If you are one of those people who has their Christmas tree up the day after Thanksgiving and already has their holiday shopping completed and wrapped, then I commend you. Because I am absolutely, one-hundred percent the opposite – a third of the way through with everything and scrambling to finish right up to the very last moment, which usually means you'll find me wrapping presents and watching "Die Hard" at 1 a.m. on Christmas morning. (Hey, it's tradition).
However, busy people are often the easiest marks both off- and online — and don't think hackers, scammers and threat actors don't know this. They're looking for ways to use that against you, whether it's look-a-like websites, AI-enhanced phishing emails or ads embedded with malware. If you're distracted and rushed, you may not notice that you're getting scammed.
The entry level
- Keep an eye on your accounts: Make a habit out of checking your bank and credit card statements regularly in order to spot any signs of unexpected activity or fraud. Small charges will often show up before big ones, as scammers will test the water to see if anyone notices, so it's particularly important over high hacker holidays (like Christmas shopping seasons) to check statements for any unauthorized charges.
- Avoid public Wi-Fi: You shouldn't be doing any personal business on public Wi-Fi networks in general, unless it's urgently necessary, but that's particularly true when it comes to entering in payment details or shipping information. Keep that to your home network. Speaking of which...
- Set aside dedicated time for online shopping: One of the best ways to combating online scams is slowing down, taking dedicated time for your online shopping is advisable (if you can). Ideally, do your online shopping when you do not have any other distractions at hand. Some experts say you should even turn off notifications for other apps – so maybe don't do it while streaming the holiday episodes of "The Great British Baking Show."
- Use a credit card: Never a debit card. This is one most people know by now, but it's worth repeating because credit cards have better protections against fraud, so if the worst does happen you have a better chance at getting your money refunded. Even better? A virtual credit card.
- Don't click through on just anything: See something neat on an ad or a social media link? Great. But don't click it. It should have a website that you can find directly. Not clicking through on ads and social media posts will save you a huge amount of potential hassle as that alone is a big way that hackers and scammers reach their victims. Plus, if a product or service doesn't have an easy to find website to sell to you – that should be a big red flag.
- Check the website: Take care to make sure that you're going to the right place by going directly to the web browser and typing in the retailers name. If you're clicking a link, hover over it first to see where it's directing you to and check the full website address, making sure that there are no misspellings. Look to make sure there's an https.
- Avoid “free” offers or surveys: Any "free" offer or survey that ask for your personal information in exchange for a gift card or deal isn't free. The cost is your data. You may think it's not a big deal to enter in some personal details in order to get a discount or a gift card, but these days your data is something people steal which means it's worth something. Don't give it away – especially if you don't have any identity theft protection. (And if you don't have identity theft protection, get some of that as a gift to yourself.)
The middle ground
- Don't respond to unknown texts: Legitimate companies are never going to contact you over text message with a clickable link requesting payment. Likewise, they are not going to ask you to click a link about a shipping problem or to correct an issue with your account. If you receive a text message you are not expecting about an account, a shipment or an issue, do not click anything in it or reply to it at all. Simply access your account from an independent method (like logging in from a different phone or computer) and verify whether there is an issue.
- Don't pay the way they want: Legitimate companies will also not pressure you to pay in a particular way. Most will offer a variety of methods including credit cards, Apple Pay, Klarna, or something else. If a company is requesting that you pay a particular way – say by gift card or cryptocurrency – that is suspicious behavior.
- Never give out your code: You will never need to share any verification codes or account codes with a company – especially over text message. This is just not something legitimate companies do. Again, go directly to your account through an independent method to verify any issues (and maybe update your password while you're at it).
- Pause before clicking: Before you click anything, just take a breath. Now, take an extra moment and check that the email address or DM is going to the right place is from (or going to) the right address. That means it's from @target.com and not @target-shoppers.com. Make sure there are no misspellings in the web address, and again, hover over links to make sure they're going to the right place. You can even Google the phone numbers in the email to make sure they're associated with the sender, instead of dummies.
- Use your antivirus software features: If you have an antivirus program – and you should – it might have some helpful features you can employ here as well. For example, McAFee has a scam detector that can block phishing links and scan emails. FSecure has a browser shopping tracker extension that will check URLs to make sure they’re safe. Granted, you will have to give these features some access to certain accounts to do their job, they can help give you an added level of protection.
The maximum effort
- Update all the things: And here, we really mean all the things – software, operating systems, browsers and apps. Keeping your software up to date means that vulnerabilities are patched and closes any loopholes that hackers may be looking to breach. Keep in mind, a lot of these updates can be scheduled to update on their own automatically.
- Prevent against deepfakes: More and more deepfake videos are being used to sway shoppers into clicking through thinking they're purchasing something endorsed by a celebrity or influencer. If you think you're buying something trendy, first check to make sure the creator’s account is verified, and look at past posts and engagement patterns. Real brands rarely share one-off videos with unfamiliar links, so there should be a clear history for the product and the creator.
- Use AI to fight AI: Hackers and scammers are using AI to make phishing messages more convincing, fake websites that look like the legitimate ones, insert voice calls that sound like people you may know and more. Again, features in your antivirus program could help out by identifying suspicious messages, blocking ads and pop-ups, installing browser guards extensions or alerting you to iffy websites.
- Add strong login protections: Use a unique password, a password manager, or best yet, a passkey, for all shopping, payment and banking accounts to keep them secure. Also, always turn on two-factor authentication whenever These take a few extra seconds to set up, its true, but they’re proven to be more secure. They can also be the difference between a hacker gaining control of your accounts, and getting shut out when an attempt is made at taking over.
More from Tom's Guide
- Best MacBook deals in December 2025
- 7 best Cyber Monday tablet deals you can still get, from someone who reviews them for a living
- This gadget is like a Wii without the controllers — and my kid loves it
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
LATEST ARTICLES
