Khoury News

How to protect yourself while shopping online this holiday season 

Looking to buy splendid gifts for your loved ones without stumbling into scams online? Khoury College's cybersecurity faculty have some advice to keep yourself fraud free this December — and year-round.

December 8, 2025

by Paul Murphy

Share article

Close this dialog window

Online holiday shopping is projected to break records in 2025. With so much money changing hands, malicious actors will surely be lurking, so consumers should take extra caution as they visit unfamiliar websites. 

We asked four Khoury College cybersecurity experts — Professors Christo Wilson, Alan Mislove, David Choffnes, and Engin Kirda — to provide some tips for protecting yourself during the holiday shopping season and year-round. Here are their suggestions. 

#1: Shop with a credit card 

You’ll have an easier time contesting charges or replacing the card if the card number gets stolen. Conversely, if you use a debit card or bank account transfer, it’s harder to recover lost cash or change your numbers. 

#2: Use a password manager 

A fraudulent website might steer you to a phishing site that emulates a legitimate payment service like PayPal or Google Pay, and that tricks you into giving it your username and password. A password manager won’t do this; if the manager doesn’t autofill your login credentials as expected, that often means you’re on a phishing website. 

#3: Don’t reply to texts from numbers you don’t recognize 

Delete them. Many of these “pig butchering” scams start with innocent-looking text messages that look like they were sent to a wrong number. This is intended to kickstart a conversation, gain your trust, and defraud you. 

#4: Don’t trust company phone numbers in Google search results 

Scammers have found ways to get malicious phone numbers to rank highly in search results. Instead, use phone numbers listed on the company’s website. 

#5: Use ad blockers 

These tools help you to avoid being tracked, targeted, and scammed as you shop. They also make web pages load faster and look nicer. 

#6: Try to avoid clicking on links from emails or online ads 

These can be vehicles for tracking and phishing scams. Instead, visit the retailer’s website directly. 

#7: Enable two-factor authentication 

If a website supports it, this method — which prompts you to confirm logins on your phone — stops attacks even when your password is leaked or stolen. 

#8: Enable transaction alerts on your credit card 

By taking this low-effort step, which all banks support, you will get notifications on your phone each time your card is used. This allows you to spot fraud within seconds, not weeks.