7 Ways To Protect Your Identity While Holiday Shopping

The last few weeks were extremely busy for all of us holiday shoppers.

Black Friday, Cyber Monday, Thanksgiving – several sales records were broken as shoppers went frenzy over holiday deals.

And if that wasn’t enough, everyone now is focused on finding the perfect Xmas present.

Among the hustle and bustle, a notable trend is that consumers are spending more holiday money online. The conventional tradition of heading out to stores with friends and family is there, but is matched by consumer behavior to look for holiday savings online.

No wonder retailers like J.C. Penny and Kohl’s began Black Friday promotions a week before the holiday via their websites. And that was a smart move.

Calculations by Adobe Digital Index revealed that online holiday shopping saw a 14.3 percent increase on Black Friday compared to last year and a 16 percent increase on Cyber Monday compared to last year. The report paints a subtle picture of holiday shopping: people continue to shop online through their internet-enabled devices.

Time’s A Ticking, But Watch Out

With just a few weeks to the end of the holiday season, you’re likely scouring retailers’ websites for discounted deals, giving your credentials joyfully when something hits your sweet spot. Also, you likely have subscribed to receive daily email alerts about the best deals and price.

While you’ve done the right things (as expected of any holiday shopper), you might have not considered the risk of identity theft. You heard it correctly… Bad Santas are keeping a watchful eye on your online activity. This means the next few weeks are ripe for cyber criminals to steal your identity and exploit your credentials for their own gain.

The following is a list of tactics cyber criminals use to steal a shopper’s identity:

Phishing emails

You’ve received them. Emails offering too-good-to-be-true discounts. Phishing emails are popular during the holiday season. There’s a holiday-related call-to-action in these emails, followed by instructions to claim the discount.

The instructions tell users to open a third-party link and enter their credentials to claim the offer. When they do, recipients give away their identity, and the only thing they may get is a Trojan horse virus.


Image source: PCMAG


Names of companies like IKEA, Target, Walmart, Best Buy, and Home Depot may be used in the subject line of the email. Emails may also claim that there was a problem with your last order.

Fraudulent Surveys & Competitions

Identity thieves set up fake social media pages associated with famous retailers. They offer users a chance to win holiday gift cards and vouchers. To win, users must participate in an online survey or competition, and the condition for participation is verifying the identity. Adversaries may impose a time limit to create a sense of urgency.

In reality, gift cards and vouchers don’t exist, and the information you enter could be used to subscribe you into expensive services, or conduct further scams.


Image source: ScoBo Blog


In the past, a fake IKEA gift card Facebook page took in identities of nearly 40,000 Facebook users. Identity thieves post positive comments on such contest/survey pages to lure in consumers.

Phony Websites

Xbox, Apple products, and other gadgets are high in demand during the holiday season. Shoppers who do a Google Search may land on websites that promise ridiculously low prices on these gadgets.

For sophisticated cyber criminals, it’s easy to setup fake (but real-looking) websites and rank them high in search engines. Before these websites are detected/reported for identity theft, the job is done on most occasions. When shoppers conduct activity through these websites, adversaries collect personal information and credit card details via keylogging software.

BBB cited an example of a women who bought a handbag from www.officialMichaelKors.com. She spent $94 the day after Thanksgiving.



Image source: BBB

When she inquired about her order from Michael Kors customer support in New York, she learned that there wasn’t any record of her purchase. She later found out the company had no connection with the website.

Another example is Tony Wilson who fell for a website selling cheap Canada Goose Expedition Parka during the holiday season (read the story here).

Fake Wi-Fi Connection

When you’re looking for deals on the go, you may connect to a public Wi-Fi or hotspot to surf the internet. When you search for a Wi-Fi connection nearby, you could be presented with some malicious options. That’s because identity thieves are aware that during the holiday season, many retail outlets and public network operators (at the train station or airport) offer free Wi-Fi connectivity to encourage consumers to shop online.

Connecting to a Wi-Fi network that has been infiltrated could lead to hackers stealing your identity and credit card details while you shop online. Hackers may also be able to hack into existing data stored on your laptop/smartphone.




Cyber criminals use man-in-the-middle techniques to spy and log your identity while you shop online. Or they may route your IP to malicious access points.

Being Vigilant About Your Identity

All that online shopping means your identity is at risk. Fortunately, there are measures you can take to protect yourself from identity breach this holiday season:

#1 Evaluate Suspicious Emails

Holiday-themed emails should always be evaluated. As mentioned before, these emails may include names of popular brands, so you could easily consider them as safe. Evaluate the copy, subject line, and sender address of every holiday-related email you receive. If it claims to be from a known retailer, check the domain name listed and match it with the retailer’s website via Google Search. Do the same for phone numbers.

Keep in mind that established brands never require passwords or personal information to be divulged by the phone or email. When in doubt, call the brand’s customer service.

