Cybersecurity Guide

Holiday hacks: An online shopping and security study

Written by Cybersecurity Guide ContributorsLast updated:
In this guide

In the United States, online retail is big business. 

The biggest time of year — in terms of overall retail spending and consumer activity — is during the holiday shopping season, which unofficially gets underway during the massive Black Friday and Cyber Monday shopping events held in the days following Thanksgiving.

Key findings

  1. Online shopping trends: Most internet users shop online, with 57% frequently using websites to make purchases. The study shows varied spending plans, with 41% intending to spend between $100 and $500 this holiday season​​.
  2. Site reputation and security awareness: A significant 68% of consumers avoid certain sites due to cybersecurity concerns, indicating a growing skepticism and proactive approach to online security​​.
  3. Basic cybersecurity measures: Consumers are increasingly adopting simple security measures, such as verifying site URLs, looking for secure connections (https), and using secure browsers​​.
  4. Impact of hacks and scams: Nearly half of the respondents have experienced ID or payment information theft online, highlighting the prevalence and impact of these cyber threats​​.
  5. Personal security measures: In response to these risks, many are taking online security into their own hands by employing strategies like multi-factor authentication, using password managers, regularly updating software, and learning to identify phishing attempts​​.

This year, the National Retail Federation, a trade association, estimates that positive sentiment about the economy could drive holiday shopping purchases to the $955 to $966 billion mark.

While online retail is big business for both traditional retail brands and e-commerce shops alike during the holiday season, online shopping also represents a big opportunity for cyber fraudsters and hackers.  

In fact, retail is one of the fastest-growing sectors seeing an increase in cyber incidents. According to stats compiled by the cybersecurity firm Fortinet, last year, 24% of all cyberattacks targeted online retail consumers. 

“The surge in online retail has made shopping more convenient, but that convenience comes with increased cyberattacks,” says Marlon Buchanan.

Meet the expert

As part of compiling and analyzing the study results, the Cybersecurity Guide team asked Marlon Buchanan to provide an additional layer of insight. Buchanan is a best-selling author, IT Director, and founder of HomeTechHacker.com, a website with free resources to help make the most of your home technology

Last holiday season saw the deployment of bad bot attacks, a rise in gift card scams, and attacks like phishing and online impersonations, which are also always a concern. 

“Your personal information is your most valuable currency. Shoppers enjoying the ease of e-commerce must also safeguard their data. The keys to your virtual shopping cart are also keys to your digital identity,” Buchanan says.

This year, in advance of the online holiday shopping season, Cybersecurity Guide launched a study to see what consumers are thinking about and what kinds of security-related actions they plan on taking. 

Listen to Marlon Buchanan talk about holiday shopping safety on the Cybersecurity Guide Podcast.

The participants in the 2023 Cybersecurity Guide Holiday Hacks Study are geographically dispersed throughout the United States. The mean age of the study participants is 44, while the mean daily internet use in terms of hours is seven.

There is near gender parity among the study participants. In terms of professions, the largest groups are in management, professional roles, sales, and service industries.

1. Online retail is big business

According to our study responses, people use the internet for all sorts of things. From work to school and gaming to social media, the internet allows people to make a living, find community, and relax, unwind, or just pass the time. 

And while there are a lot of reasons to open an internet browser, one commonality that all of our study respondents share is that they use the internet to shop, with over half saying they plan on using the internet to shop this holiday season.

Data point: Do you use the internet to shop or make purchases? 

  • 57% of respondents use the internet frequently to shop
  • 42% of respondents use the internet sometimes to shop
  • 1% of the respondents rarely use the internet to shop

Data point: How much do you intend to spend online this holiday season?

  • 26% of respondents plan on spending less than $100
  • 41% of respondents plan on spending between $100 and $500 
  • 19% of respondents plan on spending between $500 and $1,000
  • 14% of respondents plan on spending more than $1,000

2. When people are shopping online, site reputation and sense of security matter

Experts say one of the best ways to stay safe on the internet is to take some basic precautions to try and limit risk when interacting with unknown sites or apps online. A lot of the time, preventive or proactive security can help prevent costly attacks, scams, or intrusions.

Based on the study data, online consumer sentiment is becoming increasingly more skeptical, which translates into different kinds of security-minded behavior.

Data point: Do you ever avoid making purchases or shopping at certain sites because of cybersecurity issues?

  • 68% of respondents say yes, they avoid certain sites
  • 21% of respondents say no, they don’t avoid certain sites

“It’s a good instinct to avoid shopping at sites you don’t know or trust,” Buchanan says. “Choosing reputable and trustworthy websites is important for more than just the quality and assurances you’ll receive in what you purchase. It’s also important because whoever you do business with will have to safeguard your financial data and identity.”

