifications and personal data from the device.

Softonic says the case shows that a single download can compromise an entire smartphone.

The company also outlines categories of tools that cybersecurity specialists use daily, such as web reputation checkers, permission analysers, antivirus suites, hardened browsers, authentication apps and password managers.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SAP reveals new AI retail tools spanning planning to orders
Salesforce adds shared-context AI tools for retailers
Rove unveils AI platform to speed brands’ global growth
Unit4 hits 100th ERPx go-live & boosts AI investment
Canva backs ‘Imperfect by Design’ trend in 2026 report

Top stories

New Relic: telcos go AI‑first in observability push
Fluent Connect uses AI to speed retail integrations
Adobe sees surge in AI-driven traffic & conversions
AI ‘celebrity’ Bruce Ryder to embark on global tour
How organisations can turn conversations around digital accessibility into action