Phish.me has published a list of holiday-themed emails. These are the kinds you should watch out for.

#2 Check for the HTTPS Padlock on Websites

Considering to order from a website you’ve never visited before? To ensure that it is safe, look for a small lock icon next to the website’s URL, and the address bar should carry “https”. The presence of the lock means the connection to the website is encrypted. If the lock is not visible, it’s not a good idea to enter your personal information or send any payment information over that website.

Apart from the padlock, you should also do the following:

  • Review the price: Is it too good to be true? Identity thieves often attract shoppers who use “bargain”, “discount”, “low price” and other similar shopping terms. Cyber criminals will offer big discounts while legitimate sellers will usually make modest adjustments.
  • Review the design and copy: In some cases, the homepage of the site will be nicely designed and include a great copy. But if you dig deep, you’ll find broken links and sentences that seem machine-translated.
  • Look for customer reviews: Reviews about customer service, return policy, etc. You can easily do that by writing the site’s name with the keyword “scam” in search engines. The results may surprise you. Conduct the same check when buying from sellers on Amazon and eBay.

#3 Check for Credibility Before Entering a Contest

Are you being asked by a Facebook page for likes, invites or shares? Big brands will play by the book (it’s against Facebook’s guidelines to implement such tactics).

Always check the credibility of the social media page that’s hosting the holiday contest. Below are tell-tale signs of contest pages set up for identity theft:

  • Unverified pages: Big brands have a blue checkmark on their official page, which means it’s verified.
  • No URL of the website:  Definite warning sign, although smart identity thieves link to the official website.
  • Only few posts on the page: Including the scam post at the top. If it’s a known brand, it should have more content.
  • No conversations: Typically, the comments received on a fake contest page will be positive ones. There wouldn’t be any actual conversations.
  • Google shows another page: Typing in site:facebook.com or site:twitter.com and the name of the brand that’s hosting the contest shows the real social media page of the brand.

One more tell-tale sign is that the about section of fraudulent social media contest pages won’t include a solid description.

#4 Utilize a VPN

When using public Wi-Fi, virtual private networks are the best option to protect your identity and credit card details while shopping online. They’ll encrypt your information and mask your IP address while tunneling your data into an encrypted tunnel until it reaches the desired endpoint. Some advanced VPN options provide an extra layer of security by providing an internal network that completely disconnects the user’s traffic to the outside world from the connection they’re making to the VPN provider’s gateways.

With a VPN, you can make identity thieves follow a shell IP, stopping their attempt to use keylogging and other tactics to steal your identity.

Additionally, VPNs provide access to blocked websites in foreign countries. For instance, you’d be able to perform a Google Search for holiday deals through a virtual private network in China.

#5 Use Credit Cards and ID Protection Services

With credit cards, it is easier to ask for a charge-back if you’ve been scammed and an identity thief has used your card. It’s the other way around for debit cards, if any protection is available on them. Credit card companies also monitor for suspicious activity and may be able to identify & stop fraudulent transactions before your account is charged. With debit cards, however, the money is immediately charged from the account.

Another thing you could do is use holiday gift cards. With these, you don’t have to give your personal details on a website, and there’s already some money present on the card. While they’re mostly used as gifts for others, they are really good for online shopping. Gift cards should be bought from verified sellers or directly from retailers.

Credit protection tools are one more option for securing your identity. These tools offer ID theft alerts to shoppers who enroll in an identity protection plan. You may also receive a payment card with latest chip technology that adds an extra layer of protection to online transactions.

#6 Keep Track of Your Order History

After buying something online, you should receive a confirmation of your order. Save this confirmation as a record of your order and for future references. The confirmation would serve as a reminder of which website you bought an item from, and the exact amount you paid.

If you receive a phone call or an email saying there is a problem with your order, you can refer to the documentation to know what the original point of contact was.

Also, only trust tracking codes and numbers that you received in the initial email when you made the purchase. And go to the retailer’s website to track any shipping you’re expecting.

Another thing you should do is check your online bank account and credit card statements at least once a week for any suspicious activity.

#7 Be Smart with Your Social Media Activity

Identity thieves take advantage of clumsy social media usage of the average person. Any announcement of holiday purchases over social media is a welcome for cyber criminals. Sure you want to share details of the great bargains you scored this season, but you don’t want to attract unwanted attention.

Identity thieves monitor social media activity of consumers to look for people who are raving about their purchases. They’ll then record and use those details to send phishing emails.

They may also browse profiles and note personal details such as hometown and date of birth. These are often used to answer security questions on payment websites, so it could be an issue if adversaries get access to your personal details.

If you do want to rave about your purchases, do so in private chat with family and peers.


If you’re accustomed to online shopping during holidays, protecting your identity will require extra diligence. Because you are your first and best defense, you can make smart decisions by utilizing the above-mentioned tips to minimize your risk of becoming a victim of identity theft.