Protect Yourself From Holiday Shopping Scams

Untitled design (19)-1

While you're shopping for the hottest tech and sweetest deals this holiday season, fraudsters are shopping for something far more lucrative: your personal information, including your login ids and passwords for popular shopping sites, credit card details, security information, and other valuable bits of information they can use illegally. 

One report shows that Black Friday alone recorded a record $6.2 billion in online sales, a growth of 23.6% over 2017. This year's sales are expected to be even stronger, offering a bigger incentive for fraudsters to work harder at getting a piece of that pie.

There are two things these bad actors will capitalize upon this shopping season: the allure of big-name e-tailers offering rock-bottom pricing and the willingness of consumers to divulge their personal information to nab these deals.

So before you download a shopping app, log into a site, or offer your credit card number this year, keep these important online shopping tips in mind:

  • Only download shopping apps from official sites like Google Apps or Apple App Store. More holiday shoppers are using smartphones to do their holiday shopping, which makes them vulnerable to phishing, malicious apps, and viruses. While some malicious apps have found their way into these official stores, the majority of them are found in other stores or out on the web.
  • Be judicious with the permissions a shopping app requests. An app that asks for too many permissions, such as access to your contacts, Bluetooth access, text messages, passwords, and credit card information is an app that you should have second thoughts downloading. Instead, skip the app and order directly from a retailer's site using a URL you type in yourself.
  • Check out the app developer and reviewers. Sometimes there are big red flags in the developer's description or written reviews. For example, if the developer uses a free e-mail address instead of one tied to a bona fide business, that could be a warning sign you should heed. Look for poor grammar and spelling, another tip off you've encountered an illegitimate app. You can also do a Google search on the developer. As for reviews, just because an app has hundreds of five-star reviews it doesn't mean the app is legitimate. Reviews can be faked. Look for reviews that are thorough and that offer specific insight about the app.
  • Be careful about clicking on links in Facebook, Twitter, and other social media channels. You may think you're heading to a legitimate site, but fraudsters can easily trick you into visiting a site of their own devising, where once you input your personal information, you're hosed.
  • Shop only at secure sites. You can tell if a site is secure if it begins with HTTPS: An insecure site begins with HTTP: An insecure site has insecure connections and may not properly encrypt your sensitive financial information or data. It's also a wise idea to type in a URL yourself instead of relying on a hyperlink from an email or social media ad; hyperlinked URLs can easily be spoofed.
  • Avoid inputting your credit card details when you don't have to. Many popular retailers store your credit card in your account safely so that you don't have to enter it every time you shop. If you're shopping at a site that looks legitimate but is unfamiliar to you, use PayPal or your digital wallet (Apple Pay, Samsung Pay), which sends your payment info in a one-time token that cannot be exploited by criminals.
  • Watch your credit and debit card activity like a hawk. Criminals don't always steal large amounts. They frequently start with small amounts to test if a card is operational. Note anything suspicious and quickly report it to your financial institution or card issuer. Fraud costs financial organizations billions every year, so they'll quickly issue you a new card to prevent further exploitation.
  • If something sounds too good to be true, it usually is. If you're seeing a hot new tech item at an unbelievably low price through a retailer you've never heard of, you can be pretty sure your shopping experience with them isn't going to end well. Use common sense and keep shopping for a legitimate value with a trustworthy online merchant. 
  • Lastly, avoid using public USB charging stations to charge your smartphone. They're subject to tampering and could infect your smartphone with malware. Instead, be prepared on shopping trips: bring your own car charger or carry an A/C charger or portable charger and cable with you if you're worried about running out of juice during your shopping trip.

If you believe your Hanscom FCU credit or debit card has been compromised this busy holiday season, please report it immediately to us at 800-656-4328 Monday - Friday 8 a.m. to 5:30 p.m. ET, or after business and weekends call 800-264-5578 (outside the U.S. call collect at 412-552-2697).

Others are reading:



How to Use Your Calendar to Save Money
Should You Add Your Child to Your Credit Card?

About Author

Diana Burrell
Diana Burrell

Diana Burrell is the marketing communications director at Hanscom FCU. She has a background in magazine journalism, as well as marketing, advertising, and public relations, and has authored over a dozen books. You can reach her at

Related Posts
How to Avoid ID Theft Over the Holidays
How to Avoid ID Theft Over the Holidays
How to Avoid the Latest Financial Scam: AI Voice Cloning
How to Avoid the Latest Financial Scam: AI Voice Cloning
5 Surprising Ways You Overshare Your Personal Information
5 Surprising Ways You Overshare Your Personal Information


Subscribe To Blog

Subscribe to Email Updates