This is an excerpt from Dollar Scholar, the Money newsletter where news editor Julia Glum teaches you the modern money lessons you NEED to know. Don't miss the next issue! Sign up at money.com/subscribe and join our community of 160,000+ Scholars.
Confession: I’ve bought, like, no Christmas gifts, and it's stressing me out. I’m planning on purchasing presents online, but even that feels fraught. It's going to be a mad dash to find a gift for everyone on my list with the little downtime I have. What if I get scammed because my guard’s down?
Deep breaths, Julia.
How can I do my holiday shopping safely?
It’s a legit concern. In a recent poll from Iris Powered by Generali, an identity and cyber protection platform, 71% of respondents admitted they were worried holiday shopping would put their privacy at risk.
“Consumers view protecting their personal and financial data as a top priority this holiday season, and with good reason,” CEO Paige Schaffer said in a news release.
I’m already seeing reports of phishing attempts, like this one in which hackers impersonated companies like Delta and Costco, advertised fake holiday specials and then stole their credit card details. Amazon took down 20,000 phishing websites that sent fake order confirmation emails and texts demanding customers CALL IMMEDIATELY (and, when they did, stole their Social Security numbers).
In a cruel twist, the most wonderful time of the year is also one of the most fruitful for bad guys, says Grace Hoyt, who works on global account security partnerships at Google. It’s basic math: “More people online equals a bigger threat landscape for attackers,” she tells me via email.
Plus, attackers look to strike when I’m vulnerable or preoccupied… which, let's be honest, I obviously am.
“While you’re in the hustle and bustle of the season, you might be opening more new accounts with stores [or] more likely to open emails that offer the hottest deals,” she says. “That’s the perfect environment for an attacker to launch a phishing scam or encourage you to download a malicious app while you’re distracted.”
To protect myself, I need a multi-pronged approach for 1) sites I visit, and 2) communications I get.
If I’m navigating to a retailer’s website, Hoyt says I should look for clues that indicate whether it’s safe or malicious. Google has some of these built in, like its on-page “trusted store” badge — which means the merchant provides solid customer service — and the little lock icon in the Chrome URL bar — which means my connection is secure.
The Better Business Bureau, or BBB, recommends I scrutinize the URL for typos to make sure I’m on the actual site for a store. It can’t hurt to run a mini background check, either, by searching the website name plus the words “scam” or “reviews” and seeing what sorts of results come up.
Once I’m on the webpage, I’ll want to look closely for bad grammar, shoddy design or a lack of contact information. And I shouldn’t get caught up in flashy ads for low low prices: If a deal seems too good to be true, it’s… probably too good to be true.
“These are red flags that could save you from falling victim to a scam,” Hoyt says.
When checking out, the BBB urges people to “use secure and traceable transactions and payment methods.” The bureau has done actual research that shows customers who pay with credit cards or PayPal are less likely to be scammed out of their money than those who opted for Zelle or prepaid debit cards.
(Using a credit card also means I’ll have built-in protection under the Fair Credit Billing Act, which limits my liability for unauthorized charges and allows me to dispute transactions where I feel I didn’t get the goods or services I paid for.)
Off-site, I’ve got to be careful with inbound messages, as well.
Amazon discourages interacting with any phone numbers I don’t recognize and avoiding suspicious links, even if they’re in emails claiming there’s something wrong with one of my orders. Just because it got through my spam filter doesn't mean it's real.
The bottom line
It’s brutal out here. To protect my data while shopping online, I should do my due diligence when visiting websites, check for red flags, pay with a credit card and avoid falling prey to random texts/emails.
“Cybercriminals are aware of how much we rely on the internet during the holidays and leverage that time to try and catch consumers when they’re most vulnerable,” Hoyt says. “During the holiday season, be on the lookout.”