Last updated at Tue, 13 Dec 2022 11:00:00 GMT

Chestnuts roasting on an open fire, scammers nipping at your bank account… that might not be the carol you were expecting, but unfortunately it’s the frosty truth.

Most everyone has tons of shopping to do in preparation for holidays, whether they’re buying gifts, decorations, or tickets to visit loved ones. And with so many of these transactions happening online, all these shopping sprees add up to a potential goldmine for scammers.

Don’t let those grinches get you down. Fraud might be out in full force, but some simple cyber hygiene is all it takes to stay safe. In the spirit of the holiday season, we’ve made you a list—check it twice, and you’ll find out which online deals are naughty or nice.

1. All They Want for Christmas is Venmo

Not all payment methods are created equal—and scammers know this all too well. So if a seller is insisting you pay for those stocking stuffers with Zelle, gift cards, Dogecoin, or wire transfer, you should probably steer clear.

Peer-to-peer payment apps like Venmo, Zelle, or Cash App are incredibly handy, but they’re designed for paying your friends for your share of brunch, not for sending money to unknown online sellers. These apps offer you little to no recourse in the event of fraud, so stick to using them with close friends and family. No reputable online retailer will request payment through these apps.

Same goes for wire transfers. Wire transfers of money are irreversible, and next to untraceable to boot. So, they’re a popular choice for cybercriminals, and should be a huge red flag for holiday shoppers. Cryptocurrency is the favorite payment method of hackers worldwide for the same reasons; by design, cryptocurrency transactions are anonymous, untrackable, and impossible to reverse.

Gift cards might seem more at home at a lackluster White Elephant party than in a fraudster’s arsenal, but they’re used in online scams with surprising frequency as well. Some scammers offer to accept gift cards as payment—you just need to send them the card number and PIN. But, like all of the other types of payment above, gift cards can’t be tracked and offer no protection to fraud victims, and the fake sellers can quickly and easily convert the gift card’s contents into cash or items.

The bottom line: Stick to credit cards or digital wallets for anything you buy online this December. And of course, be sure to keep a close eye on your statements, so you can alert your credit card company of any transactions you didn’t make.

2. There Might Have Been Some Malware in That New Top Hat You Found

Right about now, online retailers are out in full force advertising their wares over social media and email—and scammers are right there with them. That email you got about a deep discount on PS5s might not actually be from Amazon, and the Instagram ad offering Taylor Swift tickets should definitely be looked at with suspicion. Hackers know all too well that many people are in a hurry to finish up their holiday shopping, or are desperately hunting for a good deal on that perfect gift, and they’re all too ready to take advantage.

Scammers will frequently prop up advertisements or send messages posing as companies you know and trust to get you to let your guard down. The goal, as in all phishing scams, is to get you to click on a link you shouldn’t. Just by clicking, you could be unknowingly downloading malware onto your computer.

Alternatively, these links may send you to a fake online storefront designed to look like a well-known legitimate retailer. These storefronts generally offer popular holiday items or travel fares at irresistible prices. When you make a purchase, the “retailer” might grab your credit card details or other personal information. Or, they might ask for payment in one of the unsecure methods discussed above, and never deliver you the goods.

So, don’t let holiday stress (or an excess of eggnog) get in the way of your better judgment. Be sure to hover over links to check where they actually lead before clicking—or better yet, open up a new tab and navigate to the retailer’s site directly. Make sure you thoroughly vet any seller before making purchases, checking for reviews and feedback. And remember: Any deal that seems too good to be true probably is.

3. Last Christmas, I Gave You My SSN. The Very Next Day, You Stole My Identity

Even if you’ve made all your holiday purchases safely, you’re not out of the woods quite yet. There’s a popular new type of scam on the rise you need to watch out for: fake delivery notifications.

At this time of year, just about everyone is waiting on one package or another, so some scammers send fake texts claiming that your package has been delayed, you missed its delivery, or something along those lines. And, of course, they’ll give you a link to click. Once you do, scammers will often ask for sensitive information—such as your credit card number, SSN, or even just login credentials to an online retailer—so that they can “find” your lost package. Alternatively, they may claim that you owe an extra fee before your package can be delivered.

Luckily, once you’re aware of this scam, it’s also fairly easy to avoid. Take note of tracking information for any online orders you make, so if you get any messages about problems with delivery, you can independently track your package and see what’s really going on. And know that delivery companies like FedEX or UPS will never ask you for sensitive personal information to track a package.

Cyber scams may be coming to town, but that doesn’t mean you have to be a victim. Just a few extra precautions—using safer payment methods, vetting sellers, and avoiding suspicious links—will keep you safe. Deck the halls with good cyber hygiene and make sure you know when those jingle bells should actually be alarm bells.