woman looking at her phone in her kitchen, with holiday lights strung around

Stay Secure While Shopping Online

We know that the holiday season is a time of giving, but here's a reminder to never give away your personal information.

Since the holidays are a time when we're most likely to click "Buy" on websites, adding our personal and banking information to send gifts to our loved ones, it's also the time to remind ourselves to remain aware of the potential hazards of online shopping and the ways we can protect ourselves. While millions of Americans will be online looking for the best gift,  hackers will be looking to take advantage of unsuspecting shoppers by searching for weaknesses in their devices or internet connections or attempting to extract personal and financial information through fake websites or charities.

The best defense against these threats is awareness. There are a few simple steps we all can take to be more secure before and after we shop.

Check Your Devices

Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if multi-factor authentication is available, are you using it?

Multi-factor authentication (or two-factor authentication), uses multiple pieces of information to verify your identity. Even if an attacker obtains your password, they may not be able to access your account if it’s protected by this multiple step verification process.

wifi to different home devices

Protect your devices by keeping the software up-to-date. These include items like mobile phones, computers, and tablets, but also appliances, electronics, and children’s toys.

password field

Once you’ve purchased an internet connected device, change the default password and use different and complex passwords for each one. Consider using a password manager to help.

lock and checkmark

Check the devices’ privacy and security settings to make sure you understand how your information will be used and stored. Also make sure you’re not sharing more information than you want or need to provide.

software update wheel

Enable automatic software updates where applicable, as running the latest version of software helps ensure the manufacturers are still supporting it and providing the latest patches for vulnerabilities.

Only Shop Through Trusted Sources

Think about how you're searching online? Are you searching from home or on public Wi-Fi? How are you finding the deals? Are you clicking on links in emails or going to trusted vendors? Are you clicking on ads on webpages?

You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something's probably not right.

website globe with verified check mark

Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor.

computer screen with magnifying glass with an eye on it

Some attackers may try to trick you by creating malicious websites that appear to be legitimate. Always verify the legitimacy before supplying any information. If you’ve never heard of it before, check twice before handing over your information.

wifi symbol with lock unlocked and dash through it

Don’t connect to unsecure public Wi-Fi, especially to do your banking or shopping.

envelope with fishing hook_red

Most of us receive emails from retailers about special offers during the holidays. Cyber criminals will often send phishing emails—designed to look like they’re from retailers—that have malicious links or that ask for you to input your personal or financial information.

url field

Don’t click links or download attachments unless you’re confident of where they came from. If you’re unsure if an email is legitimate, type the URL of the retailer or other company into your web browser as opposed to clicking the link.

password with pointer finger

Never provide your password, or personal or financial information in response to an unsolicited email. Legitimate businesses will not email you asking for this information.

https locked url field

Make sure your information is being encrypted. Many sites use secure sockets layer (SSL) to encrypt information.

Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted.

Use Safe Methods for Purchases

If you're ready to make a purchase, what information are you handing over? Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be used and stored.

credit card with lock

 If you can, use a credit card as opposed to a debit card.  There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. 

Additionally, because a debit card draws money directly from your bank  account, unauthorized charges could leave you with insufficient funds to pay other bills.  Also use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.

credit card statement and credit card

You’ll likely make more purchases over the holiday season, be sure to check your credit card and bank statements for any fraudulent charges frequently. Immediately, notify your credit union or financial institution and local law enforcement. Contact us to report an issue

envelope with fishing hook_vibrant blue

Be wary of emails requesting personal information. Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email.

alert lightbulb

If you receive a suspicious email that you think may be a phishing scam, you can report it at cisa.gov/uscert/report-phishing

Use our Security Center and protect your personal information

Learn more from Cybersecurity & Infrastructure Security Agency at cisa.gov/shop-safely.