Holiday Fraud Watch: Staying Safe When Shopping Online

November 3, 2022
Holiday Fraud Watch: Staying Safe When Shopping Online

As you get ready for holiday shopping this year, chances are good you’ll make some of your purchases online. Nearly 60% of people surveyed by the Better Business Bureau (BBB) say they shop online more often now than they did before the pandemic. Scam artists are taking advantage of this trend: Online shopping scams topped the list of riskiest rip-offs for consumers last year, according to the BBB 2021 Scam Tracker Risk Report, accounting for more than one-third of all scams reported to the organization.

Online holiday shoppers are often harried, hurried, and searching for deals, all of which can leave them vulnerable to fraud. From products that never arrive to stolen credit card numbers or personal information, online scams can put your bank accounts, financial data, and identity at risk.

11 Tips to Avoid Holiday Fraud When You Shop Online 

A few simple precautions can help safeguard you from scam artists. Protect yourself when shopping online by following these 11 tips.

1. Confirm the website is legitimate.

You can safeguard yourself by limiting your online shopping to reputable websites, such as major retailers or online marketplaces. However, scam artists are getting better at creating fake versions of real websites, and when you’re in a rush, you might miss the clues.

To avoid fraud, carefully examine the website’s URL for these common red flags:

  • Misspellings or extra characters. For example, you might see the URL (fraudulent) instead of (legitimate).
  • Unusual top-level domains (TLDs). The TLD is the last part of the URL, such as .com or .net. Some of the TLDs most commonly commonly used by scammers are .casa, .discount and .fit. It can be easy to miss a TLD or dismiss a TLD like .fit as a clever URL for a sporting goods site.
  • Security issues. A URL starting with “https://” indicates the site uses encryption to secure any data you enter on the site. You may also see a padlock icon in your browser bar when a site is secure. If so, you can click on the padlock to see the name of the company associated with the site’s security certificate—a digital signature used to establish encrypted connections. The certificate owner’s name should match the name of the retailer. Don’t shop or share personal information on sites that aren’t secure.What if you want to support small businesses or come across an incredible deal from a new-to-you retailer? Not all unfamiliar companies are fraudulent, of course, but vet an unknown site thoroughly before you buy. Here’s how:
  • Confirm contact info. Scroll down to the bottom of the home page or look for “About Us” or “Contact Us” information. Legitimate companies will list a physical address and phone number, giving you a way to contact them if there’s a problem.
  • Check for complaints. Search for the retailer’s name online, along with terms like “complaint” or “fraud,” to see if any consumer complaints pop up.
  • Consult third-party review sites. Check the retailer’s rating at Better Business Bureau® or Trustpilot®.
  • Test transparency. Type the URL into Google’s Transparency Report to see if it has been deemed unsafe.
  • Peruse privacy policy. Look for a privacy policy explaining how the site protects your personal data. You can generally find this link at the bottom of the site. Avoid any site without a privacy policy.

2. Shop on social media with caution.

Nearly half of people the BBB surveyed reported spending more time on social media in 2021 than pre-pandemic. Criminals are taking advantage of this trend, too. About one-fourth of all fraud reported to the Federal Trade Commission (FTC) last year stemmed from scams on social media, according to the agency’s latest Consumer Protection Data Spotlight.

Scammers use social media ads, posts, or messaging to target you with bogus offers or links that may spread malware or viruses. Friends may unknowingly spread these scams by sharing a post about a cool product or great deal. The scammers might reach out via direct message to ask for your payment information. Not everyone selling on social media is a scam artist, of course, but as with any unknown website, always verify a site’s legitimacy before you shop, and never share payment information or other personal details with others on a social site.

3. Beware of merchants offering big discounts.

Unbelievable deals like 90% off a new smartphone or the latest game console for $25 can tempt any budget-conscious shopper. But as the saying goes, if it sounds too good to be true, it probably is. Deep discounts can tempt you to click on an online ad, social post, or email just out of curiosity. Avoid the temptation and go directly to the retailer’s website instead; if the deal is real, you’ll see it there.

4. Clip online coupons carefully.

Online coupons can save you money but can also be sources of scams. Legitimate ecommerce sites often ask for your email in exchange for a discount, but fraudsters typically ask for more personal information. For example, they may want you to fill out a form or survey that reveals information, such as a pet’s or child’s name or favorite color, that could provide clues to security questions a criminal could use to change your passwords and hijack accounts. Beware of ads or popups you don’t recognize offering coupons; instead, sign up for coupons directly on trusted retail sites.

5. Think before clicking on random email and text messages.

Phishing and smishing scams use fake messages (emails, in the case of phishing; text (SMS) messages in the case of smishing) to trick victims into turning over money or personal information. The messages typically appear to be from a trusted company, such as a bank, retailer, government agency or shipping company.

Fraudsters may try to trick you into clicking links by claiming that:

  • You need to update your payment information
  • Your account has been compromised and you need to change your password
  • You need to confirm personal data like your Social Security number.

If you volunteer that information, scammers can use it to steal your data or identity. Even just clicking a link in a bogus email or text message might download malware or expose your personal data to hackers. Phishing and smishing often attempt to create a sense of urgency that can lead you to click before you think. If you get a message like this, stop, and think. Do you have an account with the sender? If not, don’t act on the message, but report it to the FTC at If you do have an account with the sender, go to their website and contact them directly to ask about the issue.

