Holiday Online Shopping


The holiday shopping season is here, and while millions of Americans will be looking for the best deals the internet has to offer, cyber criminals will be hard at work looking to target online shoppers. The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get a hold of your personal and financial information to compromise your data, insert malicious software, steal your identity and take your money. 

 At CISA, we are committed to helping Americans better protect themselves online. This holiday shopping season, we’re here to provide a few easy steps to prevent you from becoming a victim of cyber-crime.  

Using strong passwords, updating your software, thinking before you click on suspicious links, and turning on multi-factor authentication are the basics of what we call “cyber hygiene” and will drastically improve your online safety.  

Here are the 4 common sense ways to protect yourself online.  And watch the 4 steps video!

  • Implement multi-factor authentication (MFA) on your accounts and make it 99% less likely you’ll get hacked.  Watch our videos on MFA: 2 Legit to Quit and Country 2-Step.
  • Update your software. In fact, turn on automatic updates.  
  • Think before you click. More than 90% of successful cyber-attacks start with a phishing email.  
  • Use strong passwords, and ideally a password manager to generate and store unique passwords. 

    Another way that CISA is assisting Americans stay secure during the holiday season is the Holiday Shopping Tips video series, a collection of 12 individual and a finale video providing tips, resources and best practices for safely navigating websites. The videos for shopping during the holiday season can be found below. 

    Holiday Shopping Tips:

    Check Your Devices

     

    Image of a woman sitting at a computer with text, Check Your Devices.

     

    Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if multi-factor authentication is available, are you using it?  

     

     

     

    Multi-factor authentication (or two-factor authentication), uses multiple pieces of information to verify your identity. Even if an attacker obtains your password, they may not be able to access your account if it’s protected by this multiple step verification process.  

    Image of a little girl with wi-fi symbol beside her.

     

    Protect your devices by keeping the software up-to-date. These include items like mobile phones, computers, and tablets, but also appliances, electronics, and children’s toys.
    Image of a password field.

     

    Once you’ve purchased an internet connected device, change the default password and use different and complex passwords for each one. Consider using a password manager to help.
    Image of a lock and check mark.

     

    Check the devices’ privacy and security settings to make sure you understand how your information will be used and stored. Also make sure you’re not sharing more information than you want or need to provide.
    Image of a software update wheel.

     

    Enable automatic software updates where applicable, as running the latest version of software helps ensure the manufacturers are still supporting it and providing the latest patches for vulnerabilities.

     

     

    Only Shop Through Trusted Sources

     

    Image of a store front with clothes and text that reads, Only Shop Through Trusted Sources

     

    Think about how you're searching online? Are you searching from home or on public Wi-Fi? How are you finding the deals? Are you clicking on links in emails or going to trusted vendors? Are you clicking on ads on webpages?

     

     

    You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something's probably not right.

    Image of a website globe with verified check mark.

     

    Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor.
    Image of a computer screen with an magnifying glass with an eye on it.

     

    Some attackers may try to trick you by creating malicious websites that appear to be legitimate. Always verify the legitimacy before supplying any information. If you’ve never heard of it before, check twice before handing over your information.
    Image of wi-fi symbol with lock unlocked and dash through it

     

    Don’t connect to unsecure public Wi-Fi, especially to do your banking or shopping.
    Image of an envelope with a fishing hook through it.

     

    Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails—designed to look like they’re from retailers—that have malicious links or that ask for you to input your personal or financial information.
    Image of url field.

     

    Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.
     
    Image of an envelope with password.

     

    Never provide your password, or personal or financial information in response to an unsolicited email. Legitimate businesses will not email you asking for this information.
    Image of url field with a locked lock.

     

    Make sure your information is being encrypted. Many sites use secure sockets layer (SSL) to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted.

     

     

     

    Use Safe Methods for Purchasing

    Image of a person using their credit card to make an online purchase with text, Use Safe Methods for Purchases.

     

     

     

    If you're ready to make a purchase, what information are you handing over? Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be used and stored.

    Image of a credit card with a lock.

     

     If you can, use a credit card as opposed to a debit card.  There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards.  Additionally, because a debit card draws money directly from your bank  account, unauthorized charges could leave you with insufficient funds to pay other bills.  Also use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
    Image of a credit card statement.

     

    You’ll likely make more purchases over the holiday season, be sure to check your credit card and bank statements for any fraudulent charges frequently. Immediately, notify your bank or financial institution and local law enforcement.
    Image of an envelope with a fishing hook through it.

     

    Be wary of emails requesting personal information. Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email.
    Image of a lightbulb.

     

    If you receive a suspicious email that you think may be a phishing scam, you can report it at us-cert.gov/report-phishing.

    Additional Resources

    Multi-Factor Authentication Tip Sheet

    Phishing Tip Sheet 

    CISA Urges All Americans to be on Alert for Holiday Scams and Cyber Threats

    Holiday Shopping Infographic

    Check Your Device Animated Video

    Shop Through Trusted Sources Animated Video

    Use Safe Methods for Purchases Animated Video

    US-CERT Shop Safely

     

     

     

    Was this webpage helpful?  Yes  |  Somewhat  |  No