The 24 Days of Cyber Safety: Shop Smart this Holiday Season

Welcome to the 24 Days of Cyber Safety! This holiday season, we’re bringing you daily tips to help you shop smarter and avoid online scams. From spotting fake deals to securing your devices, each insight is designed to keep your celebrations stress-free and cyber-safe. Stay tuned every day for practical advice to help you stay safe this Christmas.

 

Day 1: Shop on trusted, familiar websites

Shopping on well-known, reputable websites reduces the risk of falling victim to fake stores or fraudulent sellers. Trusted retailers have stronger security measures, verified payment systems, and better customer support, making your experience safer and smoother.

Tips:

• Consider how familiar you are with the website you are buying from.
  Less familiar or completely new websites can still be perfectly legitimate and many smaller retailers offer excellent products and service, but using them means it is sensible to carry out a little extra checking. Look for clear contact details, returns information and independent reviews to confirm everything is in order before you enter any payment details.
• Take a moment to judge whether the website looks genuine and trustworthy.
  Look for signs such as consistent branding, well-presented pages, up-to-date information and a correctly spelled web address. Scam websites often cut corners, so small details can help you notice when something does not seem quite right.
• Check that the website uses HTTPS and pay attention to any warnings from your browser.
  Most reputable websites now use HTTPS as standard, and it is less common these days to come across a shopping site that does not. The absence of HTTPS does not automatically mean a site is malicious, but it does mean data sent between you and the website is not properly protected. If your browser warns you that a site may be unsafe or that the connection is not secure, treat this as a serious signal that something may be wrong. In these cases it is best to avoid entering any personal or payment information and consider shopping elsewhere.

 

Day 2: Strengthen your security with strong, unique passwords

Weak or reused passwords are one of the easiest ways for attackers to compromise your accounts. Protect yourself by creating passwords that are both secure and memorable:

✅ Use three random, memorable words
✅ Consider mixing upper and lower case letters
✅ Think about adding numbers and special characters

Example: RamseyHouseIslanD42!

Tips for Strong Passwords:

• Avoid predictable phrases or personal details like birthdays, names, or pets.
• Never reuse passwords across different accounts.
• Consider using a password manager to keep your credentials safe and organised.

A strong password is a simple step that makes a big difference in your security.

 

Day 3: Avoid clicking website links in unexpected emails, texts or social media messages, even if they look official. 

Cyber-criminals often disguise malicious links to look legitimate, tricking you into visiting dangerous websites that steal your personal information or install harmful software. These links can appear anywhere like emails, text messages, social media posts, online ads, or even in search engine results. 

How to stay safe:  

• Never click on unexpected links – If you weren’t expecting it, treat it as suspicious. 

• Go directly to the official website – Type the address in yourself.  

• Hover before you click – On desktops, hover over the link to preview the actual URL.  

 

Day 4: Gift card scams are on the rise leading up to Christmas. Stay alert! 

Someone is trying to scam you if you receive an email, text, or telephone call asking you to buy gift cards as a payment or to solve some problem. When someone asks you to buy gift cards, they’re really asking you to take money from your bank account and hand it over to them. The gift card is just a disguise to make the scam seem less obvious.  

Gift cards are easy to buy, easy to share and hard to trace. Once you share the gift card’s PIN with the scammer, your money is gone.  

Protect yourself:  

• Ignore any email, text or call asking for gift cards, even if it sounds urgent or official. If something sounds urgent then that’s another sign that it’s a scam. 

• Scammers often email to impersonate family or friends to ask for gift cards. 

• Legitimate businesses or organisation will never request gift cards for payment.  

• Never share gift card numbers or pins with strangers. These unique numbers allow you (or the scammer) to redeem to money on the card. 

 

Day 5: Be cautious of winter heating-allowance messages

Cyber-criminals often to impersonate Government offices by promoting fake heating discounts or energy deals. These scams typically through text messages and sometimes by email. Messages about allowances or benefits might look professional and might even seem to mirror real Government services. But the goal is to trick you into making quick payments or sharing personal details.

Tips:

• Be suspicious of any message you weren’t expecting – even if it looks official.
• Do not click on any links until you independently verify the message.
• Do not reply, even with ‘STOP’ – scammers use replies to confirm active numbers.
• Do not call any phone number provided in the text.
• Delete the message if you’re sure it’s fraudulent, or after reporting it.
• Remember that most government departments do not normally send text messages unless it is a for a service that you have consented to. The same is true of businesses. 

