Cybcast Blog

4 Tips for Safe and Secure Holiday Shopping

By Aamir Lakhani and Tony Giandomenico | December 12, 2023

The holiday season is the most wonderful time of the year for experienced and novice cybercriminals alike looking to make a quick payday. Although threat actors are relying on classic scams to trick unsuspecting consumers this season, you can take plenty of easy steps to protect yourself and reduce the chance of falling victim.

Share on twitter
Share on email
Share on facebook
Share on whatsapp

While there isn’t a single dominant scam we’re seeing threat actors rely on this year, there are plenty of tactics emerging that consumers need to be aware of, ranging from shipping scams to travel-related cons. AI and ML are making it easier than ever for bad actors to carry out successful operations, increasing the frequency and volume of attacks.

To keep yourself and your data safe this season, we recently hosted a FortiGuard Live session to share the latest cybercriminal activities we’re seeing, along with how to spot and avoid them.

Preview Video

Have a happy—and scam-free—holiday by remembering these simple tips.

#1: Level Up Your Password Hygiene

Attackers are constantly finding new ways to compromise user credentials, and it’s now easier than ever for them to purchase valid credentials on the dark web. To complicate matters, people often use the same password across multiple accounts or implement the same password style, and cybercriminals quickly take note.

To keep yourself safe this season, create unique passwords that are harder for threat actors to steal. Keep your personally identifiable information—along with details like your favorite vacation spot, sports team, and movie name—out of your passwords. Use a combination of uppercase and lowercase letters, as well as numbers and symbols, and aim for passwords that are 10 characters or longer.

Use different passwords for each account. Using the same password for multiple accounts allows attackers to gather more sensitive information about you if they successfully steal your credentials. Leverage a password manager to generate long, complex passwords for all your accounts.

#2: Keep Your Apps and Devices Updated

One of the easiest ways to protect yourself from cybercrime this holiday season is to patch your applications and devices. Patching closes the security “holes” that developers have identified in their products, so updating and running the latest software and operating system versions is vital. Most systems send push notifications to users when a patch is available, making it easy for you to stay on top of these critical updates.

#3: Beware of “Too Good to Be True” Offers

Threat actors know that during the holidays, shoppers are often searching for popular, hard-to-find items, want great deals, and rush to check various gifts off their “to buy” lists. These factors make it easier than usual to prey on unsuspecting consumers, and cybercriminals design scams that cater to these common emotions associated with a hectic holiday season.

Pause and question offers that seem too good to be true. Beware of advertisements for fake or counterfeit goods, social media scams offering heavily discounted or free items, and phony websites.

When shopping online, purchase items through recognizable websites. And if you aren’t familiar with the brand, conduct a Google search to find out more about the retailer and determine if it’s legitimate. Use a credit card when purchasing goods online instead of a debit card whenever possible. Many credit cards offer robust fraud protection and can be turned off easily if you suspect fraudulent activity.

#4: Think Before You Click

Whether it’s a phony-looking email or a text message asking you to update your shipping details, take a moment to examine these communications before clicking on the link. Of course, most people know they shouldn’t click on links unless they know they’re safe. Yet nearly 75% of breaches still involve human error, including consumers falling victim to social engineering attacks like phishing.

Look carefully at any links before you click them. Do they look normal? Does the URL contain lots of hyphens or numbers? If you’re unsure, look up the URL before you click on it, which you can do by copying the URL of the site in question and using a domain search engine like

Keep a close eye on your text messages, too. Shipping-related scams are popular among cybercriminals this time of year, and these are often delivered via SMS. Be wary of text messages regarding a shipping delay, impending delivery, or any messages asking you to click on a link to confirm personal details like your name or address.

Wrapping Up a Cyber-Safe Shopping Season

While the holidays are a notoriously busy time of year, the best thing to do to protect yourself against cybercrime is to slow down and stay vigilant. Implement simple cybersecurity best practices—like using unique, hard-to-guess passwords for each of your online accounts—and question the validity of suspicious-looking emails, text messages, advertisements, and websites. Finally, share these tips with loved ones so they can also be on the lookout for potential seasonal scams. Becoming cyber-aware and protecting yourself against hacks will make the season far more merry and bright.

Related Posts

4 Tips for Safe and Secure Holiday Shopping

While there isn’t a single dominant scam we’re seeing threat actors rely on this year, there are plenty of tactics emerging that consumers need to be aware of, ranging from shipping scams to travel-related cons. AI and ML are making it easier than ever for bad actors to carry out successful operations,


When it Comes to OT, if You’re Standing Still, You’re Falling Behind

OT Security Is Mission Critical Old OT systems are vulnerable to cybercriminal attacks because they were built during “the air-gap age,” a time when there were virtually no connections between OT and IT. Back then, OT networks were able to implicitly trust everything within them. But, with digital acceleration, an

Skip to content