With so many transactions taking place, the holiday season is prime time for cybercriminals.
The holidays are one of the busiest shopping periods of the year, and for a good reason: ’tis the season for consumers to take advantage of steep discounts from some of their favorite retailers. But while bargain hunters are out looking for deals, fraudsters are hard at work trying to scam unsuspecting consumers and steal their personal data and information.
Imposter scams are the most-reported scam to the Federal Trade Commission, with losses of $2.99 billion in 2024. These involve fake emails, texts and websites impersonating individuals, businesses and government agencies. Online-shopping scams are the second most reported, with over 387,000 cases in 2024. “Anyone can fall victim,” says Charles Laugen, senior manager of Client Risk Prevention at RBC Wealth Management–U.S. “It’s no longer a matter of if you will be targeted—it’s when and how.”
Here are some tips to help protect your information while shopping online and in person this holiday season:
Credit and debit cards are considered by many to be more convenient than cash. In fact, many retailers today prefer plastic or mobile payments over bills and coins. But you still need to be cautious when carrying and using cards.
While you’re out shopping, only carry the cards you need, and leave the rest at home. That way, if your wallet is lost or stolen, you’ve limited the amount of exposure.
Protecting your personal identification number (PIN) is the most common piece of advice for using debit and credit cards. Shield the keypad when entering your PIN, and never share it with others.
Contactless payments can be convenient, and they don’t require a PIN; however, they aren’t immune to electronic attacks. Criminals can use specialized card readers to steal contactless card details from people’s wallets by standing close to them. Be aware of your surroundings and use a radio-frequency identification (RFID) blocking card holder for protection.
Many people have come to prefer shopping online rather than in stores, which comes with its own set of fraud risks. Be cautious about sharing personal information online, and pay close attention to the websites you’re using so you don’t fall for these common online-shopping scams:
Cybercriminals design convincing lookalikes of official websites in order to steal personal information, often promoting unusually good deals or impersonating well-known brands and even banks. These imposter sites can be off by just one character in the web address and look identical to a company’s legitimate site.
While promotional emails and texts are common around the holidays, be sure to verify that the sender is actually who they say they are. One way to confirm is to type the company’s web address into your browser instead of following a link. If a deal seems too good to be true, it may be fraud. Only buy from companies and sites you know and trust.
You may receive a text or email that says an order has been placed, even though you know you didn’t shop at that retailer or buy that item. This is a common tactic scammers use to trick unsuspecting consumers into clicking fraudulent links or calling and engaging with them. The scammer’s aim is to harvest data, credentials or install malware on your device. If you get an order confirmation that you don’t recognize, ignore it and check your financial accounts or the retailer’s site directly.
“Your order is being delivered today, here is your tracking number!” This is another tactic used to try to get you to click and compromise your device, your personal information or to pay a fee for delivery. Don’t click or call using the information in the text or email; instead, go to the delivery company’s website manually and verify the tracking number.
Scammers take advantage of consumers’ holiday generosity and impersonate legitimate charities. Check website addresses carefully, and don’t click on any links or call phone numbers provided in an email. Instead, look the organization up yourself and donate via credit card on a verified website.
Any time you shop online, make sure the websites are encrypted, meaning they have extra security measures in place to protect your information. Look for an “s” in the “https://” section of the web address, which stands for secure. A padlock icon in your browser window also indicates the site is encrypted.
Be extra cautious when using public Wi-Fi for online shopping—or transmitting any personal data for that matter. Cybercriminals often use these shared connections to steal credit card details and other personal data. As a result, it may be safer to enter credit card information or log into online banking sites later from a secure network.
Even the savviest consumers can be at risk of online scams and cyber fraud. Laugen recommends regularly reviewing your account statements and signing up for email or text alerts from your bank to monitor activity and make sure all transactions are authorized and accounted for.
Missing transactions can be as much of an indicator of fraud as unauthorized ones, he says. If you notice any missing or fraudulent activity, report it to your financial institution immediately.
“Don’t just focus on the large transactions,” Laugen warns. “Some cybercriminals will test the water with smaller transactions. If they go unnoticed, they ramp up to larger ones.”
Cybercrime ramps up during the holidays, and as scammers become more sophisticated, vigilance is key.
Learn more about how to protect yourself online.
This article was updated in Nov. 2025.
RBC Wealth Management, a division of RBC Capital Markets, LLC, registered investment adviser and Member NYSE/FINRA/SIPC.
We want to talk about your financial future.
Investment and insurance products offered through RBC Wealth Management are not insured by the FDIC or any other federal government agency, are not deposits or other obligations of, or guaranteed by, a bank or any bank affiliate, and are subject to investment risks, including possible loss of the principal amount invested.