Holiday Shopping This Year on Your Trusty Computer? Tips for Safe Online Holiday Shopping

As more consumers purchase goods and services online, cyber criminals take advantage of this opportunity to swoop in and steal your sensitive information.

These are steps from the National CyberSecurity Alliance that consumers can take to better secure accounts and transactions.

• UPDATE, UPDATE, UPDATE!
  Before making any online purchases, make sure that all your devices that are connected to the Internet are running the most current versions of their software.  Do not put off running updates or scans.   Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall.  (See Understanding Anti-Virus Software and Understanding Firewalls for more information.) Make sure to keep your virus definitions up to date.
• USE A SECURE WI-FI
  Public Wi-Fi is not cyber safe. It may be convenient, but it is not worth the risk.  Either shop from home on your own secure network behind your password protected entry, or use a Virtual Private Network (VPN) or your phone as a hotspot for a more secure shopping experience.
• LOCK DOWN YOUR LOGIN
  This is another plug for creating strong passwords and using multifactor authentication (MFA) whenever possible. Create long and unique passwords where length trumps complexity. Use a strong passphrase, i.e., a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember. Keep a password list that stored in a safe, secure place not on your computer for when you forget a password. 
  MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
• THINK BEFORE YOU CLICK
  If you receive an enticing offer via email or text, do not be so quick to click on the link. Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. (See Avoiding Social Engineering and Phishing Attacks.) Legitimate businesses will not solicit this type of information through email. NEVER provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
• GIVE AND TEACH
  If you are you purchasing an Internet-connected device for a loved one, don’t assume that they know how to use it securely. Teach your loved one how to configure privacy settings, how to deactivate any unnecessary features, and how to use devices responsibly and securely.  Don’t let your loved on learn the hard way. 

TAKE-ACTION TIPS

DO YOUR HOMEWORK

Make sure to do business with reputable, established vendors.  Fraudsters are good at setting up fake e-commerce sites, particularly during the holiday season. Prior to making a purchase, read reviews to hear what others say about the merchant. In addition, look for a physical location and any customer service information. It’s also a good idea to call the merchant to confirm that they are legitimate.  (See Understanding Web Site Certificates for more information.)

MAKE SURE YOUR INFORMATION IS BEING ENCRYPTED 

Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.

CONSIDER YOUR PAYMENT OPTIONS

Using a credit card is much safer than using a debit card; there are more consumer protections for credit cards if something goes awry. Additionally, debit cards draw money directly from bank accounts, unauthorized charges could leave you with insufficient funds to pay other bills.  Another suggestion is to minimize potential damage by using a single, low-limit credit card to make all of your online purchases. Or, you can use a third-party payment service instead of your credit card. There are many services you can use to pay for purchases without giving the merchant your credit card information directly.

DON’T GIVE IT ALL AWAY

Be alert to the kinds of information being collected to complete your transaction. If the merchant is requesting more data than you feel comfortable sharing, cancel the transaction. You only need to fill out required fields at checkout and you should not save your payment information in your profile. If the account autosaves it, go in after the purchase and delete the stored payment details.

KEEP TABS ON YOUR BANK AND CREDIT CARD STATEMENTS

Monitor your accounts for any unauthorized activity regularly. Keep a record of your purchases and copies of confirmation pages and compare them to your bank statements. If there is a discrepancy, report it immediately. (See Preventing and Responding to Identity Theft.) Good recordkeeping goes hand-in-hand with managing your cybersecurity.
Another tip for monitoring activity is to set up alerts so that if your debit or credit card is used, you will receive an email or text message with the transaction details.

ADDITIONAL RESOURCES

• Cybersecurity & Infrastructure Security Agency: Cybersecurity Tips https://www.us-cert.gov/ncas/tips
• Cybersecurity & Infrastructure Security Agency: Shopping Safely Online https://www.us-cert.gov/ncas/tips/ST07-001
• Federal Trade Commission: Cybersecurity Basics https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/basics