Five Tips to Stay Cyber Safe While Shopping Online This Holiday Season

November 18, 2020

Hand holding credit card at laptop.

Having your identity stolen can turn the merriest of holidays into the scariest. And this year will be prime for hackers who know many of us will be doing our holiday shopping online.

“The upcoming holiday season is the most important season for cybercriminals who will do everything they can to steal your data,” said Ronny Bazan Antequera, assistant teaching professor in the Information Technology Program at Mizzou Engineering. “In previous years, the number of malware attacks had major peaks during the holidays. As more people are shopping from home this year, we could see an even larger spike in cyberattacks.”

Portrait of Ronny Bazan Antequera


But there is good news. With a little effort, you can protect yourself from falling victim to cybercriminals.

Here are five tips Bazan gives as we head into the online shopping season.

Research the company.

You’re scrolling through a social media feed and all of a sudden you come across an ad for a poster, T-shirt or piece of jewelry that looks like it was designed just for you. And it likely was—social media knows what you’re interested in based on groups you’ve joined, photos you’ve posted and what content you’ve interacted with.

But before you purchase that trinket, make sure you know who’s selling it.

Do an independent online search for the company name. If they have a website outside of the social media platform, read up on their privacy, return and complaint policies. See if there are any user reviews about the company or Better Business Bureau complaints.

If you don’t see the “s” – stop.

If you’re comfortable purchasing an item from an online store, pay attention to the URL when it’s time to make the purchase.

While many smaller shops rely on a third-party vendor such as PayPal, others may be requesting your credit card information directly on its site.

Take a minute to make sure the URL reads “https” and not just “http.” The “s” stands for a security certificate and should be accompanied by a small lock icon next to the URL. This ensures that your data will be encrypted during the transaction.

Without the “s,” anyone can hack into that system and see your information when you enter it. It doesn’t matter whether you trust the company, the information will not be protected from outside hackers.

Think before you link.

You’re likely going to get emails promoting holiday sales, perhaps even with enticing coupons. Don’t be quick to click.

Anyone can create an email that resembles the look and brand of a well-known company. So even if the email looks like it’s coming from your favorite store, take an extra step and verify it.

Hover your mouse pointer over the link to disclose the actual website destination. Look for anything odd such as a misspelling or missing letter. Even if you click on a link and the website looks right, be cautious—hackers know how to create fake sites that mimic legitimate ones.

Better yet, don’t click at all. Go to the actual website of the company and log in. Any legit discount tied to your account should be available there.

Same goes for attachments. Don’t download something claiming to be a coupon without verifying that the email is coming from a trusted source.

Transfer funds with confidence.

It’s never a good idea to send cash through the mail, and that’s especially true these days. While monetary gifts are usually much appreciated by younger family members, many schools, campuses, coffee shops and other entities have adopted cashless policies during the time of COVID-19. And checks aren’t much use to teens who don’t have bank accounts.

Transferring money electronically is OK as long as you know and trust the company transferring it. If you aren’t familiar with a site or app your loved one is requesting that you use, do some research before signing up for an account. Understand whether there are fees associated with the transaction.

Even then, Bazan says, don’t use a platform you’re not comfortable using. Instead, wire money through your bank or send a gift card.

Practice the same principles when donating.

The holiday season is also a time to give back, and for many charities, it’s their largest fundraising season. But that also means hackers know they can take advantage of your generosity.

Apply the same principles when donating online as you would to shopping online. Make sure the website has the “https” and lock icon before starting a financial transaction.

Be wary of charities you’ve not heard of and do some research before giving.

If an email comes from a charity asking for money, don’t click on a link without making sure the URL goes to the website you expect. Or, go directly to the website to make that donation.

Ronny Bazan Antequera teaches introductory and advanced cybersecurity courses in the IT Program at Mizzou Engineering.