Product Family


CISSP,Head of Information Risk Management

With the holiday’s right around the corner, we’re approaching the busiest time of the year to shop online. 

Every year new figures are released that show more and more people conduct their holiday shopping online.  And why wouldn’t they?  It’s easy, there are great deals; and you don’t run the risk of getting run over by a shopping cart on Black Friday!  The National Retail Federation (NRF) estimates that online sales spike by 3.6 - 4% during the coming weeks leading up to Christmas. 

While it’s certainly convenient to shop online from your computer or mobile device, it’s also important to be conscious of some of the pitfalls presented by cyber criminals.  Make no mistake about it; this is their busy time of the year as well. 

Cyber criminals have more methods and scams than ever to deceive online shoppers, but if you keep a few things in mind you can remain confident that your transactions are secure.

Here are some quick guidelines to follow so you can spend the holidays spreading cheer instead of shopping in fear:

Look for the lock.  Anytime you make a purchase or provide confidential information online, ensure that you are doing so on a secure, encrypted website.  Confirm that you see the S in & the lock icon.

If it looks too good to be true, it is!  While there are some great deals out there this time of year, proceed with caution before clicking on links that might be offering you something a little too good, like a free iPhone X or XBOX One.

Use caution before clicking on links and attachments.  The most popular method to compromise a system is by spreading malware via attachments or embedded links in an email.  Over the holidays a similar type of scam can also be orchestrated via e-holiday cards.  One way to check the validity of a URL is to hover your mouse over the address and see if it matches the company name or senders email domain.  If there is any doubt about validity delete the message. Remember, if you are not expecting it, delete it.   

The most popular method to compromise a system is by spreading malware via attachments or embedded links in an email.  Over the holidays a similar type of scam can also be orchestrated via e-holiday cards.

Branding and logos don’t confirm validity.  Phishers know what they are doing.  They are crafting messages to look as legitimate as possible.  Just remember, anyone can download branding & logos from the internet and apply them to a phishing message to make it appear valid.  Also, be on the lookout if you receive messages that don’t address you by name, “Dear Sir or Madam” or “Dear Valued Customer” for example.

Don’t believe the hype.  Preying on human emotion is one of the main driving forces behind phishing attempts.  Don’t fall prey to fear tactics or urgent requests. Take a moment and think it through; if it seems suspect, it likely is.

Scams are not limited to online transactions, be skeptical on the phone as well.  The same way that you would question an email that doesn’t look legitimate, be on the lookout for phone calls that you aren’t expecting. Vishing (voice phishing) calls can often be made from a spoofed phone number, so they appear to be from someone in your area.  Don’t give out personal information over the phone unless you are 100% certain who is on the other end. In fact, call them back before you provide ANY information.

Be wary of fake charities.  This is one of the biggest scams of every holiday season as it is easily the most popular time of the year for charitable organizations.  Cyber criminals count on your generosity and hope to get their share by sending phishing and/or spam emails advertising fake charities.  Type the charity’s name into your web browser.  Do not follow the link in the email and remember to check the Federal Trade Commission's  Charity Checklist.

Be cautious what you post on social media.  Apply the same logic on social media that you would on a questionable website, think before you accept a friend request or click to win a free raffle prize.  As many of us will be travelling over the Holidays, refrain from posting pictures or details that you will be away from home for an extended period of time. 

Last but not least, always use your credit card to shop; not your debit card. There are more security protections on your credit card and your maximum out of pocket loss is $50 if the card is used fraudulently. You do not have as much protection with your debit card. If breached, the cybercriminal can quickly empty your bank accounts. It could take you months or more to get that money back.

For further information on keeping the holidays safe, check out the excellent rel="noopener noreferrer" advice found at the US Computer Readiness Team  website.

Have a safe holiday season. 


To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.