Tips for Secure Shopping Online During the
Holiday Season - pdf
From the Desk of Thomas D. Smith, Director
Online shopping throughout the entire holiday season has become increasingly popular in recent years, and the trend is expected to continue. According to MarketLive, an e-commerce software and solutions provider, online shoppers in the U.S. are projected to spend more than $54 billion this holiday season, nearly a 17 percent increase over the $47 billion spent last year. The increase in online shopping coincides with an increase in mobile device use, and more shoppers will be using special holiday smartphone apps to find the best deals.
Before you click or tap to buy that "must have" item on your holiday list, check out these tips below to make sure you're doing everything you can to avoid becoming a victim of cyber crime:
- Secure your mobile device and computer. Be sure to keep the operating system and application software updated/patched on all of your computers and mobile devices. Be sure to check that any anti-virus/anti-spyware software installed is running and receiving automatic updates. Confirm that your firewall is enabled.
- Know and trust your online shopping merchants. Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller's physical address and phone number in case you have questions or problems.
- Look for "https" when making an online purchase. The "s" in "https" stands for "secure" and indicates that communication with the webpage is encrypted. If you submit your credit card information through a merchant's website, be sure to look for indicators that the site is secure. Look for a padlock or key icon in the browser's status or address bar and be sure “https” appears in the address bar before making an online purchase. You should also make sure that your browser software is current and up-to-date.
- Password protect your mobile device and computer. It’s the simplest and one of the most important steps you can take to secure your mobile device and computer. If you need to create an account with the merchant, be sure to use a strong password. Use at least eight characters, with numbers, special characters, and upper and lower case letters. Adhere to the tenet "a unique password for every unique site."
- Do not respond to pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows and Command + W for Macs.
- Avoid scams and fraud. Don’t ever give your financial or personal information out over e-mail or text. Be aware of unsolicited communications purporting to represent stores or charities. Hackers may send fake order confirmation emails that look legitimate, causing you to think someone ordered a product under your name. Check the sender’s email address and website URL before clicking on a link to cancel a transaction as fake emails will rarely match a legitimate company’s website exactly. Scammers may also send fake delivery notification emails to online shoppers that can infect computers. Shoppers should write down all tracking numbers for purchases and not click on links that do not match them. Always think before you click on e-mails you receive asking for donations and contact the organization directly to verify the request if you are unsure. Information on many current scams can be found on the website of the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center: http://www.ic3.gov/default.aspx
- Do not use public computers or public wireless for your online shopping. Public computers may contain malicious software that steals your credit card information when you place your order. Additionally, criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other confidential information.
- Pay by credit card, not debit card. The safest way to shop on the Internet is to pay with a credit card rather than a debit card, as credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information was used improperly.
- Print your online transactions. Print or save records of your online transactions, including the product description and price, the online receipt, and the e-mails you send and receive from the seller. Carefully review your credit card statements as soon as you receive them to confirm that all charges are legitimate. Contact your credit card company immediately if you have unauthorized charges on your account.
What to do if you encounter problems with an online shopping site?
Contact the seller or the site operator directly to resolve any issues. You may also contact the following:
- New York State Attorney General's Office
- New York State Division of Consumer Protection
- The Better Business Bureau
- The Federal Trade Commission
For additional information about safe online shopping, please visit the following sites:
- OnGuard Online
- Privacy Rights Clearinghouse
- Internet Crime Complaint Center
- Smartphone Security - Android vs. iOS
- Federal Trade Commission: Tips for Consumers
- Daily Deal Media: Online Shopping Expected to Rise Nearly 17% this Holiday Season
- PayPal Blog: Protect Yourself from Cyber Crime this Holiday Shopping Season
- CSO Security and Risk: Kaspersky warns online Xmas shoppers of top five scams
For more monthly cyber security newsletter tips, visit:
The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Acting Chief Information Security Officer
- EISO Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal
- Contact EISO