Security Tips For Online Shopping This Christmas

Nick Robilliard
28th October 2022
Information Security

Security Tips For Online Shopping This Christmas

With Autumn officially underway and the time for Christmas shopping fast approaching, it’s important to make sure you stay safe when buying things online.

Scammers love this time of year and will be primed and ready to take advantage of all the online transactions that are about to take place. Here are a few of our top tips for staying safe when shopping online.

Check for device updates before you shop

Computers, tablets, and smartphones that have old software are vulnerable. While you may not want to wait through a 10-minute iPhone update, it’s going to keep you more secure, as hackers often use vulnerabilities found in device operating systems. Updates install patches for known vulnerabilities, reducing your risk. Make sure to install all updates before you use your device for online shopping.

Don’t go to websites from email links

Yes, it’s annoying to have to type in “” rather than just clicking a link in an email, but phishing scams are at an all-time high this time of year. If you click on an email link to a malicious site, it can start an auto download of malware. It’s best to avoid clicking links and instead visit the website directly. If you want to make things easier, save sites as shopping bookmarks in your browser.

Use a wallet app where possible

It’s always a risk when you give your debit or credit card to a website. Where possible, buy using a wallet app or PayPal, as this eliminates the need to give your payment card details directly to the merchant. Instead, you share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.) which are far more secure.

Remove any saved payment cards after checking out

There are many websites (including Amazon) that automatically save your payment card details. Yes, it may make the next buy more convenient, but it puts you at risk. A hacker with access to your device or account could make purchases using the payment detailed that are stored in your account. There is also the risk of a data breach of the retailer, leaving your bank account vulnerable. The fewer databases you allow to store your payment details, the better for your security. Immediately after you check out, remove your payment card from the site. You will usually need to go to your account settings to do this.

Make sure the site uses HTTPS (emphasis on ‘S’)

HTTPS has largely become the standard for websites now. This is instead of “HTTP” without the “S” on the end. HTTPS means that a website encrypts the data transmitted through the site. Such as your name, address, and payment information.

You should NEVER shop on a website that doesn’t use HTTPS in the address bar. An extra indicator is a small lock icon in front of the website address.

Double check the site URL

We all make typos from time to time, especially when typing on a small smartphone screen. One typo can land you on a copycat site (such as Hackers buy domains that are close to the real ones for popular retailers. Then, they put up copycat sites designed to fool users that make a mistake when typing the URL. Take those extra few seconds to double-check that you’ve landed on the correct website.

Never shop online when on public wifi

When you connect your device to public Wi-Fi, you might as well expect a stranger to be stalking you. Hackers LOVE the holiday shopping season and will hang out in popular public Wi-Fi spots. They spy on the activities of other devices connected to that same free hotspot, which can give them access to everything you type in, such as passwords and credit card information. Never shop online when you’re connected to a public Wi-Fi network. Instead, switch off Wi-Fi and move to your mobile carrier’s connection.

Be on high alert for brand impersonation emails & texts

Phishing scammers were very active during the holiday shopping season of 2021. There was a 397% increase in typo-squatting domains connected to phishing attacks. Attackers know that people are expecting retailer holiday sales emails, and they also get a flurry of order confirmations and shipping notices this time of year. Hackers use these emails as templates, impersonating brands like ASOS, Amazon, John Lewis and others. Their emails look nearly identical to the real thing and are designed to trick you to get you to click and/or log in to a malicious website. Be on high alert for brand impersonation emails. This is another reason why it’s always better to go to a site directly, rather than by using an email link.

Enable banking alerts & check your account

Phishing Check your bank account regularly. Look for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app.

For example, many banks allow you to set up alerts for events such as:

  • When a purchase occurs over a specified dollar amount
  • When a purchase occurs from outside the country


How secure is your mobile device?

Mobile malware is often deployed in holiday shopping scams. How secure is your device from malicious apps and malware? Contact us today for a security check-up.

Nick Robilliard

Nick is the lead trainer in the Information Security team. He works on providing services for our SecaaS and vCISO clients as well as completing Cyber Essentials and IASME assessments. In addition to this, Nick is also involved in one-off and tailored projects for our clients. Nick is ISC2 CISSP, SSCP and ISACA CRISC certified.

Nick has experience in both the public and private sector within technical support and information security.

Nick says the best part of his job is providing user awareness training sessions for our clients. Ensuring a workforce understand information security risks is vital for preventing breaches, so it’s rewarding playing a part in making that happen.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

Send us a message

This field is for validation purposes and should be left unchanged.