Whether you’re a diligent shopper who likes to plan ahead, or not, there’s no getting around the fact that the holidays are bearing down on us once again, and Santa isn’t the only one who has to make a list.
If you’re like me, checking it twice comes with a side of climate- and community-mindedness, and we do our best to shop the digital storefronts of local and small businesses rather than line the pockets of a certain billionaire. (Hint: starts with B, rhymes with pesos.)
Holiday shopping has been stressful since the first caveman had to find a nice pair of sabertooth earrings for his partner at the last minute, but it’s especially fraught thanks to today’s digital component.
Holiday shopping online, as great as it is, can make you vulnerable to a host of cyber threats, identity theft, credit card scams, and other shady business involving the unwanted transfer of your sensitive data to malicious third parties.
2020’s Cyber Monday sales soared to nearly $11 billion in the US alone, meaning this time of year is a bonanza for digital fraudsters.
Luckily, there are some simple yet effective guidelines to follow that will preserve your online privacy without having to compromise on price, vendor, or product.
Review Shopping Deals With due Diligence
Shopping from digital storefronts of smaller businesses or lesser-known online vendors requires a little extra attentiveness. Always take a moment to verify that a smaller e-commerce site is legitimate.
Contact details, imprint, and registration info are the bare minimum for legitimate sites, and a good start.
If you’d rather have the experts do it, there are plenty of digital tools that can verify a site’s legitimacy and safety with just a few clicks: Mozilla Observatory, Detectify, SSLTrust, and more. Find one that works for you before you share your bank details.
Even if you are going for alternative online shops you’re already familiar with, double-check the URL and be wary of poorly composed web content or clunky web design.
Impersonating a familiar brand is a common scamming tactic, so watch for awkward typos and unsecured URLs, which are usually a dead giveaway.
If there are no flagrant red flags, but you’re still in doubt, call the contact number or open a customer chat window. The real brand’s representatives would be happy to hear from you, even if they are a little busier this holiday season.
Beware of Outlandish Payment Methods
Small and local online shops operating within your home region have an established financial framework and should offer at least some of its universally accepted payment methods.
As a rule, credit cards are the most secure and traceable means of payment, and you should use them wherever possible. If the worst happens and you end up providing your credit card information to a scammer, call your bank or freeze the card from your banking app ASAP.
Time is of the essence when you suspect you’ve been the victim of credit fraud.
On the opposite end of the privacy and safety spectrum are peer-to-peer payment services like Venmo and CashApp, which were developed for friends and family to exchange funds quickly without much need for identity verification or privacy protections.
They’re risky, and not built for business transactions between strangers. The same goes for payments in cryptocurrency, which is hard to trace and likely a means for scammers to scam you with no threat of the transaction being traced, challenged or frozen later on.
Fish the Phishing Attempts out of Your Mailbox
Emails and texts with great deals are a major draw during the online holiday shopping season. In the deluge of discounts, watch for unfamiliar senders or unusual country or area codes.
Phishing is on the rise in 2021, and its consequences can be dire: From malware staking root in your personal devices to your naively entering your personal data and passwords into the scammers’ deceptive online forms.
In case it doesn’t go without saying, no reputable company will ask for your username and password combo, or even just your password.
Don’t give it away.
To protect yourself against phishing attempts while bargain-hunting, always verify the sender’s identity and never click on attachments or suspicious links.
Reputable e-commerce websites typically don’t use short URLs in their customer messages, so be wary of one that does.
Shipment tracking emails should also contain obnoxiously long but immediately verifiable links, and they should clearly identify the item you have bought. General queries that invite you to open an attachment or seemingly benign links to “track shipment information” are textbook phishing tactics.
Don't Use Public Wi-Fi and get a VPN
Oftentimes shopping inspiration strikes in the unlikeliest of places, and you can find yourself under pressure to search for and buy a gift on the spot. In such cases, do not resort to using public Wi-Fi for your purchase.
Open networks are a breeding ground for bad actors who can gain access to your full internet traffic with minimal equipment and technical know-how.
Sending account, payment, and shipment information over public Wi-Fi sets you up for a privacy breach. Mobile data or a secure Internet connection are the only acceptable options.
To add an extra layer of security around your web traffic, install a virtual private network (VPN) solution.
There are reliable and accessible options for both desktop and mobile devices, and you cannot really put a price on the safety this handy tool provides.
With a VPN, public networks also become safe to use, so spontaneous shopping sessions at your preferred café or while you wait to board your flight will no longer put you at risk.
Sweep Away the Cookie Crumbles
While not necessarily fraudulent, holiday shopping online leaves another pesky mark behind: targeted ads ad nauseam. When you use a standard search engine to conduct your online searches for various gifts, you leave a massive digital footprint behind that fuels mounds of targeted advertising.
Thanks to cookies and similar technology, those wooly slippers for Grandpa or that reindeer sweater for your uncle will follow you across the web until Valentine’s Day.
To maintain your privacy and avoid an onslaught of targeted ads, shop in incognito mode and periodically clear your browser cache and cookies.
You could also opt for an online search engine that maintains your privacy and doesn’t collect and process your search data. Stop it at the source!
Don’t Forget the Holiday Spirit!
Even though data privacy and security are important concerns, it is also important not to let the various cyber threats and digital scammers kill the joy of gift-giving.
Protecting yourself isn’t rocket science. Simple measures go a long way. Double-checking sites, using a VPN, and staying alert while shopping will keep the holiday spirit intact. As for the scammers? They’ll be on the naughty list.
About Leif
Leif-Nissen Lundbæk (Ph.D.) is Co-Founder and CEO of Xayn and specialises in privacy-preserving AI. He studied Mathematics and Software Engineering in Berlin, Heidelberg, and Oxford. He received his Ph.D. at Imperial College London.