Online shopping is expected to remain popular during the 2025 holiday season. So, thieves have devised ways to get your personal data, like your credit card number, bank account information, and Social Security number.
Once obtained, a thief can use this information to make purchases with your existing credit card, get new cards in your name, or take out loans using your identity. But you can take precautions when shopping online to avoid becoming a victim.
Here are ten cybersecurity guidelines. Use them to help keep your information safe while you’re shopping this holiday season.
1. Shop at Secure Websites
Most merchants use secure websites, where your personal information is encrypted or scrambled so that it can't be easily intercepted. So, when buying online, always look in the address box for the "s" in “https” and for the padlock symbol, which means the site is encrypted and your payment information will be secure.
Also, look for the seals of trusted certification organizations, like DigiCert. Sometimes, scam websites display the (real) seals from certification organizations without authorization, or falsely claim to be certified by the Better Business Bureau. These seals can make you think you're buying from a secure site, but then you end up on the receiving end of identity theft.
To confirm that the use of a seal is legitimate, click on the seal. A confirmation page on the certifying organization's site should open. If nothing happens when you click on a trusted organization symbol, then it might be a fake. Some scammers create fake confirmation pages, making it look like you're being redirected to a legitimate site. Always check the URL (the website's address) to make sure you are on the website of the certifying organization. You can also go directly to the website of the certifying organization and look for their list of legitimate seal holders.
2. Pay With a Credit Card Rather Than a Debit or Gift Card
If you decide to buy an item online, pay with a credit card. Credit cards offer better consumer protection than debit or gift cards. Credit card companies allow you to dispute unauthorized charges or temporarily withhold payment if you think you’re the victim of a scam. Or you could use a secure payment service when buying things online.
3. Don’t Click on Emailed Links
Be wary of emails that ask you to confirm a purchase, have package-tracking information, or promote a holiday deal. Scammers sometimes create and send emails that look like they’re from a legitimate business, but contain a harmful link. When you click on the link in the message, your device could be infected with a virus, spyware, or other malware. Or you’ll go to an imposter site designed to trick you into giving up your personal information.
To make sure you're going to a legitimate website, check the URL by hovering over the link. Or, to be even safer, go to the company’s website directly rather than clicking on the link in the email.
4. Don’t Fall for Phishing Scams
If you get an email asking for your personal information, like your Social Security number, credit or debit card number, or bank account information, don't respond. Legitimate retailers and businesses won’t ask for this information in that way.
5. Don’t Open Emailed Attachments
As a rule of thumb, don’t open attachments in emails from senders you don’t recognize or in suspicious-looking emails from known contacts. Again, messages that appear to come from legitimate organizations, a well-known retailer, or a bank can be easily faked.
Be particularly skeptical of .zip and other compressed or executable file types. Don’t send a reply to the email either.
6. Keep Your Software and Devices Up to Date
Make sure your device, browser, apps, antivirus, and anti-malware software are all up to date.
7. Choose Strong Passwords
When it comes to passwords, don’t use readily available information like your birth date or your phone number. Don’t overshare on social networks, like Facebook, either. A thief might use the information you posted to guess your passwords.
Stay away from common passwords, too; definitely don't use “password” or “123456.” It’s also a good idea to use two-step authentication whenever possible.
8. Make Sure Your Device is Secure
Be sure to use a passcode to access your phone or tablet, and log off your computer or lock the screen if you’re not using it. After you visit a merchant or bank website, always log completely out of the site.
Don’t allow your device to remember your username, password, or payment information. Otherwise, anyone who gets access to your device can log back into the site and place new orders or transfer money out of your account.
9. Watch Out for Charity Scams
During the holidays, charity scams are common. Before donating to a charity online, check with the Better Business Bureau to find out if the charity is legitimate. You can also check to see if a charity is tax-exempt at the IRS website; donations to these charities might be tax-deductible.
10. Be Careful In Public
If you use free hotspots, be extremely cautious. Use a VPN and avoid completing sensitive transactions on public connections. Cyber-thieves sometimes name their network something familiar, like Starbucks Free Wi-Fi, to trick you into connecting as a guest so they can see what’s on your device. Even if the public network is legitimate, these systems aren’t secure, and any information you enter is more likely to be hacked. So, don’t log in to banking websites or payment sites when using a public network.
Getting Help
Victims of identity theft should visit Identitytheft.gov, the official government website for dealing with issues associated with identity theft.
If your identity has been stolen and you need help straightening out your finances, dealing with debt collection agencies, or getting credit bureaus to remove fraudulent information from your credit report, consider talking to a consumer protection lawyer.