Top 3 Cyber Safety Tips for Online Holiday Shoppers

Shopping online this holiday season?  If so, like millions and millions of other virtual shoppers, you are at risk of becoming a victim of cybercrime.  Although these types of crimes may not cause physical injury, they can still “hit you” where it hurts, threatening your privacy, your security, your identity, and your wallet.  Practicing good cyber safety habits every time you go online — especially around the holidays when retail cybercrime is at its highest — is your best protection from this constant threat!

Here are the Cybersecurity and Infrastructure Security Agency’s top 3 tips for holiday cyber safety this shopping season:

Cyber Safety Tip #1: Check Your Devices

Do a comprehensive device and app safety check before shopping:

• Keep all of your and your family’s connected devices (apps, phones, computers, tablets, toys, TVs, etc.) up to date with the latest software updates.
• Enable automatic software updates on your devices.
• Set up or enable two-factor authorization (2FA) wherever you can, on devices and accounts.
• Change all default passwords on new devices immediately.
• Use complex, long-length passwords that use lowercase and uppercase letters, numbers, and symbols.*
• Don’t use the same or similar passwords for multiple accounts.*
• Change your passwords regularly.*
• Check all your device, app, and browser extension privacy and security settings to ensure you’re aware (and comfortable with) how your information is being stored and used.

*Pro Tip: Use a password generator (like this one) and a secure and reputable password manager (like this one) to make password setting and remembering much easier!

CISA Cyber Safety Tip #1: Check Your Devices

Cyber Safety Tip #2: Only Shop Through Trusted Sources

Be careful where you shop and how you shop:

• Make sure you’re interacting with a reputable, established vendor.
• Always verify the legitimacy before supplying any information — check twice before handing over your information!
• Use a VPN when connecting to unsecure public Wi-Fi.
• Don’t do you banking or shopping on public Wi-Fi without an up-to-date VPN.
• Beware of phishing emails designed to look like they’re from legitimate retailers — they’ll use malicious links or prompt you to input personal information.
• Don’t click links or download attachments unless you’re confident of where they came from.
• Never provide your password, personal, or financial information in response to an unsolicited email.
• Make sure your information is being encrypted.
• Only shop from or use websites with URLs that begin with “https://” and show a closed padlock symbol (the “s” means the connection is secure; the padlock means the website server is encrypted).

CISA Cyber Safety Tip #2: Only Shop Through Trusted Sources

Cyber Safety Tip #3: Use Safe Methods for Purchases

Always be cautious with transactions and double-check your financial statements:

• Use a credit card as opposed to a debit card when you can.
• Immediately change your passwords, use complex passwords, and use a different one for each account.
• Check your credit card and bank statements for any fraudulent charges. If you see any, immediately notify your bank or financial institution and local law enforcement.
• Be wary of emails requesting personal information.
• If you receive a suspicious email that you think may be a phishing scam, you can report it at https://www.us-cert.gov/report-phishing.
• If you believe your identity or financial information has been stolen, report it right away to your local police and the Federal Trade Commission (FTC).

CISA Cyber Safety Tip #3: Use Safe Methods for Purchases

For more helpful cyber safety tips, check out the CISA’s Cyber Safety page.