Protecting Your Identity When Online Holiday Shopping
Tips for protecting your identity and financial information during the holiday online shopping season.
Last year’s Cyber Monday was the biggest online shopping day in U.S. history.
Unfortunately, the ease and convenience of online shopping makes the holiday season the perfect time for cybercriminals to take advantage of unsuspecting online shoppers.
Fortunately, many cyber threats can be avoided. When you shop online, the following habits can help protect your personal identifiable information and your credit card information during the holiday season and year-round:
- Shop reliable websites. If an offer sounds too good to be true, it probably is! Don't be fooled by the lure of great discounts by less-than-reputable websites or fake companies. Use the sites of retailers you know and trust, and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.
- Beware of seasonal scams. Fake package tracking emails, e-cards, charity donation scams, and emails requesting that you confirm purchase information are common this time of year. Use known, trusted URLs instead of clicking on links.
- Conduct research. There are numerous fake or malicious companies this time of year. When considering a new website or online company for your holiday purchases, read reviews and see if other customers have had positive or negative experiences with them. Also, verify the website has a legitimate mailing address and a phone number for sales or support-related questions. If the site looks suspicious, call and speak to a real person.
- Think twice before clicking links or attachments. Even if they appear to be from people you know, are legitimate organizations, a favorite retailer, or even your bank, messages can easily be faked. Use known, trusted URLs instead of clicking on links. And only open known, expected attachments. When in doubt, throw it out!
- Keep clean machines! Before searching for that perfect gift, make sure your device, apps, browser, and anti-virus/anti-malware software are patched and up-to-date.
- Protect your passwords. Make them long and strong, never reveal them to anyone, and use multi-factor authentication (MFA, also called two-factor or 2-step authentication) wherever possible.
- Create unique passwords. Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate work and personal accounts, and make sure that your critical accounts have strong passwords.
- Use safe web addresses. Look for URLs that begin with “https://” (not http) in the address bar before using your credit card online.
- Check your financial statements regularly. These are often the first indicators that your bank account, credit card information, or identity have been stolen. If there is a discrepancy, report it immediately.
- Get savvy about public Wi-Fi and computers. Treat all Wi-Fi networks and public computers as compromised, even if they appear to be safe (or are at your favorite retailer). Limit the type of business you conduct on them, including logging into key accounts, such as email, banking, and shopping. Set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure or fraudulent hot spot.
- Disable Bluetooth when not in use. This helps reduce the risk of your data being intercepted by thieves. Some stores and other locations also look for devices with wireless or Bluetooth turned on to track your movements while you are within range.
- Use a separate credit card for digital transactions only. While this won’t prevent theft, it will limit your exposure and make online fraud easier to detect.
- Download quality, trustworthy apps. Less reputable apps can include malicious software ("malware") designed to steal credit card and other sensitive information. And keep your apps up to date.
- Don't auto-save passwords or credit card numbers. The inconvenience of having to re-enter the information is insignificant compared to the amount of time you would spend trying to repair the loss of your stolen information.