Many people are eager to celebrate the beauty of the holiday season with parties, parades, Poinsettias and presents. For some, the holidays are truly a special time, radiating a cheer that melts the winter chill – filled with heartfelt expressions of joy and goodwill. But cyber criminals can lurk like the most insatiable of Grinches, spoiling celebrations and leaving you in the lurch.

As the calendar moves into deep December, many consumers are looking to surprise loved ones and friends with great gifts. While seasonal shopping starts as early as September, 70% of consumers will still be shopping right up until the very last-minute.

This season, global e-commerce sales are projected to hit $5.5 trillion. The high volume of holiday-related credit card transactions mean that cyber crooks are ready to pounce. You’re already aware – cyber criminals don’t take holidays. Make your cyber security list and check it twice. Here’s what to know to stay safe online this year…

Key statistics

  • This season, e-commerce sales around the world are projected to reach $5.5 trillion.
  • Cyber crime is nearly 10% higher during the holiday season, as compared to other times of year.
  • According to the U.S. Federal Bureau of Investigation, Americans lost $337 million in online shopping and non-delivery scams in 2021.
  • 80% of consumers have expressed concern around personal data theft while shopping online.

15 cyber security tips for holiday shopping

1. Use secure wi-fi. Trying out the new cinnamon dolce latte in Starbucks? As you sip your brew by the window, scrolling through websites to find holiday gifts might sound like the perfect way to pass the time. But avoid use of public wi-fi…

Public wi-fi owners generally don’t apply cyber safety protocols. Cyber criminals can secretly swoop in and snoop, stealing patrons’ bank details and other sensitive information. Be sure that you only log onto trusted, secure wi-fi sources.

2. Beware of the inbox. Every year, phishing scams spike throughout the holiday season. Roughly 90% of cyber attacks start with a phishing email. Phishing scammers and social engineers succeed because users tend to trust emails. Instead of inherently trusting a sender, approach emails with caution. It’s better to be suspicious by default, rather than the opposite.

3. Ensure that your machine is free of malware. Ahead of purchasing those incredible holiday gifts, ensure that your device doesn’t have a malware infection running in the background. Also, keep safe by upgrading to the most current versions of software, web browsers and other apps.

4. Recognize authoritative, urgent tones. Does the email say that your PayPal account is frozen? That a loved one is experiencing an emergency? As many as 70% of emails attempt to establish rapport and/or a sense of urgency with targets. The end of the year provides hackers with an ample number of topics about which they might take an authoritative tone and express urgent-sounding needs. Verify such emails with appropriate individuals and institutions.

5. Know what the gift should cost. Teaser scams run rampant during the holiday season. Whatever you’re purchasing, have a general sense of how much it should cost. Not only will this help you comparison shop, but it will help you avoid scams.

If the deal seems ‘too good to be true’, it probably is. In such cases, the savings might make you feel merry, but the goods could be counterfeit, or you might pay with your hard-earned cash and not receive your purchase at all.

Services like resellerratings.com allow customers to post reviews of merchants, providing consumers with information about potential vendors. Do your diligence. Protect your purchasing power.

6. Shop trusted sites. Ensure that websites are legitimate ahead of making purchases. If you do decide to shop on a niche, little-known site, you can evaluate the site’s credibility by searching for the site owners’ contact information, by testing out links and seeing whether or not they are broken, by determining whether or not any shipping or excess charges seem unusual and by searching external sites for reviews.

In addition, look for the ‘lock’ icon to the left of a website’s URL. If the website doesn’t show a lock next to the URL, avoid divulging your bank details or any other information that could be of value to someone else.

7. Review privacy policies. No one enjoys reading fine-print legalese, but reviewing the privacy policies for your potential online vendors can help you keep your data secure. Know what type of information vendors will collect about you, how it will be used, stored, shared or sold and more.

8. Avoid auto-saves of personal info. In some cases, computers and account profiles will either ask you about whether or not you would like to save information, or will simply do so for you. Periodically clear your browser of cookies, history, and stored financial data. In the event that a website autosaves your payment info after completing a purchase, be sure to log back in and delete the stored payment details.

9. Deploy strong passwords. If your passwords include your first and/or last name, your year of birth or your home address, they’re not as strong as they could be. Take the time to swap out weaker passwords with strong passphrases. Utilize long and unique passphrases for all of your online accounts. Consider a password manager. More info on that here.

For further fortification, enable multi-factor authentication. While multi-factor authentication can feel cumbersome and clunky, it’s less of a nuisance than spending the holiday season on-hold with a vendor’s customer service department, or that of your bank.

10. Disable Bluetooth, wireless and NFC. To reduce the risk of data interception by cyber criminals, disable Bluetooth, wireless and Near Field Communications (NFCs) when not in use. Some retailers actually use technology that looks for devices with wireless or Bluetooth turned on, in order to track consumer movements when consumers are within a certain distance of stores.

11. Beware of online skimming. As you probably know, malicious card readers hidden within gas pump payment processors or elsewhere can clone your credit card details and send them to fraudsters. E-skimming is the online equivalent of this scheme. It involves the embedding of malicious code into websites, allowing hackers to ‘skim’ payment information.

The potential for e-skimming is higher among retailers who do not have or who have limited cyber security measures in-place. This provides a reason to shop with bigger-name brands, however no site is altogether immune from e-skimmers. Buyer beware.

12. Consider a temporary bank account. Whether you’re throwing a hopping holiday party, traveling to Tenerife, or spending extravagantly on gifts (or any combination thereof), opening a temporary bank account can reduce your risk of seriously damaging financial fraud. With a temporary account, you can add the amount of money that you need, but perhaps not everything that you have. In the event that a temporary bank account experiences compromise, a cyber criminal will not have access to your primary set of resources.

13. Consider a credit card. In the event that you fall victim to a scam, or that your card numbers are stolen through random happenstance, recouping any associated financial losses is easier via a credit card than a debt card. The reason? Credit cards have more fraud protections in place than debt cards.

14. Go for a VPN. The language can sound intimidating, but a Virtual Private Network (VPN) is just like closing the curtains around your internet connection so that the neighbors can’t see you ogling over 100% pure Mulberry silk pillowcases, premium accessories, or highly sought-after electronics.

VPNs shield your data from prying eyes, which are likely to belong to scammers and schemers (as opposed to the neighbors). In technical terms, VPNs connect your device to a remote server and hide your IP address, increasing your level of privacy and security online.

15. Monitor your accounts. Login to your financial accounts on a regular basis and ensure that you recognize every purchase made. For any that you don’t recognize, reach out to the vendor if possible, or depending on the situation, report the issue to your bank in order to resolve it appropriately.

Further information

Want a worry-free holiday season? These easy-to-follow cyber security ideas can keep your holidays festive and fun. ‘Tis the season to stay cyber secure. Happy shopping and happy holidays!

For more holiday security tips, please see CyberTalk.org’s past coverage. Lastly, discover new trends, expert interviews, and so much more when you subscribe to the CyberTalk.org newsletter.