 

Day 6: Slow down and shop mindfully, scammers rely on rushed decisions.

The Christmas season is prime time for online shopping… and for scams. Fraudsters know that when people are in a hurry, they’re less likely to notice the warning signs. Fake websites, counterfeit products, and unrealistic deals often lure shoppers who are rushing to grab bargains. Acting quickly without checking details can lead to stolen money, compromised personal information, or identity theft.

It's important to pause before you click. Ensure the seller or website is legitimate before you purchase anything. Great deals aren’t going anywhere, take your time and shop smart!

 

Day 7: Impersonation scams trick you by pretending to be someone you trust. Always verify before acting!

Scammers often impersonate friends or family by hijacking their email accounts. Don’t trust the sender’s address alone – it’s not proof of origin. These messages usually sound urgent and ask for help or a favour, making it easy to act without thinking.

These messages often sound urgent and ask for help or a favour (e.g. the laryngitis/sore throat’ emails), making it easy to act without thinking. 

Treat anything unexpected or vague with caution. If you suspect an account takeover, call the person directly. Quick action can stop further damage.

 

Day 8: Never share verification codes, they unlock your accounts for criminals.

Never share verification codes. These include MFA, 2FA and OTP codes, and they all serve the same purpose, they stop criminals from accessing your accounts. Banks and other services send OTPs to confirm that you are the person logging in or approving an action. If you tell anyone a code, you are effectively unlocking your account for them.

Scammers often impersonate banks, delivery companies, shops or even people you know. They may claim they need to ‘verify your identity’, ‘stop a fraudulent payment’ or ‘confirm a purchase’, and then ask for the code you have just received. In reality, the code has been triggered by the criminal who is trying to sign in or authorise something on your account.

Once a criminal gets your verification code, they can take over your accounts, reset your passwords, access your personal information and in many cases commit fraud in your name. The simplest protection is also the most effective, never share a verification code with anyone, and if you receive one unexpectedly, treat it as a warning sign that someone else is trying to get in.

 

Day 9: Add multi-factor authentication for a simple, powerful security boost.  

Yesterday we talked about keeping your verification codes safe, many of those codes are part of MFA, so today we’ll explore how MFA works and why it protects you. Passwords alone aren’t enough anymore; cyber-criminals can steal or guess them. Multi-Factor Authentication (MFA) adds an extra layer of protection and that should make it much harder for attackers to access your accounts.   

Why it works: Even if someone gets your password, they’ll need a second factor, like a code sent to your phone or an authentication app to break in. 

How to get MFA: 

• Check your account security settings for ‘Two-Step Verification’ or ‘Multi-Factor Authentication’. 
• There are different ways to set up MFA.  One option is to use an authentication app (such as Microsoft Authenticator, Google Authenticator, or Authy) for stronger security than codes sent by text message. 
• Enable MFA on your email, banking, and social media accounts first. They’re the most critical.

 

Day 10: Check independent reviews to make sure that a website is genuine and safe. 

Online shopping is convenient, especially at Christmas time, but it also opens the door to fake websites designed to steal your money or personal details.  

These sites often look professional and convincing, making it hard to spot the danger at first glance. Before you trust a new retailer, take time to check what others say. 

Independent reviews can reveal whether a site is genuine or a scam.  

 

Day 11: Using guest checkout means sharing less of your personal data and it’s a faster shopping experience 

When shopping online, creating an account often means sharing extra personal details, like your address, phone number, and sometimes even payment information. While this can make future purchases easier, it also increases the amount of data stored by retailers, which could be exposed in a data breach or misused by scammers.  

Using guest checkout is a simple way to reduce the risk while still getting what you need. 

 

Day 12: Watch out for delivery scams. Don’t be fooled by fake parcel messages.  

Scammers are aware that during busy shopping periods, like Christmas, most of us are waiting for parcels, and they will use this to their advantage!  

They will often send text messages and emails claiming that there’s a problem with your delivery or asking you to pay a small fee to release your package.  

These messages may look official and use real company names (for example Royal Mail and Evri), but they’re designed to trick you into sharing personal details or making payments.  

