Skip to main content
Personal Finance

Holiday Shopping Cybersecurity Tips

Woman-Using-Smartphone-Cyber-Security-Network

Online shopping can be a great way to snag deals and comparison shop—and with pandemic-related restrictions, more of us are doing it this holiday season. But online shopping is not without its perils. If you're rushing to get last-minute online gifts and meet shipping deadlines, check out these tips to stay safe as you shop.

Think Before You Click

'Tis the season for retailer emails galore, but 'tis also the season for phishing emails. Santa's list isn't the only thing that should be checked twice. So too should the URL of any link you receive, whether it appears to be a deal from your favorite retailer, a shipping notification, an alleged fraud alert from your bank or a coupon for a hot new product.


Avoid Public Wi-Fi

Fewer of us may be out and about this year, but many people still use public Wi-Fi when shopping. And while these networks might help you avoid data overage charges from your mobile provider, they can also be ripe hunting grounds for a hacker. Avoid entering passwords or other personal or financial information into any website from a public network.

Create Strong Passwords

Speaking of passwords, be sure to use unique and strong passwords for your various accounts, especially your financial accounts. Ideally, online account passwords should be at least 12 characters. It's a simple fact that longer passwords are more mathematically secure—and they don't have to be complicated to achieve that greater security. A 12-character password with just lower-case letters has 95.4 quadrillion combinations compared to just 208.8 billion possible combinations for an eight-character lower-case password. Security experts suggest using a passphrase, which can be easier to remember than a string of random characters and numbers.

Regardless of the length and complexity, your passwords should be unrelated to any of your prior passwords and shouldn't include any information easily found online, such as your high school, the name of your pets or children. (Check out 7 Ways You Are Accidentally Revealing Your Password for more information.)

Be Smart About Where You Shop

It may be tempting to go after the cheapest price, but be wary if the cheapest price comes from an unknown website. Take some time to search around and verify that the retailer is legitimate and has positive reviews from purchasers. And when you visit a retailer's website, whether new or familiar, be sure you look for the padlock symbol in the address bar, and the "S" at the end of "HTTPS" to indicate that the website is secure. Think twice before clicking on advertisements for unknown retailers on social media platforms. You might feel like you are in a safe space, but these platforms do not verify these businesses as legitimate sellers of quality goods before including their ads in your feed.

Similarly, before you download a new shopping app, check that it comes from verified source. You can do that by going straight to the source to find the download. Visit the retailer's website for a download link. You don't want to find you've downloaded a fake app that looks just like a retailer's real app and end up giving away your personal information.

Keep Systems Up To Date

Be sure to keep your operating system, software and apps up-to-date, and install any new updates as soon as they become available. That goes for your antivirus software too. Developers continuously find new vulnerabilities—weaknesses hackers may exploit to steal your data. Stay safe by installing updates that may be repairing a key vulnerability. 

Monitor Your Statements

Make it a habit to carefully review your bank and credit card statements all year round, but that is particularly true during the holiday season. If anything looks suspicious, contact your credit card company or bank right away. The holidays can be expensive enough without a fraudster accessing your accounts.

Pro Tip: set up alerts with your credit card company for any purchases made when your card isn't present. You will know if a fraudulent charge has occurred right away.