US flag signifying that this is a United States Federal Government website

  Official website of the Cybersecurity and Infrastructure Security Agency

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

  1. Home >>
  2. About NICCS >>
  3. Featured Stories >>
  4. 'Tis the season to shop secure!

'Tis the season to shop secure!

The holiday shopping season has officially kicked off with a record 189.6 million U.S. consumers shopping from Thanksgiving Day through Cyber Monday, a 14% increase from last year. However, the holiday cheer doesn’t stop there. The National Retail Federation (NRF) predicts holiday retail sales during November and December will increase between 3.8 and 4.2% from 2018, totaling between $727.9 and $730.7 billion. Research suggests that two-thirds of consumers will begin their shopping journey online.

The Internet continues to change the way we shop, emerging e-commerce channels like retail apps and social media stores are adding to consumers’ online options. As millions of shoppers venture into cyberspace to get the best deals, fraudsters are also on the hunt to steal their personal and financial data. Here is a list of top 2019 scams to look out for this holiday season and proactive steps you can take to protect yourself.

2019 Scams to Look Out For

Phishing/Smishing is a type of online fraud that uses deception to steal user credentials, including bank account details, passwords, credit card numbers, and other sensitive information. The majority of cyberattacks start with a phishing email or smishing text disguised as a notification from service providers, banks, online payment processors, and other types of organizations. The message typically informs the recipient about an urgent need to add or update personal data due to reasons such as suspicious account logins or password expiration. The fraudster then uses this opportunity to steal login information, account details, and personal data.

Website Spoofing, like phishing, makes people believe that they are interacting with a trusted, legitimate company or person. Sophisticated methods of website spoofing can produce forged sites nearly identical to their legitimate counterparts. Scammers can cloak URLs by covering up the true URL with one associated with a trusted website. Additionally, subdomains are implemented to confuse users and create a false sense of security.

Ransomware is a type of malicious software designed to encrypt files and block access to a computer system until a sum of money, or ransom, is paid. The first sign of a ransomware attack is often a message displayed on the monitor offering to restore the system in return for a substantial payment. Ransomware attacks have increased over 97% in the last two years with approximately 20,000 detections happening each day.

Trojan Horse is a type of attack in which users receive malware often disguised as legitimate software, that performs actions unauthorized by the user: they load, delete, modify, block, or copy data, and disrupt the performance of computers and networks. Banking trojans steal account data for online banking systems, e-payment systems, and traditional credit card systems.

Tips to be Safe and Secure

Check Your Devices

Start with your devices – before making any online purchases, make sure the device you’re using is up-to-date. Many of the products we use every day connect to the Internet, not only mobile phones, computers, and tablets, but also appliances, electronics, and toys. The simple most effective way to protect your devices is to keep the software updated. Enable automatic software updates where applicable, as running the latest version of software helps ensure the manufacturers are still supporting it and providing the latest patches for vulnerabilities.

Always change the default password on new Internet connected devices and use different and complex passwords for each one. Enable multi-factor authentication for an extra layer of security.

Only Shop through Trusted Sources

Next, be cautious when you're searching online – use trusted networks, vendors, and advertisements. Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor on a trusted, secure network. Some attackers may try to trick you by creating malicious websites that appear to be legitimate. Always look for "https:" instead of "http:" and a padlock icon in the URL.

Most of us receive emails from retailers about special offers. Cyber criminals will often send phishing emails that have malicious links or that ask for you to input your personal or financial information. Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.

Use Safe Methods for Purchases

Lastly, sealing the deal—if you're going to make a purchase, know what information you’re handing over. Before providing financial information, check the privacy policy to understand how the website will use and store your information.

If you can, use a credit card as opposed to a debit card. There are laws to limit your liability for fraudulent credit card charges, but debit cards may not have the same level of protection. Check your statements for any fraudulent charges and notify your financial institution and local law enforcement if you see anything unusual.

In conclusion, if you fall victim to cyber criminals this holiday season or see something suspicious, report it. If you believe personal or financial information has been stolen, report it right away to your local police and the Federal Trade Commission (FTC) at Additionally, you can report phishing and spoofing scams at

For more information about online shopping and cybersecurity during the holiday season visit

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate on a survey?