During the holidays, millions of shoppers—maybe even you—will make purchases online. So, of course, thieves have devised ways to try to get your personal data, like your credit card number, bank account information, and Social Security number. Once obtained, a thief can use this information to make purchases with your existing credit card, get new cards in your name, or take out loans using your identity. But you can take precautions when shopping online to avoid becoming a victim.
Here are ten cybersecurity guidelines. Use them to help keep your information safe while you’re shopping this holiday season.
When buying online, always look in the address box for the "s" in “https” and for the padlock symbol, which means the site is encrypted and your payment information will be secure. If you have any doubts about whether a site is secure while using Internet Explorer, right-click anywhere on the page to select "Properties." The dialog box will reveal if the site is encrypted. If you’re using Firefox, click on "Tools" in the menu bar, then "Page Info,” and “Security” to find this information.
When shopping online, look for the seals of trusted certification organizations, like DigiCert. You can confirm that the use of the seal is legitimate by clicking on the seal. A confirmation page on the certifying organization’s site should open. If nothing happens when you click on a trusted organization symbol, then it might be a fake.
Be wary of emails that ask you to confirm a purchase, have package-tracking information, or promote a holiday deal. Scammers sometimes create and send emails that look like they’re from a legitimate business, but that contain a harmful link. When you click on the link in the message, your device could be infected with a virus, spyware, or other malware. Or you’ll go to an imposter site designed to trick you into giving up your personal information.
To make sure you're going to a legitimate website, check the URL (the website's address) by hovering over the link. Or, to be even safer, go to the company’s website directly rather than clicking on the link in the email.
If you get an email asking for your personal information—like your Social Security number, credit or debit card number, or bank account information—don't respond. Legitimate retailers and businesses won’t ask for this information in that way. (To learn about phishing and how to stay safe on the Internet, see Email Scams and Frauds.)
As a rule of thumb, don’t open attachments in emails from senders you don’t recognize or in suspicious-looking emails from known contacts. Again, messages that appear to come from legitimate organizations, a well-known retailer, or a bank can be easily faked. Be particularly skeptical of .zip and other compressed or executable file types. Don’t send a reply to the email either.
Make sure your device, browser, apps, antivirus, and anti-malware software are all up to date.
When it comes to passwords, don’t use readily available information like your birth date or your phone number. Don’t overshare on social networks, like Facebook, either. A thief might use the information you posted to guess your passwords. Stay away from common passwords too—definitely don't use “password” or “123456.” It’s also a good idea to use two-step authentication whenever possible.
Be sure to use a passcode to access your phone or tablet, and log off your computer or lock the screen if you’re not using it. After you visit a merchant or bank website, always log completely out of the site. Don’t allow your device to remember your username, password, or payment information. Otherwise, anyone who gets access to your device can log back into the site and place new orders or transfer money out of your account.
During the holidays, charity scams are common. Before donating to a charity online, check with the Better Business Bureau to find out if the charity is legitimate. You can also check to see if a charity is tax exempt at the IRS website; donations to these charities might be tax-deductible.
If you use free hotspots, be extremely cautious. Cyber thieves sometimes name their network something familiar, like Starbucks Free Wi-Fi, to trick you into connecting as a guest so they can see what’s on your device. Even if the public network is legitimate, these systems aren’t secure, and any information you enter is more likely to be hacked. So, don’t log in to banking websites or payment sites, like Paypal, when using a public network.
To get more tips on how to protect your personal information from crooks, read Ten Things You Can Do to Minimize Your Risk of Identity Theft. If your credit card or debit card information has been hacked, see Stolen or Lost Credit, Debit, or ATM Card? Here's What to Do.
Victims of identity theft should visit Identitytheft.gov and read Recovery Steps If You're a Victim of Identity Theft. If your identity has been stolen and you need help straightening out your finances, dealing with debt collection agencies, or getting credit bureaus to remove fraudulent information from your credit report, consider talking to a consumer protection lawyer.