3. Awareness of basic cybersecurity tactics is on the rise

Most study participants said they are likely to do a quick security check before entering payment or personal details on a shopping website. 

The security double-check list might seem pretty basic, but an essential sense of situational awareness, security-wise, can go a long way toward staying safe. 

Data point: 

According to the study results people are taking small actions to insulate themselves against hacks or scams. The three biggest actions reported by study respondents are:

  1. Double-check the site’s URL to make sure it is legitimate
  2. Look for “https,” which is short for Hypertext Transfer Protocol Secure
  3. Use a secure browser
  4. Take other actions such as going directly to a site instead of using a link and/or researching a product or company to make sure it is not a scam.

“If you’re online, being targeted by cybercriminals is not a question of ‘if,’ but ‘when.’ It’s a reminder that in this online world, we’re all potential victims. Proactively safeguarding our digital data is the new normal. Staying vigilant, aware, and educated is our best defense,” Buchanan said.

4. Hacks and online theft are very real, and most often result in losses

Respondents to the Cybersecurity Guide holiday hacks study report experiencing hacks and scams. Below are some of the more common ones they reported. 

“Creating a digital fortress to protect yourself from cybercriminals is difficult,” Buchanan says. “Staying educated about avoiding and responding to cyberattacks is one of the best personal investments you can make.”

Data point: Have you ever had your ID or payment information stolen online?

  • 48% of respondents said yes
  • 52% of respondents said no

Data point: Have you ever had to deal with a personal hack or theft?

  • 52% of respondents said yes
  • 48% of respondents said no

5. People are taking online security into their own hands and investing in security-related products and services as a first line of defense.

One daunting challenge related to personal cybersecurity is that everyone uses the internet differently, and so we all have different attack surfaces or potential vulnerabilities. 

Another thing is that cybersecurity, like the internet itself, is a dynamic environment. 

According to Buchanan, here are some basic tips for staying safe on the internet:

  • Use multi-factor authentication whenever possible
  • Use a password manager
  • Regularly update your software (your router, apps, mobile devices, computers, smart devices, etc.)
  • Learn how to spot phishing attempts

The impact of cybersecurity threats and attacks for the majority of study participants has, in some cases, led to changing security-related behaviors.

All of which is to say that coming up with a one-size-fits-all kind of security solution is nearly impossible. 

On the positive side, there are a growing number of tools, tactics, and technologies that people can deploy to create their own security systems. According to the study results, that’s exactly what people are doing.

Data point: Do you use tactics or apps to protect yourself against cybersecurity threats?

  • 53% of respondents use credit monitoring services
  • 20% of respondents use identity monitoring services
  • 52% of respondents use password managers
  • 18% of respondents use virtual private networks (VPNs)
  • 14% of respondents use other security services

More than half of respondents 54%, said that they spend up to $100/year on identity and credit protection services.

Holiday hacks study takeaways

While holiday retail scams and attacks continue to grow and become a concern for online shoppers, study data shows that people are also taking online cybersecurity risks seriously and implementing different kinds of strategies to protect themselves.

Among the biggest trends identified during the study is that people shopping online and making digital purchases are likely to vet the site they are using, double-check the basics like URL and site formatting, and type links into a browser rather than click on them from other sites.

These are all good tactics and underscore the importance of basic security situational awareness.

Also uncovered in the study is the fact that most respondents are using some kind of security-related service, such as credit monitoring or identity monitoring, as a means of self-defense. 

This trend is likely to continue, and it will be interesting to study it in more depth in the future.

“Everyone needs to learn and use good cybersecurity practices. Cybercriminals aren’t going to stop, and you are a target,” Buchanan says. “Educate yourself about the best techniques to stop cyberattacks from harming you. This is an area where you want to invest your time, effort, and money. These investments can save you thousands of dollars and many headaches.”

Study methodology and details

The 2023 Holiday Hacks Study ran from October 26, 2023, to November 13, 2023, and collected 95 qualified responses. The study was published on Amazon’s Mechanical Turk platform and consisted of 20 questions related to online shopping behavior and cybersecurity trends.

To be eligible to participate in the study, respondents needed to be internet users based in the United States and over the age of 18. 

About Cybersecurity Guide

The Holiday Hacks study was commissioned by Cybersecurity Guide to try and gain more insight into how digital threats and security issues are affecting routine behaviors, such as holiday shopping.

Over the past few years, Cybersecurity Guide has grown into a massive resource referenced by leading cybersecurity professionals in academia, industry, and beyond. 

Our global team of professional cybersecurity writers — leaning on their first-hand experience in the field — conduct interviews and deep-dive research, all in an effort to create the most up-to-date and comprehensive cybersecurity education resource available.