Overview: 3 ways hackers target online shoppers to obtain their payment credentials and other sensitive information along with 5 ways to help shoppers protect themselves from these attacks. 

Online shopping is expected to be at an all-time high this holiday season due to the pandemic. With unprecedented online sales expected to occur this year, hackers are bulking up their attack strategies, looking to turn online shoppers’ Christmases from merry and bright to angry, stressed, and dark. Don’t let this be you! Here are some things to look out for and how to protect yourself from these bah humbug hackers this season, ensuring your holiday remains jolly.

3 Ways Hackers Target Online Shoppers

Ultimately, hackers are hoping to catch you off guard in order to attain your personal credentials and gain access to your finances. After they have your credentials, they will either take YOUR money on a shopping spree or make money by selling YOUR precious, personal information on the dark web. Either way, they come out on top while you’re left doing damage control. How do these hackers get their hands on your information, you ask? Below we’ve made a list of some popular methods hackers use to victimize unsuspecting online shoppers.

1. Stealing your payment information from an unsecured website:

When buying from a company online, you’re trusting that company to keep your payment information safe and secure. However, if a business does not take the proper precautions to secure their website, hackers can easily get their hands on your payment information and take ALL your money!

Things that let you know a website is secure are; if there is a lock symbol next to the URL at the top of the page and/or the URL includes https. Let me reiterate, LOOK FOR THE LOCK OR THE “S”! The lock symbol and/or https located in the URL indicate the web traffic if this particular site is encrypted, letting you know the shopping cart is secure and you can share your payment information safely. Also, look for security seals (usually found at the bottom of the page) that certify a third party has verified the website as trustworthy. Some common seals include McAfee Secure, Norton Secured, and TRUSTe.

2. Breaking into accounts with weak passwords:

If a hacker does not use your stolen data personally (because using your payment information themselves tends to attract unwanted attention), they will instead sell your login credentials (along with any other sensitive data they acquire) on the dark web. A common way hackers gain access to your login credentials is by utilizing brute force attacks to steal your usernames and passwords. In a brute force attack, a hacker lets their computer do the dirty work for them. The computer systematically (and EXTREMELY quickly) tries many different combinations of usernames and passwords until they find one that works. A weak password (anything under 10 characters and passwords that DO NOT contain a mixture of upper- and lower-case letters, numbers and symbols) can easily be hacked in 10 minutes or less.

Hackers can use your stolen information to:

  • Purchase items online
  • Extract money from your bank account
  • Apply for bank loans
  • Apply for credit cards
  • Make fraudulent health insurance claims
  • Pay off debt
  • Request money from your contacts using your email and social media accounts

3. Phishing emails:

Another common way hackers acquire your personal data is through phishing emails. A hacker will send you a very convincing email that, at first glance, appears to come from a reputable source such as your bank, a popular retailer, or, even UPS and FedEx. Some common phishing emails include:

  • When the email appears to come from your bank, the hacker will typically use a scare tactic to trick you into clicking a malicious link that will then take you to a CONVINCING but FAKE login screen where you hand over your login credentials to them, allowing them instant access to your bank account.
  • When the email appears to come from a retailer, typically the hacker will send a fake “abandoned shopping cart” message, trying to entice you to click the malicious link and complete your purchase. When you click this link, a website that looks almost identical to the true retailer’s website will appear. You then enter your payment information thinking you are completing the order when you actually just handed over your credit or debit card credentials straight to the hacker or downloading a virus.
  • When the email appears to come from a shipping service, the hacker will provide a FAKE tracking number and link in the hopes of fooling impatient buyers into “verifying” sensitive information in an attempt to expedite their packages. The verification process requires the input of payment information, thus providing the hacker with payment credentials. Watch out for texts with fake tracking numbers as well.

Phishing emails take many forms and are not limited to the above examples. Common red flags of these emails include generic greetings such as “Dear Customer”, misspellings, and links that, when the mouse hovers above them (hover DO NOT click), show a site that is completely unrelated to the implied source of the email. Inspect every email THOROUGHLY and DO NOT click on any links. It is best to open a new tab and go to the website yourself rather than clicking on the links that have been sent to you. Another thing to keep in mind is, if your email password is cracked, this allows hackers access to other logins as they can now approve password reset requests sent via email. Hackers can also then send out phishing emails to all your contacts, potentially getting access to THEIR credentials as well. Don’t let your email get hacked, strengthen your email password along with any other passwords!

To read more about phishing emails and how hackers use them to trick humans into clicking dangerous links, click here to learn Why Your Antivirus Is Useless Against The #1 Security Threat To Your Business.


What YOU Can Do to Protect Yourself From Hackers While Shopping Online

So, how can you stay safe while shopping from the comfort of your own couch, wearing your favorite pajamas? Fight back against those grinchy hackers this holiday season with these online shopping security tips:

1. Use Paypal as your preferred payment method. Using Paypal to make online purchases is safer for a couple of reasons. First, Paypal’s website is secure and encrypted so all purchases made through Paypal, no matter the merchant’s website’s security, are safer. Also, Paypal has Paypal Buyer Protection in case your eligible transaction has an issue. For items that never arrive or arrive not as they were originally described, Paypal will issue a full refund.

2. Strengthen Your Passwords. Strengthening your passwords is a great way to stump hackers. The most effective passwords have 10 or more characters and contain a good mixture of upper- and lower-case letters, non-sequential numbers, and symbols (like ! or &). Make sure EVERY one of your passwords is unique and NEVER reuse one. A password manager is a great way to keep your passwords secure and organized. It stores all your STRONG passwords and all you must remember is one super-strong, master password. Also, please reset your email password just in case. For more information about passwords, click the link to visit our blog post: Passwords: You’re Doing It Wrong.

3. Fortify Your Bank Account Log In. Use 2FA when signing into all the bank apps you use. This feature can be set up easily through your app and is offered by most banks.

4. Set Up Fraud Alerts On Your Debit and Credit Cards. If a hacker does get a hold of your payment information or even your physical cards, you’ll be glad you have your fraud alerts turned on so you can freeze your cards quickly and alert your banks to fraudulent charges even faster. It also allows you to either approve or deny suspicious charges before they can be made. Make sure fraud alerts are turned on for ALL cards. This can usually be done through the app or by calling your bank directly.

5. Monitor Your Finances. Keep an eye on charges made to your bank accounts and continually monitor your credit report to make sure new accounts have not been fraudulently created using your personal information. Sometimes hackers do not use your information to make purchases themselves, they instead sell your information on the dark web. It’s always a good idea to monitor your finances all year round.


Data theft can have both short-term and long-term consequences. Right after the theft, you must deal with the headache that comes along with fortifying compromised accounts, working with your bank and/or credit card companies to reverse fraudulent charges, and waiting for your replacement cards to arrive in the mail. While an inconvenience, these necessary annoyances are easy to accomplish.

Long-lasting consequences can ensue if the hacker, for instance, gets ahold of your social security number. Fraudulent accounts can be opened in your name, negatively impacting your credit score and overall credit history. These consequences are not so easily fixed and can severely impact your life by preventing you from securing loans, purchasing a home, or buying a car. ALWAYS be on your guard against hackers and data theft!

Now that you’re equipped with the tools to better protect yourself (and your hard-earned money!) from those grinchy hackers, have you ever wondered if any of your information has been sold on the dark web? If you’re a business owner in San Antonio with 25 computers or more, give us a call at (210) 245-6900 or click here https://www.juerntech.com/dark-web-scan/ to request a FREE dark web scan for your business today!