Key Takeaways
- Watch for IRS impersonation scams.
- Use a password manager. Strong, unique passwords for every account are non-negotiable.
- Keep your devices updated. Software updates often patch newly discovered security flaws.
- Use antivirus protection and a firewall.
- Avoid public Wi-Fi without a VPN. Encrypt your connection to block hackers.
Your inbox is probably already filling faster than you can keep up with right now – and will only continue to do so… receipts, shipping confirmations, donation reminders, Black Friday deals, and the rest.
And amid all that digital clutter, cybercriminals are watching too.
Every year between Thanksgiving and tax season, scams ramp up. So let’s talk about safe online shopping tips you should apply as we’re approaching the holiday season.
How can I spot and avoid tax-related scams?
Phishing emails and text messages (“smishing”) are more polished than ever. Scams are now using deepfake technology or AI to create more convincing emails and voice calls. Scammers may pose as IRS agents, Milwaukee banks… or even yours truly. (The audacity!)
They might include logos, official-sounding language, or links to fake login pages.
The most important thing to remember: the IRS will never email, text, or DM you to request personal data or payment. If you get a suspicious message like that, don’t click anything in it. Instead, forward it to phishing@irs.gov, and delete it.
And if you’re unsure whether a tax notice is legitimate, log into your online IRS account directly. Or, you can always contact me to confirm.
Should I use a password manager?
Absolutely. Because the odds of you remembering 30 different “clever” passwords aren’t high (no offense).
Cyber thieves rely on password reuse: when the same login credentials get used across multiple accounts. Once one password leaks, they have the key to everything from your email to your bank.
A password manager securely stores unique, randomly generated passwords for every account. It also fills them in automatically, so you don’t have to type them (or forget them). Options like 1Password, RoboForm, and NordPass are great options to look into… and likely have Black Friday sales on the horizon.
You’ll want to look for a password manager that supports passkeys, which use biometrics (like face or touch ID) instead of passwords. And even if you don’t use a password manager, make sure to use passkeys whenever that option is available.
How can I digitally secure my devices?
One of the best safe online shopping tips I can offer is to keep your devices updated. Those software update pop-ups you ignore? They’re often patching newly discovered vulnerabilities that hackers exploit.
Turn on automatic updates for your operating system, browsers, and apps. Install reliable antivirus and anti-malware software (such as Norton or McAfee), and make sure your device’s firewall is enabled.
Is it safe to use public Wi-Fi?
Public Wi-Fi (think airports, Southeastern Wisconsin coffee shops, hotels) is often unsecured. Hackers can intercept your data or even create fake networks that look like legitimate ones.
So, if you need to connect, use a VPN (Virtual Private Network). It encrypts your traffic so that even if someone is snooping, they can’t see what you’re doing. Services like NordVPN or Surfshark are affordable and easy to install.
Using your phone’s personal hotspot is a much more secure choice than the coffee shop’s public network (assuming you have sufficient mobile data) as well. Because your phone’s connection is protected by cellular security, which is inherently safer than shared public Wi-Fi.
Just remember: this enhanced security benefit does not apply to public hotspots offered by providers like transit systems or malls. They carry the same risks as open Wi-Fi.
But ideally, wait until you’re back on your own password-protected home network before logging into highly sensitive accounts.
FAQs
“What should I do if I accidentally gave personal information to a scammer?”
Immediately report it to phishing@irs.gov, contact your bank or credit card issuer, and place a fraud alert on your credit file. You may also need to file IRS Form 14039 (Identity Theft Affidavit).
“How can I safely send tax documents to my preparer?”
Never email tax forms or Social Security numbers as attachments. Use a secure upload portal or encrypted link. Ask your tax pro if they offer one (a lot of us do).
“Should I freeze my credit?”
Yes, if you rarely apply for new credit. It’s one of the most effective (and free) ways to prevent new accounts from being opened in your name.
“How do I know if my information has already been exposed?”
Visit haveibeenpwned.com to check if your email has appeared in any known data breaches. If it has, change that password everywhere you used it and turn on 2FA.
“How common is tax identity theft?”
Unfortunately, it’s increasing. The IRS flagged 2.8 million returns for potential identity fraud in 2024 alone. That was up 33%, in one year, from 2.1 million in 2023. Most victims eventually recover, but the process can take months. Prevention is always easier than cleanup.
Final thoughts
You don’t need to be a cybersecurity expert to protect yourself. You just need to adopt a few proactive online safety habits. Think of these safe online shopping tips as an extension of good financial hygiene this holiday season — right alongside budgeting and saving.
And with the intersection of digital hygiene and taxes, I always advise secure document sharing and enrolling in the IRS IP PIN program. If you’re not sure how to get those set up, let’s talk it through together: