The busy holiday season is in full swing, and with so much to do (finish the gift list! wrap the presents! get the house ready for visitors!), you’re likely running in circles. Unfortunately, fraudsters know it all too well, and ramp up their scams during this time of year—even adding holiday themes specially designed to catch busy shoppers unaware.

So what are some big watch-outs? Brenda Bjerke, who leads Target’s information security policy, training and awareness efforts, weighed in with her top tips for safe holiday shopping.

1. Slow down. Be on the lookout for red flags in every email.
Scammers definitely take advantage of the holiday timeframe, when people are more likely to be receiving confirmation and shipping emails, promos for deals and more digital goodies. They create phishing emails that appear to be from your favorite brand to catch you off guard. But if you look closely, there are features that will tip you off that something isn’t right. For example, they usually come from a slightly ‘off’ email address different from the company’s official handle. Misspelled contacts and brand names, typos and bad grammar are also big red flags.

So before opening, ask yourself: Am I expecting this email? Do I recognize the sender’s email address and is it spelled correctly? If this email references a company I shop, does it come from that company itself?

2. Get in the habit of using different, strong usernames and passwords for all accounts.
Here’s a New Year’s Resolution you can kick off early: It’s so important to use a different password for each of your accounts, even though it’s tricky to remember them all. When you use the same password for multiple sites where you shop or log in, one incident at any of those places leaves you at risk everywhere. And make sure to avoid using really obvious or easily guess-able passwords. (Looking at you, 123456 and Winter2020.)

Another piece of advice? Keep track of all the sites that require you to use your email address as the User ID at login. And make sure that email account has very strong security and recovery information that’s hard to guess and unique from all your other accounts.

3. Even better? Stop using passwords and switch to passphrases.
Another favorite way to come up with a memorable, ironclad password is to use a passphrase—a series of numbers, letters and symbols that stand for an easy-to-remember line or phrase. They’re longer and more secure and you’re more likely to remember a sentence than a word.

For example: Why go to the beach when it’s raining? = YGo2tBwit$r@ining. (Now, don’t go using this one!) 

4. If ‘the government’ or ‘the IRS’ calls asking for gift cards as payment—hang up. It’s likely a scam.
This type of scam can actually come by phone call, email or text. It often involves a scam artist posing as someone official, asking you to buy gift cards and share the numbers as a payment. Sometimes they pretend to be a government official, or a representative from your power or cable company, requesting funds for an overdue bill or payment. (They’re even capable of manipulating the phone number they’re calling from to look like it’s from law enforcement.)

It can seem so real, but anything like this should be an instant red flag. At Target, for example, our gift cards can only be used at our stores and website, and can’t be used to buy other brands’ prepaid or specialty gift cards. And no legitimate government entity accepts any form of gift cards as payment. If you have questions about fraud involving Target GiftCards, we have a handy guide over at Target.com that can help.

And pay it forward. Share this knowledge with your family members, friends and neighbors so they have the tools they need to stay alert for common scam signs and keep themselves safe. 

5. Don’t just click on a hyperlink—test it out first.
Another way that scammers try to trip you up is by getting you to click on a hyperlink in an email or online ad that looks like it will take you to your favorite shopping site, but actually leads to an illegitimate one. Before clicking any links, hover over them to see the full URL and make sure you know where the link is taking you. Not sure it’s legit? Better to be safe than sorry. Don’t click on the hyperlink; use a web browser to navigate to the brand’s trusted website you’re seeking instead.

6. Double-check gift cards before you buy.
Sometimes, scammers attempt to steal the balance from gift cards on store displays by peeling back the packaging and copying down the code. To mitigate this issue in our stores, Target puts a scratch-off film with our easy-to-spot Bullseye logo (so you know it’s an original) over the numbers on the back of our gift cards. But to be extra safe, before buying any gift card, check for signs that the card or packaging has been tampered with. (If you find any, tell a team member, stat.)

7. … and treat your own gift cards like cash.
Gift cards are a form of currency, so you don’t want to leave them lying around and risk losing them. But thanks to their popularity this time of year, it can be tough to keep track of all that you get. My favorite tip? Upload your Target GiftCards to your Wallet in the Target App for ease and safekeeping as soon as possible after receiving them. Once uploaded, you can cut up the physical card so no one else can use the funds before you do. 

8. If you think you’ve been scammed, don’t hesitate—report the incident ASAP.
Sometimes victims are hesitant to report scams because they felt silly for falling for them—but the reality is it can happen to anyone. So take action. Report the incident to your local law enforcement and entities like the Federal Trade Commission or IRS as soon as you can. By doing this, you’re likely keeping many others from becoming a victim, too.

Don’t miss out on the latest Target news and behind-the-scenes happenings! Subscribe to our newsletter and get the top stories from A Bullseye View delivered straight to your inbox!