Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Topics
  3. Cybersecurity Best Practices
  4. Shop Safely This Holiday Season
Share:
A graphic with holiday decorations like stars, presents, and ornaments dangling down from the top. In the middle you see the Secure Our World logo.

Shop Safely This Holiday Season

While looking for the best deals online, follow these tips to keep your devices and information safe. 

Report a Cyber Issue
Organizations should report anomalous cyber activity and or cyber incidents 24/7 to report@cisa.gov or 1-844-Say-CISA.

The Holiday Season Is a Prime Time for Scams! 

During the holiday season, criminals will try to scam us with too-good-to-be true deals or even fake charities. Their tactics typically include malicious links that install malware on our devices or fraudulent websites that can steal our money or even our identities.  

How big of a problem are holiday shopping scams? appear at the top of the graphic. Below, a gingerbread man stands next to a stat saying 12,000 victims. To the right, we see a credit card icon that says $73 million in total losses. The bottom says 2022 FBI stats.

 

The good news is that Secure Our World has tips to protect you and your family, friends and business from these scams.

Protect Your Devices & Accounts Against Scammers

Take these steps before making any online purchases to help protect your devices, personal and financial information, and accounts. 

The number 1 sits in the left corner. A laptop sits center in the image.

Update Software

Software updates protect you against known threats—but only if you install them. Update software on all devices you’re using for online shopping. Better yet, enable automatic software updates to make things easier. 

Number 2 is in the top left corner. The image is of a tablet with a password symbol.

Use Strong Passwords

Strong passwords are long (at least 16 characters), random and unique for each account. At minimum, strengthen passwords for financial accounts and email. Always change the default password on new tech items you’ve purchased. 

The number 3 appears in the top left corner. A briefcase sits in the center of the photo with snowflakes around it.

Use a Password Manager

A password manager can generate, save and fill in strong passwords for you. Search a trusted source for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Set one up today!

The number 4 appears in the top left corner. A fingerprint is in the center with snowflakes around it.

Turn on MFA

Multifactor authentication (MFA) is a second step to prove your identity when logging in, like using your fingerprint or entering a code sent to you. It keeps your accounts safer than a password alone. Turn it on for every account that offers it. 

 For step-by-step guidance on how to secure devices and accounts, check out our Instructional Videos. 

Recognize Phishing Attempts

Almost everyone receives exciting emails from retailers about special holiday offers, and with the hustle and bustle of holiday season, your busy schedule can cause you to want to move fast and check off items on your to-do list.  

However, phishing messages are even more frequent during the holiday shopping season! And scammers are getting better and better at their schemes.  

Your best bet to avoid getting fooled is to purchase items directly from the websites of trusted vendors and stay alert by knowing what to look for. Be cautious of fake ads on social media platforms. 

We’ve got you covered with a few tips below to avoid the phish hook. 

The number 5 appears in the left corner. An email with a hook is in the center with snowflakes around it.

Beware of phishing messages

Most of us receive emails or texts from retailers about holiday sales. Cyber criminals will often send phishing messages—designed to look like they’re from retailers—that have malicious links or that ask you for personal or financial information. 

The number 6 appears in the top left corner. A link icon is in the center.

Don't click links or download attachments

Don’t click links or download attachments in messages you aren’t expecting. If you’re unsure if a message is legitimate, don’t call any number in the message. Use a search engine to look up the company’s website and contact information. 

The number 7 appears in the top left corner. Two message icons are in the center with snowflakes around it.

Be wary of requests for information

Scammers may attempt to trick you into giving them information through text or email. Legitimate businesses won’t ask for sensitive info in this way. Common scams include asking you to verify your delivery address or confirm your purchase or account.

The number 8 appears in the top left corner. A speakerphone is in the center with snowflakes around it.

Report scams

If you receive a suspicious email that you think may be a phishing scam, report it. Then, delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete. 

Learn more about how to Recognize and Report Phishing. 

Purchase with Confidence

If you’re going to make that purchase, know what sensitive details you’re sharing. Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used. 

The number 9 appears in the top left corner. A shopping cart sits center with snowflakes around it.

Check for encryption

Your info should be encrypted as it’s transmitted to the merchant's server. Look in your browser’s location bar to make sure the website address begins with “https” instead of just “http”. Also, ensure the padlock icon is locked.

The number 10 appears in the top left corner. A business registration card is center with snowflakes around it.

Choose reputable vendors

Malicious websites may appear very professional. Always verify a business before entering any information. The Better Business Bureau allows you to search if a business is accredited. Research customer reviews or complaints.

The number 11 appears in the top left corner. A credit card with a warning symbol is in the center with snowflakes around it.

Consider using credit, not debit

Laws limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Unauthorized charges could leave you with insufficient funds to pay other bills. 

The number 12 appears in the top left corner. A computer with security notifications are center, surrounded by snowflakes.

Check your accounts frequently

You’ll likely make more purchases over the holiday season, so check your credit card and bank accounts frequently. Notify the financial institution immediately if you see any unauthorized charges. 

two women shop online in front of a computer

Shop Safely This Holiday Season Tip Sheet

Share these safety tips with your friends, family and community to keep them safe online! 

 

Download Tip Sheet
Sample Social Media Graphics from Holiday Shopping Toolkit

Holiday Online Shopping Social Media Toolkit

Share our "12 Days of Safe Holiday Online Shopping" tips with your community! Download our social media toolkit today. 

 

Download Social Media Toolkit
poster

12 Tips for Safer Holiday Online Shopping Poster

Share our "12 Tips for Safer Holiday Online Shopping" poster with your community! These helpful hints will protect you from common internet scams.

 

Download Poster

Related Content

Secure Our World

Secure Our World

Simple ways to protect yourself, your family and your business from online threats. 

Secure Our World tip sheets

Secure Our World Resources

Learn more about the four ways to stay safe online with Secure Our World Tip Sheets (including translations in various languages) and other resources. 

decorative icon

Secure Our World Videos

Watch our videos to learn how to stay safe online.  

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback