Pagoda Blog

Tips for Safe Online Shopping this Holiday Season

November 16, 2017

Online shopping is so fast and convenient it’s hard to justify braving the holiday traffic and fighting your way through the crowds at the mall. Checking off your Christmas list from the comfort of your couch, however, comes with its own risks. Go ahead and stay in your pajamas while you shop, but protect yourself from malicious online attacks by taking a few extra precautions this holiday season.


Let’s start by identifying a couple common online shopping scams and then we’ll dive into 4 safe online shopping strategies you should always follow, whether or not ‘tis the season.



How to Recognize and Avoid Online Shopping Scams


Before you dive headlong into an online shopping spree, make sure you’re familiar with the most common scams and how to avoid them. Here’s what you should look out for:


Emails from scammers posing as retailers or charities

The number of phishing scams often increase during the holiday season, so it’s crucial to know how to spot them. This type of scam gains access to your personal information by sending an email with a malicious link or attachment that appears to come from a trusted source. Here are a couple examples:


  • Amazon email scam: Just this month, there was an email scam attached to Amazon that tricked Amazon customers into re-entering their name, address, and credit card information into a fraudulent form. The email and data entry form both looked authentic leading those targeted to follow the instructions and share their credit card information with the scammers.
  • Coupon links from an unknown source: If you receive a coupon from an unknown source, there’s a chance it contains a malicious link. Cyber criminals use fake coupons to bait shoppers into entering their credit card information on a fraudulent site. The hyperlink in the coupon may even look like the real merchant site, but instead, it directs your credit card to the scammer.  
  • Fake charities: Phishing scams unfortunately take advantage of our goodwill during the holiday season. This time of year, we expect a higher number of email requests from nonprofit organizations asking for donations. Not surprisingly, our guard goes down and we're more likely to open an infected attachment or click a malicious link.


What you can do about it:

If an email is asking you to provide any sensitive information, double check it’s authentic before moving forward. How do you confirm authenticity? Contact the retailer or charity directly. Log in to your account on the site itself (not through an email link) and make account changes there, if necessary.


Fake retail websites

A common way that cyber criminals take advantage of online shoppers is by creating fraudulent websites that pose as legitimate retailers. Whenever you purchase something online, always check that the domain is secure. Here’s how you can tell: 


  • HTTP vs HTTPS: If a website doesn’t use encryption, any personal information you enter is at risk. Sites that don’t use this level of security are identified by only an HTTP rather than an HTTPS at the beginning of the website’s address. When you submit your data to an insecure site, cyber criminals have the ability to intercept your information, giving them access to your credit card number, address, and any other data you entered. 
  • No legit physical address: All online retailers should have a physical address, whether it’s their manufacturing plant, warehouse, or a brick-and-mortar store. Even if the site looks authentic, it’s probably fraudulent if there’s not a physical address.


What you can do about it:

Do not enter your personal information on a site without the preceding HTTPS protocol in the address or on a site without a physical address listed. Shop elsewhere.



4 safe online shopping strategies


Phishing scams and fake websites aren’t the only ways your personal information can fall into the wrong hands. Fortunately, you can protect yourself by using these simple strategies when shopping online:


  1. Never pay with a debit card

Avoid using your debit card as your form of online payment. Use a credit card or a trusted third-party payment service like PayPal, Google Wallet, or Apple Pay. (PayPal requires that you connect your account to either a credit card or bank account - choose the credit card in case the account is hacked.) This helps prevent cyber criminals from directly accessing your checking account and makes it much easier to refute any unauthorized charges.


  1. Don’t reuse passwords

Do all of your online accounts have the same password? If one of your accounts is hacked, this means all of your accounts are compromised. This is especially worrisome if you’ve entered different credit card info on several accounts. Check out our past post on password guidelines to make sure your new passwords are secure.


  1. Don’t give more personal info than necessary

An online retailer should never ask for unnecessary personal information like your social security number or your birthday. If they request this data, it’s a huge red flag that it’s not a reputable site. If you get to this step and you’ve already entered your credit card information, backtrack and remove all your personal info, then clear your browser history, cookies, and page cache before moving on to another site.


  1. Keep your software up to date

When you don’t keep your software up to date, your computer becomes vulnerable to cyberattacks. Make sure you’ve installed the latest software updates before starting your online shopping.


Cyber criminals prey on our society’s general lack of knowledge around cybersecurity. The more educated we are as online shoppers about phishing scams, fraudulent sites, and cybersecurity best practices, the less likely it is that scams will be successful. Stay safe this holiday season and help ensure that cyber criminals don’t get anything but a stocking full of coal on Christmas morning.

Additional resources



Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and learn how to protect and grow your business with monthly IT tips from our experts. Subscribe today.


Need ongoing IT support for your business? Contact us for a free consultation. We’d love to work with you!



About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.


Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn