phone icon

How can I avoid phishing scams when holiday shopping?


The holidays bring out some real grinches anxious to separate you from your cash. Here’s how to stay safe.

Computer and mobile device users are always at risk of being hacked, scammed, and phished, but when the holidays arrive, crooks really have an opportunity to cause some mischief.

They’re hacking consumers using sophisticated phishing attacks that attempt to trick people into giving up their personal information, including bank account or credit card data.

Follow these four tips to protect yourself this holiday season.

1. Watch out for deals that are too good to be true

Black Friday “doorbuster” deals have convinced the world that insane discounts are to be expected once the holidays roll around.

Amazing discounts and promotions – delivered via email, text message, or an opportune pop-up window on the Web – may lead you to bogus ecommerce sites strictly designed to separate you from your credit card number. Order the merchandise promised, and it may never come – but you’ll be charged for it (and more) just the same.

Be extra vigilant when shopping for the holidays. Some deals sound too good to be true because they are. They could be outright scams.

2. Double-check website domain names

Phishing is most effective when a scammer is pretending to be a brand you know and trust. A high-quality but phony store hawking well-known or high-demand products is likely to look almost identical to the real thing – so be vigilant in looking for signs that reveal its true colors.

Start with the domain name: and are very different websites, and cryptic names like the latter are likely to be purveyors of scams. While you’re at it, make sure everything in an email promo is legitimate before clicking on embedded links. For example, inspect logos, email address headers, and the text and content of messages before clicking anything. Better still, keep your Norton products up to date in order to block spam and phishing emails before they ever get to your inbox.

3. Make sure merchant websites are secure

In recent years, websites have been moving from HTTP to HTTPS, a communication system that encrypts all traffic between users and the websites they visit, which can dramatically improve security against certain types of attacks.

It’s easy to tell whether a website is not secured with HTTPS. All major web browsers indicate this with an icon to the left of the site’s URL. The icon is a lowercase “i” with a circle around it on Edge and Firefox; Google Chrome also notes “Not secure” on insecure sites.)

HTTPS (with S on the end) is a secure protocol because it includes encryption and authentication, which keeps the information shared between your computer and the website private.

HTTPS might not be as important if you’re visiting your neighbor’s blog, but it is if you’re on a site where you plan to buy something, where you need to provide your payment card credentials, your address, and log in with your username and password.

Instead of, or next to, the lowercase “i” icon on every browser, look for a locked padlock icon on retail sites that shows they are using the most current security mechanisms, indicating that your shopping sessions are encrypted and secure.

4. Remember to be patient

When you’re in a rush to complete your holiday shopping as quickly as possible, it’s natural that you might miss something. Take a breath and slow down. Cyberthieves often prey upon people’s poor cyber habits, or attempt to trick you with phishing messages designed to make you panic – such as warnings about a delayed package or a credit card purchase that didn’t go through. Just as a big discount might be too good to be true, an urgent warning might be too dramatic to be taken at face value.

How to stay safe

Norton 360 protects from many of these scams, protecting more than just your PC. You can protect multiple devices by downloading Device Protection to your Mac, smartphones, and tablets to ensure that all your devices have protection.

Keeping you cyber safe

Maximize the value of your Norton 360 subscription by installing protection on multiple devices, staying more private on public Wi-Fi with VPN, backing up your most important documents with secure PC Cloud Backup, and getting notified if we find your information for sale online with Dark Web Monitoring powered by LifeLock.

Don’t have one of our Norton 360 plans yet?
Click here to upgrade.


Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.