9 Online Holiday Shopping Tips

Cyber Monday is the biggest online shopping day in the United States. Unfortunately, the ease and convenience of online shopping makes the holiday season the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. Three common ways that attackers exploit shoppers’ vulnerabilities are

  1. creating fraudulent sites and email messages,
  2. intercepting insecure transactions, and
  3. targeting vulnerable computers.

Fortunately, many cyber-threats are avoidable. When you shop in person, you take precautions to make sure that you’re protected. Your habits may include locking the car and putting away your cash or credit card when you’re done with your purchase. Similarly, when shopping online, there are precautions that you can take to protect your information.

  1. Shop reliable websites and get there safely. If an offer sounds too good to be true, it probably is. Don't be fooled by the lure of great discounts by less-than-reputable websites or fake companies. Use the sites of retailers that you know and trust, and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.
  2. Beware of seasonal scams. Fake package tracking emails, fake e-cards, fake charity donation scams, and emails requesting that you confirm purchase information are common this time of year. Use known, trusted URLs instead of clicking on links.
  3. Conduct research. When considering a new website or online company for your holiday purchases, read reviews and see if other customers have had positive or negative experiences with them. If the site looks suspicious, call and speak to a human.
  4. Always think twice before clicking on links or opening attachments. Even if links appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank, messages can easily be faked. Use known, trusted URLs instead of clicking on links. And only open known, expected attachments. When in doubt, throw it out!
  5. Keep clean machines. Before searching for that perfect gift, make sure your device, apps, browser, and anti-virus/anti-malware software are patched and up to date. At home, automate software updates and periodically restart your devices to ensure that updates are fully installed. UC Davis Health IT manages workstation updates and restarts.
  6. Protect your passwords. Never reveal your passwords to anyone. Make them long, strong, unique, and use multi-factor authentication (MFA) wherever possible.
    • Use a password manager such as LastPass or RoboForm.
    • Use different passwords for different accounts.
    • Use different passwords for work and home.
    • Don't let apps and websites remember your passwords.
  7. Check your credit card and bank statements regularly. These are often the first indicators that your account information or identity has been stolen. If there is a discrepancy, report it immediately.
    • Stay safe with text alerts. Most banking apps and sites provide the option to set alerts, such as a text message for every transaction over a specified dollar amount or a daily text summary of your current balance. Set these alerts and use them to spot signs of unusual activity.
    • Check your credit report at least annually. The Federal Trade Commission provides information about getting free credit reports and what to do if you find discrepancies.
  8. Secure your home WiFi. To prevent eavesdroppers and data thieves, ensure that you have a strong passphrase (12 characters or more with your wireless network set to WPA-2). Change your network’s name (SSID) from the default to something that does not obviously belong to you. Limit who has administrative access to your home network. Finally, log into your wireless router periodically to check for software updates (many home routers don’t auto-update).
  9. Get savvy about WiFi hotspots and public computers. Treat all WiFi hotspots and public computers as compromised, even if they appear to be safe. Limit the type of business you conduct on them, including logging in to key accounts, such as email and banking, and shopping. And set your devices to “ask” before joining new wireless networks so you don’t unknowingly connect to an insecure or fraudulent hot spot.