SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Online shopping laptop data protection security locks warning icons ecommerce
#
Malware
#
Data Protection
#
VPNs

Cyber Monday shoppers urged to safeguard data amid online scams

Fri, 21st Nov 2025
Author image
By Melania Watson, Interview Editor

Online shoppers are being urged to stay alert as the annual Cyber Monday surge creates prime conditions for cybercriminals to exploit the spike in digital purchases. With millions expected to hunt for seasonal discounts, security experts warn that fraudulent websites, phishing emails, insecure payment systems and other threats make it essential for buyers to take proactive steps to protect their data and finances.

One of the fastest-growing risks comes from counterfeit retail sites designed to mimic trusted brands.

These pages - often promoted through ads or social media - exist solely to capture credit card numbers and personal information. Shoppers are advised to scrutinize web addresses, verify that the site belongs to the official retailer, and check independent reviews before entering any payment details.

Phishing attempts also surge around Cyber Monday. Emails promising limited-time bargains or fake shipment updates frequently redirect users to convincing but fraudulent login pages that harvest account credentials or payment information. Security professionals recommend navigating directly to a retailer's official website or app instead of clicking links, and treating any message that creates urgency or pressure with suspicion.

Unrealistically low prices continue to be a reliable red flag. Ads and pop-ups offering impossible discounts often serve as bait to lure consumers into malware downloads or malicious websites.

Experts advise comparing prices across reputable sellers and steering clear of deals that appear nowhere on a brand's official channels.

Even legitimate-looking stores can pose risks if their checkout pages lack proper encryption. Buyers should ensure the site displays a padlock icon and an address beginning with "https." Any broken, glitching or unfamiliar checkout page is reason enough to abandon the transaction.

Data can also be compromised through insecure storage practices on the retailer's side. Using services like Apple Pay or Google Pay is recommended, as these systems send one-time tokens rather than exposing card numbers. Some banks also offer single-use virtual card numbers, providing another layer of defense.

Weak password habits heighten the danger. Reused credentials make account takeover likely if one site suffers a breach. Experts urge shoppers to use unique passwords, rely on password managers and enable multi-factor authentication wherever available. Biometric passkeys - such as Face ID logins - are increasingly seen as safer, more resilient alternatives to traditional passwords.

Public Wi-Fi networks add another layer of risk. Purchases made in cafés, airports or shopping centers can be intercepted or manipulated by attackers. Whenever possible, buyers should use mobile data or a private home connection. If public Wi-Fi is unavoidable, a reputable VPN can help shield sensitive information.

Some scam sites go further by demanding excessive personal information - such as birth dates or ID scans - far beyond what is necessary for a routine purchase. Shoppers should provide only what is essential and question any request for additional details that seem unrelated to the transaction.

Keeping devices secure remains equally important. Outdated systems or malware-infected phones and computers can leak payment data, even on legitimate websites. Regular software updates, active security tools, and avoiding high-risk activities such as torrenting on the same device used for shopping all help reduce exposure. Using shared or public devices for purchases should be avoided entirely.

Finally, experts emphasize monitoring bank and card activity throughout the shopping period.

Cybercriminals often test stolen information with small charges before making larger purchases. Detecting these early allows banks to intervene quickly and limit further damage.

"You shouldn't live in fear or feel unable to shop online - but you do need basic cyber hygiene," said Dr. Dag Flachet, Co-Founder of Codific.

"Ask yourself three questions: Do I trust the merchant with my payment information? You can reduce this risk by using Google Pay or Apple Pay. Do I trust the connection? Yes, the barista may be friendly, but someone could be spoofing the Wi-Fi hotspot. And do I trust this device? Everyone should have at least one device they're fully confident in - up to date, protected, and never used on shady sites or for random downloads. Never use someone else's device to place an order."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
DivisionHex launches new framework to streamline exposure management
HP predicts surge in AI-driven cyber threats & cookie theft by 2026
Hack The Box launches AI cyber range & unveils red team certification
Dynatrace expands AWS integrations & wins LATAM partner award
Keeper Security named Overall Leader in non-human identity management

Top stories

Check Point updates Quantum firewall to secure AI use
Gallagher Security maps global growth & 2026 focus
Orq.ai raises EUR €5m to scale enterprise AI agents
How to detect fake players in online gaming
Bodd secures AUD $15 million to drive global 3D scanning growth