6. Update your phone and computer security settings.

Set up automatic updates on your computer and mobile devices to keep their operating systems current. Updates often fix security issues and outdated operating systems can expose you to risk. Install firewall and antivirus software and keep that updated, too. Run regular virus scans.

7. Use strong passwords and multi-factor authentication.

Multi-factor authentication requires you to take extra steps in addition to supplying your username and password when logging into an online account or smartphone app. You might have to input a code texted to your phone or use the phone’s facial recognition or fingerprint recognition technology to confirm your identity. This makes it difficult for a thief to access your accounts even if they learn your passwords. Whenever possible, enable multi-factor authentication for safety.

Strong passwords are vital to keeping your data safe when shopping online. The FTC recommends you:

  • Choose passwords at least 12 characters long.
  • Use a mix of upper and lowercase letters, numbers, and symbols.
  • Avoid common phrases or words scammers could learn from social media or public records, like a child’s name, your birthdate, or your hometown.
  • Don’t reuse passwords. Create a new password for each account.

Make your life easier by using a password manager, which generates secure passwords, encrypts and stores them, and fills them in automatically. Google Password Manager (built into the Chrome browser and Android devices), iCloud Keychain (built into the Safari browser and Apple devices), LastPass®, and Dashlane® are all popular options.

8. Choose only secure methods of payment.

Using a credit card when shopping online is safer than using a debit card. If your credit card information is stolen and used fraudulently, but the card itself isn’t stolen, you’re not liable for any unauthorized charges. Debit cards have fewer protections. If a scammer steals your debit card information, they could access your bank account. Notify the bank within two business days of the unauthorized transaction, you’re liable for up to $50. If you notify them after two days but within 60 days, you’re responsible for up to $500. Wait longer than 60 days, however, and you could be liable for the full amount.

Using a peer-to-peer (P2P) payment app like Zelle®, PayPal® or Venmo® to make a purchase? Be cautious. A study by fraud tracking company Javelin found P2P fraud rose 733% between 2016 and 2020. A recent investigation by Sen. Elizabeth Warren found Zelle users lost $440 million to scams in 2021—and 90% of them never got their money back. For example, if your P2P account is connected to a bank account or debit card, scammers who access your P2P account might be able to drain your bank account. Before using any P2P service to make online purchases, carefully read the terms and conditions to understand your risks.

Be vigilant when buying from online retailers or social media sites you’re not familiar with. Exercise extra caution when dealing with merchants who will only accept payment via cryptocurrency, wire transfer, or prepaid debit or gift card (that they push you to obtain before the transaction can be completed)—often these are signs of a scam. According to the FTC, paying via gift card is the most common way people lose money to scammers. And once money is sent using any of these methods, there’s no way to trace it or recover the payment.

9. Conceal your credit card information.

Storing your credit card information on a retailer’s website can save time when shopping, but that convenience could come at a steep cost if hackers access your account information. For a safer option, there’s Click to Pay®, a service that stores your credit card information and lets you pay with one click at participating retailers. Click to Pay never sends your card information to retailers. Instead, it uses an encrypted placeholder called a token that’s used only once, for that specific transaction, and uses two-factor authentication for extra security. To sign up, log onto Click to Pay from any of the major card networks: Visa®, Mastercard®, Discover®, and American Express®.

10. Monitor your bank and credit card accounts.

Thieves know most of us spend more than usual at this time of year, so it’s easy for a false transaction to slip under the radar. Don’t wait for your monthly statement to review your spending; check your accounts weekly for transactions you don’t recognize. Better yet, set alerts to stay on top of your accounts in real-time. Most banks and credit card issuers let you set a variety of alerts, including notifications sent to your smartphone of transactions that exceed a certain amount, transactions on a certain card, or any account activity at all.

11. Check your credit reports for suspicious activity.

You can get free copies of your credit report from each of the three major credit bureaus—Equifax, Experian and TransUnion—at Normally, credit reports are free once every 12 months, but in response to pandemic-related scams, you can now get them every week through 12/31/23. Check your credit reports for anything unusual. For example, if you see a new credit card or loan you never applied for, it could be one of the signs someone has stolen your identity and is using it to open accounts in your name. If you find anything suspicious, contact the relevant credit bureau about placing a fraud alert or security freeze on your credit report and visit for advice on next steps.

The Bottom Line

Online shopping can sometimes seem as perilous as swimming with sharks. Fortunately, there are ways to steer clear of scams. By securing your technology, choosing a safe payment method, and remaining cautious and alert to potential fraud threats, you can keep yourself and your bank accounts safe while checking off every holiday item on your list.

You May Also Like

12 Financial Health Tips for 2023: A Month-by-Month Guide

12 Financial Health Tips for 2023: A Month-by-Month Guide

Financial health tips and strategies you can use to plan ahead or put into action month-by-month.

Read More
How Much of Your Paycheck Should You Save?

How Much of Your Paycheck Should You Save?

Guidelines on what percentage of your paycheck you should be saving each month, why saving consistently over time is important to your overall financial health, plus six money-saving tips.

Read More
Best Ways to Save for a Vacation

Best Ways to Save for a Vacation

Wondering how to fund your next getaway? We’ve outlined 7 easy ways to save for a vacation and help you travel within your means.

Read More

How much do you need?

Enter up to $40,000
Change Your Money, Change Your Life
Join our monthly newsletter for tools, tips, and insights to improve your financial health.