Safe online shopping this holiday season

Last Published Date: 
December 20, 2017

Year after year, cybercriminals successfully take advantage of the increase in online activity during the holidays. The Association of Certified Fraud Examiners reports that the incidence of fraud increases by 20% during the holiday season.  The Department of Homeland Security’s STOP.THINK.CONNECT. national cybersecurity awareness campaign urges you to remember the following online shopping tips to avoid your information ending up in the wrong hands:

  • Don’t fall for phishing, no matter how sweet that discount may seem: Phishing emails are the main type of attack aimed at online shoppers during the holiday season to steal your personal and financial information to sell on the dark web. Hackers send emails offering high discounts, free products, and/or issues with a product order you have placed. If it seems too good to be true, it probably is. Do not click on any link or open any attachment that looks suspicious. Look for typos, call the company directly to confirm the legitimacy of an email’s claim, and make sure to report any strange activity. Report phishing attempts to United States Computer Emergency Readiness Team (US-CERT).

  • If there’s no ‘s’ head for the ‘X’: Before entering shipping, billing, or payment information with an online retailer, make sure the web address begins with ‘https://’. The ‘s’ means “secure” and ensures the data entered is encrypted and is less likely to be stolen and then sold online. ‘X’ out of any page that requires your information but doesn’t have a secure ‘s’.

  • “Please pass the CREDIT”: Credit cards are considered safer to use than debit cards when shopping online. Under federal law, your personal liability for fraudulent charges on a credit card cannot exceed $50. If a cybercriminal obtains your debit card information, not only is your liability higher, but the hacker also has direct access to the funds in your bank account. Also, monitor the activity on all your bank accounts throughout the holiday season. Check with your financial institution on any services they may offer to help track your spending activity.

  • Put the criminals to work: One of the easiest ways to protect your personal information is by changing passwords regularly. Create a password using a combination of upper and lowercase letters, numbers, and symbols. Never use the same passwords for your most sensitive accounts, such as banking, email, and social media.

  • This season’s “must-have” items – strong authentication and password managers: According to the Lock Down Your Login campaign, strong authentication is a way of confirming your identity with multiple security methods. It may come in the form of entering a pin that only you know, using special tokens, providing biometric keys like a thumbprint scan, or confirming a log-in through a separate application on your mobile device. Password managers act as a vault for your passwords. Often you submit one or two passwords used by the manager to create multiple, different, long, random, and complex passwords to use for each of your online accounts. Password managers simultaneously address the safety issue of using the same password across accounts and help ensure you will not forget the passwords.

  • Update your software: Keep the software on all devices (phone, computer, tablets, etc.) up to date; updates often come with security patches to keep hackers from accessing the information on your devices.

DHS encourages all Americans to stay safe online throughout the year. Visit www.dhs.gov/stopthinkconnect for more tips and guidance and protect yourself online during this holiday shopping season.