Real delivery companies won’t contact you about addresses or damaged items by text message or email. Your courier might provide updates on tracking, but these are for information purposes. They do not ask for sensitive details or extra payments by text. 

Stay safe by  

• Ignoring unexpected messages about delivery problems by text and email 

• Tracking your parcels only through the official website or app of the delivery company. 

• Contacting the courier directly using details from their official site. 

 

Day 13: Move suspicious emails to junk to block future phishing attempts.

Phishing emails are designed to look real, often using company logos and urgent language to trick you into clicking links or sharing sensitive details. Simply deleting them isn’t enough. By categorising these emails by selecting the ‘Junk’. ‘Spam’, ‘Report Spam’ option/button, which moves the email to your junk or spam folder, you help your email provider learn what’s dangerous and block similar attempts in the future. 

Using the block function will not be as effective for scam emails. 

 

Day 14: Treat social media adverts carefully, as many are fake or unsafe.

Fake advertisements are common on social media, and scammers use them to steal personal information, direct people to risky websites or take payment for items that do not exist. These adverts often look professional, which makes them difficult to spot.

Even ‘sponsored adverts’ can be scams. Paid promotions are not always checked thoroughly, so scammers can still buy advert space and appear legitimate. People should avoid clicking adverts that feel rushed, too good to be true or link to unfamiliar websites.

Buy and Sell Groups on Facebook

Buy and Sell groups can also expose people to scams. Some groups are fully public, allowing anyone to see posts, identify buyers and sellers and contact them directly. This visibility makes it easier for scammers to approach people quickly and attempt unsafe transactions.

Before joining a group, consider:

• Does it screen new members with good questions, for example, aimed at excluding non-residents?
• Is there a delay before new members can post?
• Is it public or private?

Choosing groups with basic safeguards can reduce the risk of encountering fake listings or dishonest buyers and sellers.

 

Day 15: Watch out for fake giveaways online

At Christmas, social media is full of posts offering free gifts or prizes. But many of these ‘giveaways’ are scams designed to steal your personal information or trick you into clicking harmful links. Scammers create a sense of urgency with phrases like ‘Enter now!’ or ‘Limited spots!’ so you act quickly without thinking.

Tips to stay safe:

• Be cautious of any giveaway asking for personal or financial details.
• Check that the giveaway is run by an official website or a verified account.
• Don’t click links in posts or messages – go directly to the official website instead.

 

Day 16: Use secure payment methods that offer better fraud protection than direct bank transfers.

When shopping online, the way you pay matters.

Direct bank transfers may seem quick and easy, but they offer little to no protection if something goes wrong. Scammers often push this method because once the money is sent, it’s almost impossible to recover.

Using secure payment options like PayPal, or other trusted payment services gives you stronger fraud protection and the ability to dispute charges if needed.

Never select the ‘Friends and Family’ option if a seller asks you to use it, this removes buyer protection and is a common scam tactic.

Credit cards, if available, they often provide fraud protection and chargeback rights but check with your card provider first to confirm what’s covered.

 

Day 17: Trust your instincts, unbelievable bargains are usually a trick in disguise.  

Scammers love to tempt shoppers with deals that seem too good to be true, because they almost always are. These offers often pop up on social media, in emails, or on fake websites, using urgency and excitement to make you act fast without thinking. 

Every year around Christmas, scammers ramp up fake ‘flash sales’, unbelievable discounts, and limited-time offers. They know people are hunting for bargains and gifts, so they exploit that by creating fake ads or counterfeit sites. Common tactics include: 

• Unrealistic discounts on popular brands or tech. 

• ‘Only today!’ or ‘Limited stock!’ messages to pressure quick decisions. 

• Links that lead to phishing pages or malware instead of real shops. 

Tip: If a deal looks far better than anything you’ve seen elsewhere, it’s almost certainly a scam. Always check the retailer’s official site and avoid clicking links in ads or messages. 

 

Day 18: Keep an eye on bank statements to spot unusual activity early 

Regularly reviewing your bank and credit card statements is a simple but powerful way to protect yourself from fraud. Cyber-criminals often start with small, unnoticed transactions before making larger withdrawals. By checking your statements frequently, you can catch suspicious activity early and report it before it becomes a bigger problem. 

 

Day 19: Secure Your New Devices from Day One 

When setting up new gadgets or gifts, security should be your first step, not an afterthought. Many devices come with default passwords that are easy for attackers to guess, changing these immediately is essential. Use strong, unique passwords and, where possible, enable two-factor authentication. 

