Protecting your identity when online holiday shopping

When shopping online during the holiday season—or any time of year—always be wary of deals that seem too good to be true. Do your part to avoid becoming a scammer’s next victim.

The two most prevalent of these holiday scams are non-delivery and non-payment crimes. Also be wary of auction fraud, with product misrepresentation and gift card fraud.

Many cyber threats can be avoided. When you shop online, the following habits can help protect your personal identifiable information and your credit card information during the holiday season and year-round:

1. Shop reliable websites

If an offer sounds too good to be true, it probably is! Don’t be fooled by the lure of great discounts by less-than-reputable websites or fake companies. Use the sites of retailers you know and trust, and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.

2. Beware of seasonal scams

Fake package tracking emails, e-cards, charity donation scams, and emails requesting that you confirm purchase information are common this time of year. Use known, trusted URLs instead of clicking on links.

3. Conduct research

There are numerous fake or malicious companies this time of year. When considering a new website or online company for your holiday purchases, read reviews and see if other clients have had positive or negative experiences with them. Also, verify the website has a legitimate mailing address and a phone number for sales or support-related questions. If the site looks suspicious, call and speak to a real person.

4. Think twice before clicking links or attachments

Even if they appear to be from people you know, are legitimate organizations, a favorite retailer, or even your bank, messages can easily be faked. Use known, trusted URLs instead of clicking on links. And only open known, expected attachments. When in doubt, throw it out!

5. Keep clean machines

Before searching for that perfect gift, make sure your device, apps, browser, and anti-virus/anti-malware software are patched and up-to-date.

6. Protect your passwords

Make them long and strong, never reveal them to anyone, and use multi-factor authentication (MFA, also called two-factor or 2-step authentication) wherever possible.

7. Create unique passwords

Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate work and personal accounts, and make sure that your critical accounts have strong passwords.

8. Use safe web addresses

Look for URLs that begin with “https://” (not http) in the address bar before using your credit card online.

9. Check your financial statements regularly

These are often the first indicators that your bank account, credit card information, or identity have been stolen. If there is a discrepancy, report it immediately.

10. Get savvy about public Wi-Fi and computers

Treat all Wi-Fi networks and public computers as compromised, even if they appear to be safe (or are at your favorite retailer). Limit the type of business you conduct on them, including logging into key accounts, such as email, banking, and shopping. Set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure or fraudulent hot spot.

11. Use a separate credit card for digital transactions only

While this won’t prevent theft, it will limit your exposure and make online fraud easier to detect.

12. Don’t auto-save passwords or credit card numbers

The inconvenience of having to re-enter the information is insignificant compared to the amount of time you would spend trying to repair the loss of your stolen information.