If the ads you see in December feel a little too accurate, you are not imagining it. 

The holiday shopping season is the busiest time of the year for retailers and for data brokers. These companies quietly track, collect and sell your personal information. Every search, click, cart add and purchase feeds a digital shopping profile tied to your name, phone number, email and address.

If you do not clean it up before the year ends, that profile will follow you into 2026. It fuels more scam calls, targeted ads, identity theft attempts and privacy risks you never agreed to. Here is how your profile forms, why data brokers want it and how to erase it fast.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

FBI WARNS EMAIL USERS AS HOLIDAY SCAMS SURGE

Your digital shopping profile forms the moment you shop online

Your profile starts forming the second you browse Amazon, Target, Sephora, Walmart or any online store. Every interaction adds new data points, including:

• Items you viewed
• Items you added to your cart
• Purchases and near-purchases
• Shipping and billing addresses
• Total spending
• Preferred brands
• Device type and browser
• IP address and physical location

Activity spikes in November and December. You are searching for gifts, deals, decorations and electronics. Data brokers watch this surge and collect more aggressively.

How data brokers get your information

Data brokers gather your personal information from several places at once. Here are the most common sources.

1) Retailers send your shopping data to third parties

Most retailers use analytics, advertising or measurement partners. These partners are often data brokers. The more companies that handle your information, the higher the risk of exposure.

Marketing tools may analyze personal details such as age, race, gender, location and shopping habits. Even without clear consent, partners often receive:

• Full purchase histories
• Timestamps
• Product categories
• Loyalty account details

Some stores even share in-store behavior when you scan a loyalty card.

2) Shopping apps track far more than what you buy

Apps from Amazon, Temu, Walmart, SheinTarget and others track everything you do. They often collect:

• Real-time location
• Device data
• Contact lists if allowed
• Swipe patterns
• Time spent viewing specific items

This behavioral data becomes extremely valuable to data brokers. It also helps scammers understand how to target you.

3) Price-comparison tools copy your browsing habits

Browser plugins that offer price drops or deal matching often collect far more than you expect. An FTC investigation revealed that they can capture details from location and demographics to mouse movements.

Data points like these get packaged, sold and added to your digital shopping profile. Scammers can then build highly targeted attacks.

What scammers can do with your digital shopping profile

Scammers use these profiles to run more convincing attacks during the holiday season. With access to your data, they can:

• Send fake order confirmations
• Launch refund scams
• Send fraudulent delivery texts
• Commit identity theft
• Resell your information to other criminals

If you interact with a scam even once, your profile may be marked as verified. That makes you a priority target for future attacks.

PROTECT YOUR DATA BEFORE HOLIDAY SHOPPING SCAMS STRIKE

Why December is the best month to delete your data

Each January brings a surge in scams, including refund scams, account update scams, IRS scams, Medicare scams and subscription renewal scams. Many of these attacks rely on the holiday shopping data collected in the weeks before.

If you delete your data now, you reduce:

• Scam calls
• Spam emails
• Targeted phishing attempts
• The number of companies holding your personal information

Data brokers must delete your information once you request it. Acting now limits how much of your 2025 activity they can store and resell.

WHAT REALLY HAPPENS ON THE DARK WEB, AND HOW TO STAY SAFE

However, removing your data manually is nearly impossible. You would need to contact and send opt-out requests to:

• People-search sites
• Marketing data brokers
• Retail data aggregators
• Ad-targeting vendors
• Shopping analytics platforms
• Credit-linked identity brokers

One at a time.

The fastest way to delete your digital shopping profile

This is why I recommend using an automated data removal service. They remove your exposed data from hundreds of data broker sites and continue to monitor new threats.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaways

Your digital shopping profile may feel invisible, but it shapes the ads you see, the scams you receive and how exposed your personal information becomes. The holiday season gives data brokers more information in two months than they collect during the rest of the year. Use December to clean it up. With a few smart steps and an automated data removal service, you can enter 2025 with fewer scams, fewer trackers and more control over your privacy.

What part of your digital shopping profile surprised you most after learning how data brokers track you? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.

This is an excerpt of Sources by Alex Heath, a newsletter about AI and the tech industry, syndicated just for The Verge subscribers once a week.

Reinforcement learning (RL) is the next frontier, Google is surging, and the party scene has gotten completely out of hand. Those were the through lines from this year’s NeurIPS in San Diego.

NeurIPS, or the “Conference on Neural Information Processing Systems,” started in 1987 as a purely academic affair. It has since ballooned alongside the hype around AI into a massive industry event where labs come to recruit and investors come to find the next wave of AI startups.

I was regretfully unable to attend NeurIPS this year, but I still wanted to know what people were talking about on the ground in San Diego over the past week. So I asked engineers, researchers, and founders for their takeaways. The list below of responses includes Andy Konwinski, cofounder of Databricks and founder of the Laude Institute; Thomas Wolf, cofounder of Hugging Face; OpenAI’s Roon; and attendees from Meta, Waymo, Google DeepMind, Amazon, and a handful of other places.

I asked everyone the same three questions: What’s the buzziest topic from the conference? Which labs feel like they’re surging or struggling? Who had the best party?