If your new device connects to your home Wi-Fi, understand the risks: every connected device is a potential entry point for cyber-criminals. Setting up your own Guest Wi-Fi network might be considered for devices that are less secure or don’t need access to your main home network, especially Internet of Things (IoT) devices like smart plugs, lamps, cameras, or doorbells. This keeps your main network and, sensitive data separate and more secure. 

Taking a few minutes to review the basic security settings of your new tech can prevent big problems later. A quick check of settings like password strength, automatic updates, and network segregation can turn a vulnerable new gadget into a secure one. A few minutes now can save you from serious headaches later. 

 

Day 20: Turn on account alerts to spot and stop suspicious activity fast.

Account alerts are an easy and powerful way to protect yourself. Many banks, email providers, and online services offer notifications for unusual activity such as logins from new devices, password changes, or large transactions. These alerts give you the chance to act quickly if something isn’t right, helping you stop fraud before it causes serious damage.

Alerts can be enabled and customised on online banking, such as on mobile phone apps.

 

Day 21: Update your devices and apps regularly to keep security strong.

Keeping all your technology up to date is one of the most important steps you can take to protect yourself online. Updates aren’t just about new features they often include critical security patches that close vulnerabilities that hackers could exploit. Every device connected to the internet, from your smartphone and laptop to smart TVs, routers, and even smart home gadgets like speakers or cameras, needs regular updates to stay secure. Ignoring updates can leave your personal data, accounts, and even your home network exposed to cyber threats.

What to do:

• Enable automatic updates on all devices, including computers, phones, tablets, smart TVs, routers, and IoT devices.
• Regularly check for updates on operating systems, browsers, apps, and security software.
• Don’t ignore update notifications, they’re there to keep you safe.

 

Day 21: Update your devices and apps regularly to keep security strong.

Keeping all your technology up to date is one of the most important steps you can take to protect yourself online. Updates aren’t just about new features they often include critical security patches that close vulnerabilities that hackers could exploit. Every device connected to the internet, from your smartphone and laptop to smart TVs, routers, and even smart home gadgets like speakers or cameras, needs regular updates to stay secure. Ignoring updates can leave your personal data, accounts, and even your home network exposed to cyber threats.

What to do:

• Enable automatic updates on all devices, including computers, phones, tablets, smart TVs, routers, and IoT devices.
• Regularly check for updates on operating systems, browsers, apps, and security software.
• Don’t ignore update notifications, they’re there to keep you safe.

 

Day 22: Keep receipts and confirmations handy. They help with disputes and returns.

Always save your purchase receipts and order confirmations whether for online or in-store transactions. These documents are essential for resolving disputes, processing returns and verifying warranties. In the digital age, receipts aren’t just paper; they can be emails, PDFs, or app notifications. Keeping them organised ensures you have proof of purchase when needed.

Why it matters:

• Helps resolve billing errors or fraudulent charges.
• Makes returns and exchanges easier.
• Provides proof for warranty claims or insurance purposes.

 

Day 23: Beware of end of year and new year sale scams

The days after Christmas and into the New Year are full of clearance sales and big discounts, but scammers know this too. Fake websites and social media ads often appear, promising unbelievable deals to lure you in. Always check the retailer’s official site before buying and avoid clicking links in ads or messages.

Be alert for fake return or refund offers. Scammers send emails or texts claiming to help you return unwanted gifts, but they’re really after your personal or payment details. Another common trick is gift card scams: fraudsters set up fake redemption sites or sell counterfeit cards. Only redeem gift cards through the official retailer’s website.

 

Day 24: Share festive cheer, not personal details. Avoid oversharing on social media.

The holidays are a time for celebration, but oversharing on social media can put your privacy and security at risk. Posting travel plans, expensive gifts, or personal information can make you a target for scams or identity theft. Enjoy the season but think twice before sharing sensitive details online.

Why it matters:

• Criminals monitor social media for clues about your location and valuables.
• Personal details can be used for phishing or identity theft.
• Once posted, information is hard to remove and may be shared widely.
• Use privacy settings to customise what you share and who can see it. This helps limit exposure and keeps your personal life more secure.

 

Have a Merry Christmas and a Happy New Year!