Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium Businesses
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    CISA Administrative Subpoena
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
Breadcrumb
  1. Home
Share:
holiday banner

Holiday Online Shopping

While millions of Americans will be looking for the best deals the internet has to offer, cyber criminals will be hard at work looking to target online shopper.

Overview

The holiday shopping season is here, and while millions of Americans will be looking for the best deals the internet has to offer, cyber criminals will be hard at work looking to target online shoppers. The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get a hold of your personal and financial information to compromise your data, insert malicious software, steal your identity and take your money. 

 At CISA, we are committed to helping Americans better protect themselves online. This holiday shopping season, we’re here to provide a few easy steps to prevent you from becoming a victim of cyber-crime.  

Using strong passwords, updating your software, thinking before you click on suspicious links, and turning on multi-factor authentication are the basics of what we call “cyber hygiene” and will drastically improve your online safety.  

Here are the 4 common sense ways to protect yourself online:

  • Implement multi-factor authentication (MFA) on your accounts and make it much less likely you’ll get hacked.
  • Update your software. In fact, turn on automatic updates.  
  • Think before you click. Most successful cyber-attacks start with a phishing email.  
  • Use strong passwords, and ideally a password manager to generate and store unique passwords.

Check Your Devices

Female sitting at computer illustration

Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if multi-factor authentication is available, are you using it?  

Multi-factor authentication (or two-factor authentication), uses multiple pieces of information to verify your identity. Even if an attacker obtains your password, they may not be able to access your account if it’s protected by this multiple step verification process.

icon of a toy and wifi symbol

Protect Your Devices

Protect your devices by keeping the software up-to-date. These include items like mobile phones, computers, and tablets, but also appliances, electronics, and children’s toys.

Password icon

Change Your Password

Once you’ve purchased an internet connected device, change the default password and use different and complex passwords for each one. Consider using a password manager to help.

Password icon

Check Your Settings

Check the devices’ privacy and security settings to make sure you understand how your information will be used and stored. Also make sure you’re not sharing more information than you want or need to provide.

update software icon

Update Your Software

Enable automatic software updates where applicable, as running the latest version of software helps ensure the manufacturers are still supporting it and providing the latest patches for vulnerabilities.

Shop Only Through Trusted Sources

Think about how you’re searching online. How are you finding the deals? Are you clicking on links in emails or going to trusted vendors? Are you clicking on ads on webpages? You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something’s probably not right.

You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something's probably not right.

World icon with checkmark

Interact with reputable vendors

Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor.

website icon with magnifying glass

Verify business legitimacy

Some attackers may try to trick you by creating malicious websites that appear to be legitimate. Always verify the legitimacy before supplying any information. If you’ve never heard of it before, check twice before handing over your information.

Phishing email icon

Beware of phishing emails

Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails—designed to look like they’re from retailers—that have malicious links or that ask for you to input your personal or financial information.

icon of web search bar

Don't click links or download attachments

Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.

Password icon

Never provide your password

Never provide your password, or personal or financial information in response to an unsolicited email. Legitimate businesses will not email you asking for this information.

web search bar with lock icon

Make sure your information is being encrypted

All reputable merchants use encryption to transmit information from your browser to their servers. Look in your browser’s location bar to make sure the website address begins with “https:” instead of “http:”. Also, ensure the padlock icon is locked.

Use Safe Methods for Purchasing 

person online shopping illustration

If you’re going to make that purchase, what information are you handing over? Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.

 

 

credit card with lock icon

Use a credit card as opposed to a debit card

There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Unauthorized charges could leave you with insufficient funds to pay other bills.

Credit card statements icon

Check your statements frequently

You’ll likely make more purchases over the holiday season, be sure to check your credit card and bank statements for any fraudulent charges frequently. Immediately, notify your bank or financial institution.

Phishing email icon

Be wary of emails requesting personal information

Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information via email.

alert icon

Report scams

If you receive a suspicious email that you think may be a phishing scam, you can report it.

Download PDFs

holiday_online_safety_tip_sheet_1.pdf (PDF, 260.18 KB )
holiday_online_safety_tip_sheet_2.pdf (PDF, 304.47 KB )
holiday_online_safety_tip_sheet_3.pdf (PDF, 301.09 KB )

Additional Resources

Multi-factor authentication (MFA) 

APR 16, 2021 | PUBLICATION
MFA is a layered approach to securing data and applications which increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement.
Download File (PDF, 207.67 KB)

CISA Urges All Americans to be on Alert for Holiday Scams and Cyber Threats

NOV 24, 2020 | PRESS RELEASE
With more Americans expected to do their holiday shopping online during the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) is urging all consumers to be on alert for holiday shopping scams and cyber threats, which historically spike during the holiday season. CISA has launched a new webpage with information for consumers on what to look for and how to avoid falling victim to fraud, through a series of easy-to-follow safety tips, videos and graphics.
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback