Christmas is supposed to be the season of goodwill, but unfortunately it’s not that way for those looking to make money from unsuspecting victims. It’s the perfect time of year to run a scam – people are making more online purchases from a wider range of sites; they’re more distracted as they make plans and wrap up at work; and they’re more likely to click on something without thinking twice.


However, there are plenty of ways to stay safe online and keep your money and your personal information right where it should be.


Pay with PayPal for greater protection


Many credit card companies offer levels of buyer protection, but PayPal applies it consistently across the board and makes it easy to open a case if needed.


They can help to reimburse you if something isn’t right, and they are very hot on identifying and flagging phishing scams. Where possible, choose to check out with PayPal when doing your Christmas shopping online, especially for those larger purchases. Their Buyer Protection is applied automatically on all applicable purchases – check their information page for full details.


Keep an eye on stores which are on the brink


We tweeted this recently, but pay close attention to who you’re purchasing gift cards from, if that’s something you are giving as a gift. Topshop (part of the struggling Arcadia retail group) recently announced that it would only accept gift cards for up to half of the value of any given item. A few years back when HMV went into liquidation, before it was rescued, thousands of people were left with useless gift cards as Christmas presents.


There are lots of multi-shop gift card schemes which are a safer alternative. Since they cover multiple retailers, you can still use it if one of them goes bust. There are some nationwide ones such as Love2Shop, and if you look locally many shopping centres run schemes too. Trinity Leeds runs their own, as does White Rose shopping centre and Victoria Leeds.


Update your passwords


We always face this conundrum when setting passwords: it’s got to be memorable enough that we won’t forget it and have to reset our password every single time we log in, but obscure enough that it couldn’t be easily guessed.


Most websites now ask for passwords to contain a minimum of 8-10 characters, including at least one uppercase, at least one number, and a punctuation mark. But we’re afraid Smith2009! isn’t going to cut it – if your surname is Smith and you’ve spoken about your 11-year-old daughter on social media, it’s a guessable password.


Here are a couple of memorable yet hard-to-guess methods of setting passwords which we’ve been recommended by IT managers and have reliably used over the years:


  • Pick a line from your favourite song. Use the first letter of every word in that line, plus a random number and punctuation mark. For example, a line from Bohemian Rhapsody as a password might be: Sswydtf9!

    It creates a password that looks like a nonsense, random string of letters, but one that you’ll recall with ease. Plus, you get to sing the line in your head every time you enter your password, which is a nice bonus.


  • Your childhood phone number or the number plate of your first car (but strictly not your current ones!). Everybody seems to remember theirs, and it’s personal enough that a stranger on the internet couldn’t figure it out.


    Never click on links in email communications claiming to be from your bank


    If your bank contacts you via email – which many do regularly and legitimately – they will rarely ask you to follow a link to their site. If an action needs to be taken on your account, the email will usually ask you to log in to your account or call them, not to click through a link.


    When you receive any communications from your bank that require you to check your account, open a new tab and go to the login page yourself. Don’t go via a link in an email, and where possible avoid going via a search engine. The safest bet is to access your login page via typing the address in, or using a saved bookmark link that you have created yourself.


    Look out for scams claiming to be from HMRC, Royal Mail or any other delivery service


    It’s very easy these days to dress up an email – and even a sender address – to look convincing at a glance, but it’s always worth digging and checking before clicking on links from any emails you’re not expecting. They could be what’s known as a ‘phishing scam’, which is a fraudulent attempt to obtain your sensitive data such as usernames, passwords or credit card information.


    Common scams around this time of year include:


  • Emails addressed from Royal Mail claiming you have a package due to be delivered to you, but that you need to pay fees or confirm details before it can be delivered, with a link to supposedly correct it.


  • An email which looks like it comes from HMRC stating you are eligible for a tax refund.

    Royal Mail don’t communicate in this way for packages due to be delivered to you (why would they have your email address?), and HMRC would never contact you in this way about a potential refund. The head of e-crime at Mimecast says, “Do not respond to any electronic communication in relation to monies via email. And certainly do not click on any links in any related message.”


    And, finally, one way to stay safe offline too:


    Don’t advertise your gifts or location to thieves


    Have you ever seen Home Alone? Thieves are opportunists, and if it’s obvious you’re away for an extended period or that you’ve got brand new expensive goods in your home (that huge Samsung TV box sitting out on the curb for recycling is a bit of a giveaway) you inadvertently make yourself a prime target.


    Yes, it’s an effort to break down boxes properly or to take oversized ones to the tip instead of leaving it out for collection, but at least you won’t be providing potential thieves with a nice kerbside catalogue of the new contents of your home.



    Hopefully you have learned a thing or two about staying safe online this season. We would encourage you to pass on this information, or share this article with your friends and family, so that they can stay safe and secure too.