The holiday shopping season is upon us and online shopping from your phone can be a terrific timesaver, but it also brings risks you wouldn’t encounter when shopping in person or even from your computer. Cybercriminals know it’s the season for scams — people are busy and often distracted — so best to take the time now to protect yourself and your accounts.

Start by blocking any tracking as you visit a chain of websites looking for the perfect gift or the best price. Apple has built a do-not-track feature into the mobile version of Safari, along with other settings you can use to protect your privacy. Visit “Settings,” find Safari in the list of apps and tap to open its settings. From top to bottom: toggle on “Block Pop-ups,” turn on “Prevent Cross-Site Tracking,” tap “Hide IP Address” and then checkmark “Trackers.” You may want to activate “Block All Cookies,” and you will certainly want to have the “Fraudulent Website Warning” turned on. Scroll a bit further to “Location” and specify that you want to be asked before Safari shares your location with a website. There may be a good reason for doing so, but that’s a decision you should make.

Check your text messages. With the release of iOS16, Apple automatically asks if you want to report a message as junk if the sender is not in your list of contacts when you go to delete it. If it’s suspicious, report it as junk. The report will be logged by Apple and your service provider. If enough users send reports, the sender will be investigated. In the meantime, do not respond in any way, including clicking on a link.

I know some people are tempted to lash out at an obvious spammer or scammer, but this simply signals to the sender that its message has reached a working number. Prepare for the unwanted texts to increase. Block the sender’s number by tapping on the name or number at the top of the text message. Tap the “Info” icon and then “Block this Caller.” Stay on top of this and these types of texts should decrease over time. You can do the same for unwanted calls.

Continue to follow best mobile security practices: Keep your phone’s operating system up to date, enable biometric access (facial recognition or fingerprint), if available for your device, and sign up for two-factor authentication everywhere you can, which requires you to confirm your identity with your device before you can access a particular account.

For mobile payments, avoid typing in a credit card number, and never store your card information regardless of how appealing that sounds as a timesaver. Data breaches are out of your control, and the less information you hand over while making a purchase, the less data there is to steal. In fact, check out as a guest to minimize the sharing of your personal information.

You can and should go a step further. Use a digital wallet like Apple Wallet or Google Wallet. Digital wallet apps don’t store your credit card number on your device and don’t even share it with merchants in most cases. The number the merchant sees is only associated with the app and not your actual payment information.

Do not use public Wi-Fi for shopping — not in coffee shops, malls, hotels, airports or anywhere else — because they are not secure. Instead, use your data for an internet connection by turning off Wi-Fi in “Settings.” Better yet, wait until you’re home and back on your own network.

If you’re out and about and have forgotten your login credentials to a website, both Apple and Google will offer a secure password that is saved for you. Say yes to these passwords for all retail websites. iPhone users can also opt to have Apple make up a disposable email address when signing up for an account. When asked for an email, you’ll see the option “Hide my email.” Tap it and the website will accept the newly generated password. Emails from the site will be forwarded to your regular email account and the website in question will never see your real email address.

Stay vigilant when browsing social media and other websites over the holidays and don’t click on links, especially if the offer is tempting. The same goes for checking email on your phone. If you can’t give it the scrutiny it requires, limit your actions to deleting emails and responding to people you know.

After following all of these safeguards, your accounts and sensitive information should be protected. However, there are no guarantees so monitor your bank accounts for unusual activity more frequently than during other times of the year.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness, and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter