Close up of woman hands with, gifts, coffee cup and laptop showing cybersmart when holiday shopping

How To Be CyberSmart This Holiday Shopping Season

As we approach the holiday shopping season, specifically large online retail events like Black Friday and Cyber Monday, consumers must be on high alert for cybercriminals who will also be looking to capitalize on such events. According to the National Retail Federation (NRF), an estimated 186.4 million U.S. consumers shopped in-store and online from Thanksgiving Day through to Cyber Monday in 2020, making it an incredibly lucrative and easy target for cybercrime.

Here are some simple tips all shoppers should consider following and implementing ahead of this holiday season:

1.       Utilize strong passwords

One of the most effective and simple security controls that an individual can implement this holiday season is the creation and use of strong passwords. Most online retailers do not notify customers when their password is weak or needs to be changed. As a general rule, the same password should NEVER be used twice. Using a passphrase, a sequence of random words with a few symbols is an effective approach. The smart choice is to use a password manager to help create passwords that are unique, long, and complex to protect your digital life and help move passwords into the background. Let a password manager do the hard work for you so you can enjoy safer internet shopping.

2.       Before “clicking” stop and think “PHISH”

The following “PHISH” acronym offers a fun way to remember simple best practices to deter even the most sophisticated cybercriminals:

  • PAUSE: We’re all in a hurry but take a moment to examine every email before clicking on anything.
  • HOVER: Hold your cursor over any link to make sure the destination matches and looks legitimate before clicking on it.
  • INSPECT: Check the email and see if anything looks off, such as easy spelling/grammar errors, fuzzy graphics, etc.
  • SOURCE: Rather than clicking on a suspicious link that requests sensitive information, go directly to the website, and confirm whether the requesting organization is really asking for it.
  • HELP: If you aren’t sure if an email is legitimate or not, ask for help or call the person/organization directly to confirm it’s not a phishing request.  Never be afraid to ask for help.

3.       Limit personal information

Often, online retailers will require customers to create a user account before they can proceed with finalizing their purchase. In events where this is required, a user should only enter the basic information needed to activate such an account. Providing excessive information, such date of birth, identity document details and phone numbers can increase cybersecurity risks. If a user already has this information set with certain online retailers, it is important that it is hidden or removed from a profile. Where possible, it is best to proceed as a ‘guest’ when checking out.

4.        Create multiple identities and avoid use of public WiFi

The creation of multiple accounts can limit the amount of risk a user’s information is exposed too. Setting up a few email accounts, each with a different purpose, is a good security practice. For example, having individual accounts for making purchases, subscribing to newsletters, and using services that require an email address.  Some solutions today help you create one time use email addresses.

Where possible, it is also best that people avoid using public Wi-Fi network without VPNs when making online purchases. If you do need to use public WiFi, be aware of suspicious ads, be a least privilege user while browsing and always assume your data is being monitored. You should also be sure to disable “Auto Connect Wi-Fi” or “Enable Ask to Join Networks” settings. Since cybercriminals often use Wi-Fi access points with common names like “Airport” or “café,”your devices could inadvertently  auto connect without user knowledge. However, using your cell network personal hotpot over public Wi-Fi is always preferable.

5.       Use HTTPS sites

Users should also focus on using websites that have HTTPS in the URL, where data transferred between the web browser and the website is encrypted for enhanced protection. However, it is important to know that HTTPS only means the traffic is secure and you want to be 100% sure that the website you are shopping at is a trusted vendor.

6.       Use credit card or secure payments versus debit card

When making online purchases, shoppers should use a credit card or secure payment capabilities. This should be done while also incorporating the aforementioned tips like using trusted vendors, HTTPS websites and avoiding public WiFi.

As we approach the holiday shopping season, specifically large online retail events like Black Friday and Cyber Monday, consumers must be on high alert for #cybercriminals who will also be looking to capitalize on such events. #cybersecurity #respectdataClick to Tweet

7.       Increase default security settings

Many websites’ privacy functions are basic or often turned off. Make sure to review what privacy and security options are available to you and enable them. Make your account less visible and make sure security measures are sufficient for the data or services you plan to use the account for. If multi-factor authentication (MFA) is available, use it. Also, make sure to enable alerts and notifications on all your accounts so to ensure you are apprised of any suspicious activity that arises. We must move from security by design to security by default.


Chief Security Scientist & Advisory CISO at Delinea