Published December 24 2025
This holiday season don’t put getting gifts for cyber criminals on your list. Cyber criminals are especially active during the holidays, taking advantage of the large number of people shopping and travelling to compromise personal information, identities, and money. This blog gives you a bounty of tips to help you stay secure while shopping and traveling for the holidays while ensuring you don’t fall victim to scams or other threats.
The main threats associated with online holiday shopping often center on tricking you into entering personal or payment information on fake or fraudulent websites. Scammers use a variety of tactics to do this. One common method is creating counterfeit websites that look legitimate and then enticing shoppers to make purchases and enter their payment details, which the scammers then misuse.
These fake sites can closely mimic real retailers and may even use web addresses that look nearly identical. However, there are usually subtle differences—such as slight misspellings in the name, added words or characters, or a different domain suffix (for example, using .net instead of .com, or a country-specific suffix like .ru or .in).
Fraudulent advertisements are another frequent way scammers direct people to these fake sites. If you see an ad promoting a sale or new product from a retailer you recognize, it’s safer to visit the retailer’s website directly and look for the offer yourself rather than clicking the ad—especially if the deal seems unusually good. Ads are easy to fabricate and can lead you to fraudulent websites designed to capture your payment or other personal information.
Ensuring the websites you are using are properly encrypted is also critical to staying secure while shopping online. Encrypted websites use an https prefix in their address (as opposed to the less secure http) and display a lock symbol by the address in your web browser. This encryption makes it more difficult for cybercriminals to monitor traffic between your device and the website, helping to ensure that they cannot steal important data, such as credit card information, as it is transmitted between you and the vendor.
Cybersecurity risks don’t go away when you shift from online shopping to visiting stores in person. One common in-store threat is the use of “skimming” devices—small attachments placed on credit card readers to capture card data. These devices are often fitted over the card-swipe slot and may be detectable by misalignment, looseness, or parts that look out of place. Skimmers are especially common at gas pumps, where criminals can install them with little oversight, but they can also appear on payment terminals in retail stores and other establishments.
A practical way to reduce the risk of skimming is to use your card’s tap-to-pay feature instead of swiping or inserting it. While not foolproof, tap-to-pay transactions are harder for criminals to intercept and can significantly lower the chances of your card information being stolen.
Holiday Travel
Your holiday travel plans can also be a prime target for cybercriminals. Traveling exposes you to several risks, including unsafe networks, shared or public devices, and people potentially observing your screen or keyboard as you use your device.
One of the most common threats is unsecured public Wi-Fi, such as networks in airports, hotels, and other travel hubs. These networks typically lack the encryption that protects data on most home or private networks. As a result, other users on the same network may be able to monitor your online activity—such as the websites you visit or the information you enter, including passwords, logins, and private messages. Criminals can then use that stolen information to access your accounts, impersonate you, drain bank funds, or target you for further scams.
Fortunately, the risks of unsecured networks can be mitigated by using a virtual private network (VPN). A VPN creates an encrypted channel of communication between the user’s device and the server of the VPN provider, protecting your web activity from being monitored by miscreants on the unsecured network you are using. There are many VPN options with a variety of different features to choose from, including NordVPN, Surfshark, Norton, and ExpressVPN, among others. No matter which tools you use, they can be valuable for preventing identity theft and staying secure during holiday travel—and throughout the year.
When traveling, you may also use public devices, such as computers at libraries, hotels, or internet cafés, or screens in your accommodations. While convenient, these devices can pose a security risk if you remain signed in to your accounts. Anyone using the device after you could access your personal information or take advantage of your subscriptions to streaming services and other platforms.
This risk is easy to avoid by being mindful of the accounts you sign into and always signing out before leaving a public device. Taking these simple steps can help keep you cyber safe.
Another risk to be aware of is people trying to eavesdrop on your devices by watching your screen as you work or play. By doing this, cyber criminals can steal passwords, email addresses, and other personal information. This threat is particularly common in cafes, public transportation, and other public spaces. Being aware of the people around you can help prevent eavesdropping, as can making sure that you sit with your back to a wall or a corner. When using your device in public, be mindful of reflective surfaces behind you, as screen reflections can also be used to spy on your information. To reduce this risk further, consider using a privacy screen protector, which limits the angles from which your screen can be viewed.
The holidays are a time of togetherness and joy—but they can also bring increased cybersecurity risks, especially when traveling or shopping. By following these tips, you can stay safe and secure this season, wherever you are. Happy holidays from CyberMontana!