The consensus was clear. “RL RL RL RL is taking over the world,” Anastasios Angelopoulos, CEO of LMArena, told me. The industry is coalescing around the idea that tuning models for specific use cases, rather than scaling the data used for pre-training, will drive the next wave of AI progress. What’s clear from the lab momentum question is that Google is having a moment. “Google DeepMind is feeling good,” Hugging Face’s Wolf told me.

The party circuit was naturally relentless. Konwinski’s Laude Lounge emerged as one of the week’s hotspots — Jeff Dean, Yoshua Bengio, Ion Stoica, and about a dozen other top researchers came through. Model Ship, an invite-only cruise with 200 researchers, featured “a commitment to the dance floor that is unprecedented at a conference event,” one of the organizers of the cruise, Nathan Lambert, told me. Roon was dry about the whole scene: “you can learn more from twitter than from literally being there … mostly my on-the-ground feeling was ‘this is too much.’”

Here’s what attendees had to say about NeurIPS this year:

What was the buzziest topic among attendees that you think more people will be talking about in 2026?

Which labs feel like they’re surging in momentum, and which ones feel more shaky?

What was the best party you attended or had FOMO over?

Yes, some people thought keynotes were parties. I guess academia lives on at NeurIPS after all.

Recently, you may have received alarming emails like the one below from “sharfharef” titled “Wallet Verification Required” that uses the MetaMask logo and branding.

These messages warn you to verify your wallet by following a link, but scammers use emails like this to steal your crypto information.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

FBI WARNS EMAIL USERS AS HOLIDAY SCAMS SURGE

What is MetaMask and why scammers love it

MetaMask is a popular crypto wallet and browser extension that lets you store tokens and connect to blockchain apps on networks such as Ethereum. Because MetaMask is widely known and trusted, criminals impersonate it in phishing campaigns that ask users to “verify” wallets and then harvest recovery phrases or keys.

What makes this email a wallet verification scam

The scam email copies MetaMask visuals and even routes through a Zendesk address to look more professional, yet the “Verify Wallet Ownership” button points to an unrelated domain that has nothing to do with MetaMask. That mismatch between branding and destination is a major red flag in crypto phishing attacks. It also relies on classic pressure tactics and vague corporate language. The body reads:

Dear Valued User,
As part of our ongoing commitment to account security, we require verification to confirm ownership of your wallet.
This essential security measure helps protect your assets and maintain the integrity of our platform.
Action Required By: December 03, 2025
Your prompt attention to this verification will help ensure uninterrupted access to your account and maintain the highest level of security protection.

Phrases like “Dear Valued User,” “essential security measure” and “Action Required By” are common in phishing emails that pretend to be MetaMask and threaten restrictions if you do not comply. Genuine MetaMask support will direct you to metamask.io or official apps and will never ask you to reveal your secret recovery phrase through a link in an unsolicited email.

In this case, the message even claims to come from “МеtаМаsk.io (Support@МеtаМаsk.io)” . That display name looks like MetaMask Support, but the real sending address is an unrelated Zendesk subdomain, which is a classic red flag. MetaMask explains that legitimate support messages only come from specific official addresses, so anything else should be treated as a scam and ignored.

Why mention Zendesk can be misleading

Zendesk is a legitimate customer support platform that many companies use to manage tickets and notifications. Scammers sometimes route fake alerts through such services or spoof similar addresses, so messages look like real support tickets, which can fool users who associate Zendesk branding with trust.

In this case, the presence of a Zendesk-style address does not make the message safe because the link still leads away from MetaMask’s official website and asks you to react to manufactured urgency.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

Steps to stay safe from wallet verification scam emails

Taking the right precautions can protect your digital wallet and personal data from scammers.

1) Do not click suspicious links and use strong antivirus software

Avoid clicking buttons or links in unexpected wallet verification emails, even if they show the MetaMask logo. Instead, open your browser and type metamask.io yourself or use the official mobile app to check for any real alerts. Also, install strong antivirus software to detect malicious links, fake sites or malware that tries to capture your keystrokes. 

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Keep it updated so it can block new phishing infrastructure and known scam domains.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

2) Use official websites only

Always confirm that the address bar shows MetaMask’s official domain or your wallet provider’s genuine site before you sign in. If an email link sends you to a domain that looks odd, close it immediately.

3) Keep your credentials private

Never enter your secret recovery phrase, password or private keys on a site you reached by email. MetaMask support will not ask for that information, and anyone who gets it can empty your wallet.

4) Enable two-factor authentication

Turn on two-factor authentication (2FA) wherever your exchange or related accounts support it, since codes from an app or key add a barrier even if a password leaks. Store backup codes safely offline, so criminals cannot reach them.

REAL APPLE SUPPORT EMAILS USED IN NEW PHISHING SCAM

5) Use a data removal service

Data removal services can help reduce exposed personal details from data broker sites that attackers use to target victims by name and email. Less exposed information makes it harder for phishers to craft convincing wallet alerts tailored to you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Mark suspicious emails

Mark any fake MetaMask messages as spam or phishing in your inbox so filters learn to block similar attacks. You can also report phishing attempts through MetaMask and your email provider to help protect other users.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Emails like the one from “sharfharef” use MetaMask’s trusted name, polished design and alarming language to push you into clicking before you think. When you slow down, check the sender, read the wording and confirm the website address, you strip scammers of their biggest advantage, which is panic.

What questions do you still have about protecting your digital accounts and crypto wallets that you want us to answer in a future article? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.