Holiday Shopping Security Tips

'Tis the season for online shopping. With just a few clicks, shoppers can easily browse and purchase gifts from the comfort of their own homes, allowing them to focus on the joy and excitement of the holiday season. However, the online shopping spike is also a huge playground for cybercriminals looking to steal sensitive user information and your money. They aren't just hacking individuals. Businesses are also vulnerable and, like consumers, must keep a vigilant eye over their data. 

Shopping online this holiday season? You're not alone.

The holiday season is in full swing, and Americans are breaking online shopping records. According to Adobe Analytics, consumers spent a whopping $109.3 billion online from November 1st to Cyber Monday, marking a 7.3% increase from last year. With a tough economy and rising inflation, shoppers are eager to snag some deals and cross off everyone on their holiday list.  

McAfee found that 76% of Americans planned to shop online this holiday season, and 30% plan to do more online shopping than in previous years. 36% of Americans polled in the McAfee survey reported being a victim of an online scam during a prior holiday season, with 75% of those victims losing money as a result.  

The recent 2023 Data Breach Investigations Report (DBIR) revealed that 70% of payment card breaches originated from web applications, with another 8% coming from PoS servers. Shockingly, stolen payment card data accounted for 37% of breaches this year alone. With these alarming statistics, staying vigilant and protecting ourselves from cyber threats is more important than ever while enjoying the holiday season.  

Here Are Seven Ways to Strengthen Your Cybersecurity for Holiday Shopping Online:

1. Check credit card statements

Make a list and check it twice - especially credit card statements. By reviewing your statements frequently, you can quickly detect any unauthorized purchases or suspicious activity and take action to prevent further damage. 

2. Credit never debit

Cybercriminals have a sneaky way of stealing payment card data by injecting harmful code into a retailer's credit card processing page, allowing them to take customers' payment data without being detected or disrupting the website's functionality. If the personal information associated with your debit card is compromised, it can lead to unauthorized transactions and can put your bank account at risk. Credit cards are a much safer option as credit card companies have fraud protection policies in place. Moreover, credit cards have a separate credit limit, so even if an unauthorized transaction occurs, it won't directly affect your bank account. Additionally, credit card companies often provide fraud alerts and monitoring services, which can help detect suspicious activity on your account.

Limit your holiday shopping to a single credit card and email address. Doing so will also reduce the risk of falling for a phishing scam if one comes to your other email accounts. 

2. Use a third-party payment vendor for "push" payments

To safeguard your payment information and primary funding source further, consider using a third-party payment vendor like Venmo, Google Wallet, Paypal, or Amazon Payments. If these services become compromised, only the transaction will be affected, while your credit/debit cards and account information remain secure. 

Opt for "push" payments instead of "pull" payments. When making a payment, the linked funding source will initiate the transfer to the vendor instead of the vendor withdrawing funds from your account, giving you more control over your funds transfer and alerting you to any suspicious activity. 


3. Be cautious of your inbox

 During this time of year, your inbox is usually inundated with holiday greetings, promotional emails, and end-of-year newsletters. Cybercriminals often take advantage of the high volume of messages to launch attacks. You should be cautious of emails that contain picture attachments, as they may contain malware. It is best only to open attachments from known senders and scan them for viruses before opening them. Be careful not to click on any unknown links or respond to unsolicited emails.   

Thanks to low-cost automated technology, phishing emails are becoming increasingly sophisticated and contextually relevant. With the rise of generative artificial intelligence tools, the scale and perceived legitimacy of these emails have become even greater. Although security technology has improved, it cannot prevent people from falling for phishing scams that look legitimate.  

Phishing attacks are not limited to emails anymore. They can also come in the form of text messages, social media posts, phone calls, and even QR codes. Ignoring unsolicited messages is important to avoid falling prey to these attacks. 

4. Don't fill out email-based forms asking for personal info

Beware of email-based forms asking for personal information. It's important to remember that unless you know and trust the sender and have appropriate context around the request for Personally Identifiable Information (PII), you should avoid filling out email-based forms altogether. Your usernames, passwords, and sensitive consumer data are high-value items that can be easily compromised and sold on the dark web. To ensure the safety of your personal information, visit to check if your data has been compromised in any data breaches.

5. Beware SMS texts and emails with special offers & shipping notifications

If you've gone on an online shopping spree for the holiday season, chances are you've likely subscribed to receive emails or text messages from retailers as a way to stay in the loop, and grab a discount. However, it's critical to be cautious and look twice at these messages as scammers are posing as big retail players, such as Amazon, Walmart, Target, Kohl's, and Lowe's, to deceive shoppers. Additionally, fraudulent emails and texts offering exciting deals on luxury items from popular brands like Louis Vuitton, Ray-Ban, and Rolex are also rising.  

To add to these scams, some fraudsters are sending fake shipping notifications that appear to be from trusted companies like FedEx or UPS, which online shoppers often receive this time of year. It's crucial to take appropriate measures to ensure the authenticity of shipping notifications. If you receive one, it's best to go directly to the shipper's official website and enter the tracking number manually instead of clicking on any links or attachments. Even if the message seems tempting or urgent, it's important to prioritize online safety and be cautious.

Check out the video below to learn more about SMS phishing (smishing) and watch how you can deal with a real life example of one of these fraudulent notifications.  


6. Go directly to the source - don't use the link from an email

If you receive an e-mail from your bank, credit card issuer, or other company you deal with frequently, cross-check that their contact information is legitimate. Verify any requests for personal information by contacting them through the information on their official website. If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters rely on knee-jerk reactions by creating a sense of urgency. Login to your account from a secure browser and verify the message is legitimate before taking action. 

7. Get choosy with gift cards

Gift cards are a popular choice for last-minute presents, but cybercriminals can steal the card's value by taking pictures of the numbers and barcodes on the back. They use botnets to repeatedly guess the PIN on the retailer's website until they can log in and steal the card's balance. Bots make up most of the website traffic, and it's hard to tell if a card's number has been stolen. To avoid this, pick a card from the back of the rack or choose a packaged card with the number covered.

Remember that if it seems too good to be true, it probably is. Nobody is selling iPhones for $200, so don't be fooled. Listen to your gut and use discretion if something seems too good to be true. Reduce your risk of falling victim to cyber threats during the holiday season and beyond by following the tips mentioned above. Don't want to leave your security to chance? Our experts can help. Reach out for a free consultation today - and start the holiday season off right!