Kate Bevan   15 December 2017

online shopping

There's a lot to be said for doing your holiday shopping from the comfort of your sofa. Picture: Mike McCune / Flickr

With the holiday season just around the corner, many of us would rather shop for gifts online rather than braving the crowds in the shops: a survey by Deloitte found that 55% of the people they surveyed were planning to do their festive shopping online this year, with 36% planning to use a mobile payment app.

But while you might be protected from the stress and rush of trying to do your shopping for the holidays by buying presents online, don’t forget that scammers are out in force over the festive period.

Last year in the UK shoppers lost nearly £16m to fraudsters, according to Action Fraud – that’s up 60% on the previous year, it said.

And it’s not just online – you can also be scammed while out shopping or celebrating. To help you stay safe this holiday season, we’ve put together a few tips for you.

Know who you’re buying from

Try to buy only from established, trusted retailers. If you’ve never heard of a store when you see its website, Google it: what do other shoppers say about it? How long has it been established? Check the price of the item you’re thinking of buying there against other online shops: does the deal seem too good to be true?

If you’re going to buy from small retailers, check if they sell via a bigger e-commerce platform such as Amazon, Etsy or eBay, where you have some protections if things go wrong. And never pay via direct bank transfer: if a small retailer doesn’t offer card payment, use a service such as PayPal instead.

Look closely at the website address

Check for a padlock in the URL field of your browser, and make sure the website address starts with https:// - the “s” stands for “secure”, and means that all the information you send to the website such as your credit card details is encrypted.

Keep an eye out for fake websites pretending to be real stores: scammers set up websites that look like the real thing to steal credit card details, with sneaky substitutions like using a figure 1 or a capital I instead of a lower-case L. This can be really hard to spot, so the best way to protect yourself is either to type in the store’s web address yourself, or to check with Google what the retailer’s web address should be.

credit cards

If a retailer doesn't offer credit or debit card payment, use a service such as PayPal instead. Never pay via direct bank transfer. Picture: frankieleon / Flickr

Be careful where you click

Watch out for unsolicited offers claiming to be from retailers landing in your inbox – if you get an email offering you an incredible deal on something you want to buy, don’t click the link in that email but go to the store's website either by typing in the URL yourself or by clicking through from a Google search. 

Be especially careful if you get an email asking you to log in to a store or a delivery service such as DHL: this is a phishing email designed to steal your passwords. Again, type in the URL yourself, and remember that no reputable organisation will ask you to log in from a link in an email.

Stop the spam

Be careful about registering on websites: most of them want to send you marketing emails, so watch out for checkboxes when you fill in your details. Although European data laws require that your consent is “active” – ie, you must actively say yes to being sent marketing communications by ticking a box that’s clearly labelled – you will find plenty of websites elsewhere in the world that are less transparent. Look out for boxes that you have to untick to decline marketing emails, for example, or tiny text buried at the bottom of a page.

It’s worth creating a separate email address for online shopping to keep your main inbox clear of potential spam.

Use a different and strong password for every shopping website – don’t use the same one over and over again. Use a password manager such as LastPass, Dashlane or KeePass to generate and manage those passwords for you.

Sometimes you have to venture out of the house to do some holiday shopping or to go to a festive gathering, so here are some tips to help you stay safe when you’re out and about.


Is the ATM you're using safe? Look out for signs of tampering - and make sure nobody can see you tap in your PIN. Picture: redspotted / Flickr

Protect your PIN

Who’s standing behind you? Can they see you input your card’s PIN? If you’re paying for something, cover the keypad of the card machine as you tap in your code, or better still, use contactless where possible.

Even better than contactless cards – which are a risk if they’re stolen – is using your phone to make contactless payments. That’s not only to do with the way the payments are handled, but also of course your phone needs to be unlocked before you can tap the card terminal to make the payment, and you have a record on your phone of your spending.

Watch out for that ATM

Getting cash out of a machine? As well as making sure that there’s nobody standing behind you watching you input your PIN, you need to be alert to the possibility that the ATM is compromised.

Before you use an ATM, check for obvious signs of tampering around the card reader and the keypad. If there’s another ATM, see if there are any obvious differences between the two. If possible, use a machine inside the bank – they’re harder for the criminals to tamper with.

Cover the keypad with your hand while you input your PIN – thieves often install tiny cameras above the keypad so that they can record your number.

Who’s got your card?

If you’re paying for something by card, don’t let it out of your sight. A reputable retailer will bring the card machine to you, and look away while you input your PIN to make the payment.

Christmas shopping

Whether you're heading out to the stores or staying home, do your shopping safely! Picture: Better Than Bacon / Flickr

WiFi worries

Going online to check your bank account or pay for something while you’re out and about? Don’t use free public WiFi. Criminals can set up what’s known as “evil twin” hotspots that masquerade as ones provided by reputable services. Once you’re connected, the thieves are intercepting your data as you send it.

Instead use your phone’s 3G or 4G connection to get online, either directly via your phone or by using it as a hotspot for your tablet or laptop.

And finally, whether you’re out and about or shopping from the sofa, make sure your devices are up to date with all their software patches, and if they’re Android or Windows devices, that they’ve got up to date antivirus software on them too. Android is particularly vulnerable to malicious apps stealing data thanks to its open-source structure, so it’s very important that you know what apps are actually doing on your phone.