Keep Your Holidays Happy: Steer Clear of Digital Dangers

Staying safe online is a gift anyone can appreciate

At this time of year, you’ve probably got your hands full with holiday plans: prepping your gift list, getting ready for a Thanksgiving trip, putting up decorations. The last thing you want to think about is a crew of scammers in some dark lair, tapping away at keyboards as they devise new ways to deflate your seasonal spirit. But that doesn’t mean the risk isn’t there.

According to the Federal Trade Commission (FTC), U.S. consumers lost nearly $8.8 billion to fraud in 2022, a jump of more than 30 percent over the previous year. The FBI’s Internet Crime Report reveals that Americans suffered $264 million in losses from credit card or check fraud alone last year.

Whether you're shopping for gifts online, booking travel to visit relatives, or using free public Wi-Fi while strolling amid the festive lights downtown, it's important to know the privacy and identity risks that typically increase around the holidays, and how to avoid them. Here are four of the most common threats, along with advice on how to stay protected.

Deals that seem too good to be true

Everybody loves a bargain. That means it’s all too easy to fall for deal-related scams at a time when big holiday sales are splashed across the internet. These scams often take the form of fake promotions, ads, giveaways, or digital gift card offers, all designed to rob you of your money or personal information.

Scammers have gotten more and more sophisticated in their efforts to impersonate legitimate retailers in social media posts, emails, and websites. Others invent fake new retailers that offer absurdly low prices on brands you know and trust. If you click their fraudulent links, you could be opening the door to trackers or malware being secretly installed on your device. If you enter your personal information on a scam website, it could harm your privacy and ultimately lead to identity theft.

Our advice: Pardon the cliché, but if it seems too good to be true, it probably is. Before you click a link, carefully review the offer for spelling errors or anything else that seems unusual. By hovering your cursor over the link, you’ll see the URL, which will display either in a pop-up or at the bottom of your browser window. Do a quick search, comparing this URL to that of the real, legitimate company. Finally, install an advanced anti-tracking tool like IDX Tracking Blocker, which helps prevent websites from collecting and selling your personal data.

Holiday messages that hide not-so-jolly surprises

While many people like to indulge in winter activities like skiing or ice skating over the holidays, scammers prefer to go phishing. Here’s how it works: Similar to the online deal scam, the bad actor creates an email, text, or social media message designed to look and sound like it’s coming from a trusted brand or retailer. The message might ask you to enter a contest or complete a survey; tell you that you’ve been locked out of your account and need to update your password; or claim that you’re being refunded for a purchase. If you click the link, you could be allowing malware onto your device. If you give out personal information like your name, account password, or credit card number, you could find yourself later victimized by identity fraud.

On a related note, be careful about unsolicited messages from groups claiming to be charities, as charity-related fraud always rises during the holidays.

Our advice: If you get an unexpected message from a company asking you to click a link, don’t engage directly. If you have an account with the real company, log into their official site or app and see if there’s a similar message or alert waiting for you there. If there isn’t, the original message you received could be a phishing attempt. As for charities, do research on an organization to see if it’s a legitimate nonprofit with a verifiable Taxpayer Identity Number. Want to donate? Don’t click a random link; search for the organization’s official website and donate there.

A place where fraudsters deck the halls with stolen info

While the rest of us meet for holiday parties, cybercriminals gather to ply their trade on the dark web—an anonymous, hard-to-access place where illegally obtained credit card numbers and other personal data are bought and sold. Credit card usage skyrockets during the holidays, which only increases the potential for stolen card information to turn up on the dark web.

The risk grows if you have your credit card information stored on the websites or apps of your favorite retailers. While it’s super-convenient to do this—you don’t have to re-enter your data every time you make a purchase—data breaches among retailers happen on a shockingly regular basis, and your card information could be hacked as a result.

Our advice: Instead of storing your credit card information in your online accounts, manually enter your card information with each online purchase, or use a secure payment platform like Apple Pay, PayPal, or Google Wallet. Carefully guard against credit fraud by using credit management services like those offered by IDX, which include 24/7 monitoring of your credit report and credit score. And take advantage of a service like IDX CyberScan, which proactively searches all layers of the web, including the dark web, to see if your credit card or other personal information is being offered for sale.

Scams that turn travel into a winter bummerland

If you’re like a lot of people, you’ll be hitting the road to visit family or friends for the holidays. And that often means using your credit card at gas stations, getting extra cash at ATMs, or accessing free Wi-Fi at shopping centers, airports, and other public places. Just be aware that scammers may have planned for your arrival.

When stopping for gas or using an ATM, be alert for a phenomenon called “skimming,” where fraudsters tamper with the card reader’s swiping mechanism, or use a Bluetooth device to steal your card’s information when you dip or swipe it. Meanwhile, if you’re planning to connect to public Wi-Fi, know that scammers often create fake networks with authentic-sounding names in order to steal your personal data. In general, open Wi-Fi networks are risky, because others can potentially spy on you, track you, or plant malware on your device.

Our advice: Look for gas pumps and ATMs that use contactless payment or ones that allow you to insert a secure chipped card. Be sure to have the latest anti-virus software installed on your devices, and keep your devices’ operating software up to date. If you must use public Wi-Fi, activate a VPN (Virtual Private Network) like SafeWiFi from IDX, which encrypts your connection so that no one can pinpoint your identity, online activity, or location. Finally, have your credit automatically and continuously monitored with a service like IDX credit management.

Bonus tip: If you’d like to give your household the gift of identity and privacy coverage year-round, consider the Family version of IDX’s Complete Plan, which offers a full range of advanced protection—including credit management services and the Tracking Blocker, CyberScan, and SafeWiFi tools mentioned above—against current and emerging cyberthreats.