Protecting Yourself from Scammers this Holiday Shopping Season

Safe Online Shopping Tips this Holiday Season

Like it or not, the holidays are almost here. While you might have mixed feelings about the jolly season approaching, the fact remains that now is a great time to get yourself – and even your spouse – that knick-knack you’ve been eyeing. Why? Because holiday sales are coming, and as always, the discounts will be deep.

Still, it’s important to make sure your year-end shopping spree isn’t spoiled by cybersecurity threats, hackers, or scammers. Read on to learn how to best protect yourself when shopping online this holiday season.

Cybersecurity 101: Use Unique, Complex Passwords for Each Site

One of the best ways to protect yourself is to make sure you avoid using the same password for every website. Also, please don’t use “password” as your password! Passwords should be a random string of alpha-numeric characters and symbols, such as b0R@m3ir or !@$#!@K$223.

Basically, your password needs to be something someone could never guess.

Since creating and remembering potentially dozens of random passwords is completely impossible for the human brain, you’ll need help to keep track. Fortunately, free password manager widgets are available for your web browser. Two common managers are LastPass and Dashlane. Both of these password managers run on the “freemium” business model – offering a free base service as well as an upgraded paid version. For most people, the free version works just fine.

Unfortunately, no password manager is foolproof. Speaking from experience, both LastPass and Dashlane are imperfect. They may sometimes not save a new password or new login information. Still, the software is much better than the dangerous alternative of using the same password for every site.

Use Anti-Virus Software

Installing a quality anti-virus program takes just a few minutes and can be a relatively painless process. Popular consumer expert Clark Howard suggests a variety of free anti-virus programs on his website. Like the password apps, many anti-virus offerings run on the “freemium model.” At Define Financial, we use a combination of BitDefender and Avast on our computers.

Keep Software Updated

Bree Fowler of Consumer Reports recommends updating anything and everything on your personal computer. This means updating your:

  • Operating System (OS), be it Windows 10 or whatever large predatory cat Apple is now on
  • Web Browser, be it Chrome, Firefox, or Safari. If you’re using Microsoft Internet Explorer, stop to ask yourself why. Seriously, why are you still using Microsoft Internet Explorer?
  • Your Anti-Virus software

Now that I’ve told you to update your software, you should know there are many common scams that pretend to update your software but actually end up infecting your computer. Here’s how you can spot the difference: When you are legitimately updating your computer’s existing software, you’ll be doing this from within that very software – and not from a pop-up or banner ad you see on a website. For example, if updating Avast Anti-Virus, open your existing Avast program and select “Update.”

Update your software from within that very same software. Don’t click on random messages you come across online to update your software.


Here’s what you shouldn’t do: You should never click on an online link that says any variation of…..


One red flag of bogus invitations to install nasty stuff on your computer is the severity of any given warning. The more urgent and perilous the message, the higher probability it’s a total scam.

One virus circulating the internet right now begins with a prompt to update Adobe Flash. If you think your Adobe software needs updating, go straight to the source, Do not click on anything anywhere else. The same applies for any other software you have that may need updating.

No matter what, go straight to the source!

Enable Two-Factor Authentication (2FA)

As a financial planner, I’ve sat through more than one presentation on cybersecurity. One thing I’ve learned is that enabling two-factor authentication is the best way to stop hackers.

With two-factor authentication, you are prompted to enter a one-time passcode each time you log on. This passcode can be delivered via email, as an SMS message (text message) to your phone, or be on a physical or software-based token.

If possible, choose anything except SMS delivery. Tech guru Bill Winterberg warns that SMS is the least secure delivery option available. However, 2FA via SMS is better than no 2FA at all.

Always Use a VPN over Public WiFi

Using Public WiFi without a VPN is asking for trouble. It’s akin to publicly broadcasting your personal information. If you log into any account over public WiFi – be it Facebook, your bank, or your email – that information is available for anyone sophisticated enough to see it.

What’s public WiFi? It’s the WiFi at your local coffee shop, hotel, or the airport. If you think you’re safe using WiFi at a conference that’s only accessible via a password, think again. I’ve gone to more conferences than I can count where WiFi login information – password included – is displayed on tabletops for everyone to see. If anyone can see the password, what’s the point of having a password!?

The secure solution is to use a VPN. A VPN is a piece of software that you install on your computer or mobile device that allows you to use a WiFi connection securely. So, if you’re connecting to WiFi without a password – or with a password that anyone can see – you’ll be browsing much more safely with a VPN.

Beware Fake Courier Messages

Even outside of the holiday season, I have received countless spammy e-mail messages about pending or delayed shipments. These have come from “USPS,” “UPS,” and “FedEx.” Don’t fall for it!

Massive Virus Pretending to Be FedEx

Massive Virus Pretending to Be FedEx


The United States Post Office (USPS) is not in the habit of using email messages or phone calls to communicate shipping exceptions, warns Anthony Giorgianni of Consumer Reports. Instead, you can expect a notice at your door. If you get a phone call from USPS, it’s likely a scam. The best move is to hang up.

Do not provide these fraudsters with your personal information – as the fraudsters will attempt to glean your birthdate, Social Security number, or other personal information. Scammers use this information to perpetrate identity theft, as well as other crimes. (This is another good reason why it’s always good to freeze your credit report, too.)

Avoid Deals that Sound Too Good to be True

As the old saying goes, if it’s too good to be true, it probably is. Giorgianni warns of two ways scammers try to separate you from your money. The first warning is for any random website offering a popular product at an insanely low-price. When you see this, don’t immediately enter your credit card information. Your best bet is to Google the site name and the word “scam” to see what the deal is.

If you see a deal that's too good to be true, do your homework!

If you see a deal that’s too good to be true, do your homework!


Craigslist also warns that all transactions made through the website should be done in-person. By doing this, you’ll avoid 99 percent of scams on the site. If you’re holiday shopping on Craigslist, there’s no reason to make an exception to their rule. Run screaming from anyone on Craigslist that insists on paying via a wire transfer without ever meeting in person.

Protect Yourself from Online Scammers this Holiday Season

If you’re not actively trying to protect yourself from hackers and scammers, the best time to come up with a strategy is now. Most of the techniques listed above are free and only take a few minutes of effort to employ. Best of all, they help ensure your safety, privacy, and security when shopping for your Christmas, Hanukah, Kwanza, Festivus or Winter Solstice gifts.

I can say with confidence that I’ve got all of the above checked off. With that in mind, I’m looking forward to safely, securely, and privately purchasing a five-gallon glass fermenter for myself (or, for my wife) this holiday season!