Highlights

• Online shopping security is crucial during the holiday season, as cybercriminals launch holiday shopping scams to steal your personal data and put it up for sale on the dark web.
• 70% of Australian parents have finalised their holiday shopping lists by October.
• Be mindful of your data privacy by questioning what information you share with online retailers and being aware of the risks of providing too much personal data.

   

Online holiday shopping is starting to ramp up. Looking for a gift for a picky teenager? Click, click, done. Searching for the latest tech gadget at a cheaper price? Click, click, done. Can’t be bothered fighting the crowds at a department store? Click, click, done.

It's beyond easy to find what you want and have it delivered straight to your door. But while you're shopping, cybercriminals are also there, setting up traps to steal your personal data. That’s why online shopping security should be front of mind for us all, especially during these last few months of the year. The Australian Retailers Association¹ reports that by October, 70% of Australian parents surveyed have finalised their online holiday shopping lists. And by the end of November, 58% of respondents had completed most of their holiday shopping.

Since online shoppers tend to plan and shop earlier than those who prefer in-store shopping², cybercriminals are getting ready now to take advantage of this surge in digital transactions and parcel deliveries by increasing their shopping scams. 

Beware of holiday shopping scams

The thrill of a great deal can sometimes blind us to the potential risks. More than 1 in 5 Australians have fallen victim to an online scam during the holiday season, according to McAfee’s 2024 Global Holiday Shopping Scams Study³. 

Holiday shopping scams can take many forms, from fake websites to deceptive emails, text and social media messages: 

• Phishing emails: These emails often contain links to fake websites designed to steal your information. They can be incredibly convincing, with logos and layouts that mimic well-known retailers.
• Unsecured websites: Check the security of the website by looking for a "https://" at the start of the url and a padlock icon in the browser bar. 
• Social media scams: Be wary of ads on social media offering deals that seem too good to be true. These often lead to fraudulent sites or malware downloads.

  Cybercriminals are using AI-powered tools, including deepfake technology, to increase the sophistication of their scams, creating realistic imitations of trusted brands, celebrities and websites. But instead of purchasing a bargain, the sad reality is that it’s your personal data that is more likely to end up on sale. When scammers steal data it often ends up on the dark web, where it can be bought or sold with anonymity.

Consumer data protection is an important issue

Consumer data protection has become a front-of-mind issue for many Australians. When you shop online, retailers can collect a wealth of information:

• Personal information: Name, address, phone number and email
• Financial information: Credit card numbers and bank details
• Behavioral data: Browsing history, search queries, and items you’ve viewed or added to your cart.
• Tracking cookies: These digital breadcrumbs follow you online, creating a detailed profile of your habits and purchase preferences. 

While much of this is necessary for a transaction, some businesses may collect more than they need. This is where understanding a website’s privacy policy becomes crucial. It's important to be mindful of what data you are sharing and to question if it’s truly necessary for the transaction. 

Remember, every piece of information you provide is a piece that could potentially fall into the wrong hands and may lead to identity theft. 
 

Australians are concerned about data privacy​

The 2025 Digital Commerce Imperative report by Publicis Sapient⁴ cited data privacy as a top concern for 42% of survey respondents. It’s a vital issue given that almost half of those surveyed by the Australian Information Commissioner (OAIC)⁵ in 2023 had been affected by a data breach in the prior year, with three-quarters of victims experiencing some form of harm. 

Beyond the financial impact, the consequences of having your data put up for sale include the emotional toll and the administrative burden of clearing up the mess left by the fraudster. This might include a potential negative impact to your credit score.

10 ways to help protect consumer data 

While retailers have a duty to secure the data they collect, consumers also have a vital role to play. By being vigilant, informed, and proactive, we can significantly reduce the risks associated with online shopping. The more we demand that businesses protect our data, the more secure the online world will become. 

Proactive steps to protect your data include considering what personal information you are sharing. Be selective about the information you give out online. If a form asks for optional details, think twice before providing them. Less data shared means less data at risk.

Equifax credit and identity protection plans help you protect your personal information. We help by making sure you’re alerted if your details appear anywhere they shouldn’t. Our credit and identity protect plan, powered by Norton™, monitors for the appearance of your personal data on the dark web or in social media, along with credit alerts whenever your credit file is accessed. This can help you spot suspicious activity quickly and give you the chance to take immediate action, such as changing passwords or freezing your credit file.

In the meantime, remember here are 10 helpful hints to keep your holiday shopping experiences safe:

1. If something sounds too good to be true, it probably is.
2. Use strong, unique passwords for each online shopping account.
3. Avoid clicking links in unsolicited messages, even if they look genuine. 
4. Navigate directly to the web addresses of your favourite retailers so you don’t accidentally click on a fake site.
5. Carefully research the legitimacy of any new online store before making a purchase, for example, by cross checking customer reviews.
6. Enable multi-factor authentication on your accounts for added security.
7. Avoid downloading apps or browser extensions you can’t confirm the legitimacy of.
8. Use a credit card with a low limit instead of a debit card for online purchases, as credit cards generally offer better buyer protection against fraudulent card use. 
9. Check that coupon code sites have clear privacy policies and legitimate customer reviews.
10. Avoid sites that ask for excessive personal information to access a coupon or promise deals that seem too good to be true.

Click on this article for more tips: What are the biggest cybersecurity threats online shoppers face.

Know if your personal data is up for sale with Equifax Credit and Identity Protect. Sign up to a monthly subscription plan to manage your credit profile, protect your identity, and reduce the risk of becoming a victim of identity crime.

¹Holiday shopping now starts earlier for most Aussies, Australian Retailers Assoc
²As above
³2024 Global Holiday Shopping Scams Study, McAfee Corp
⁴The 2025 Digital Commerce Imperative report, Publicis Sapient, reported in Media Week
⁵Data breaches seen as Number One privacy Concern, Australian Information Commissioner (OAIC)

Disclaimer: The information contained in this article is general in nature and does not take into account your personal objectives, financial situation or needs. Therefore, you should consider whether the information is appropriate to your circumstance before acting on it, and where appropriate, seek professional advice from a finance professional such as an adviser.