The holiday season is almost upon us, which means the holiday shopping season is also almost upon us.

And as always, it’s bound to be a crazy time of scrambling for the biggest and best deals, both in stores and online.

But while your wallet is destined to take a hit as you stack up on gifts for your family and friends, you want to make sure cybercrooks don’t make your list of people who will be receiving presents this year.

Sadly, with 2014 being labeled by some as ‘The Year of the Hack’, it may be easier for them than ever before to do just that. Fortunately, armed with some general security know-how, you can make their hacking jobs significantly harder while making your online shopping experience slightly less stressful.

Here are 5 online shopping tips to stay secure this holiday season:

Be Breachophobic

This one applies to traditional holiday shopping as well…

With the influx of massive data breaches across a wide variety of industries, no company seems to be safe. And popular retailers have been hit particularly hard (looking at you, Target, Michaels, Home Depot, Staples, KMart, etc).

Unfortunately, these breaches don’t show any signs of slowing down. Perhaps even more unfortunately, as a result of this, consumers are experiencing ‘breach fatigue’ and not changing their buying behavior even in the midst of all these attacks (according to a recent report from Ponemon).

But in this case, fear is actually a good thing. It keeps you on your security toes. Don’t have the ‘yeah, a lot of people are impacted, but it won’t happen to me’ attitude when it comes to breaches.

If you learn of a breach at a company whose store you recently bought something in or at a bank that you use, take a proactive approach. Call you credit card company and have a new card issued ASAP. Call your bank and find our what steps you need to take to protect yourself. These are not the most fun activities, but they could save you from a potential financial/data loss nightmare.

Likewise, if you’re planning to go shopping at a particular retailer and you find out they’ve recently experienced a data breach, look to do your shopping elsewhere. Ok, maybe you won’t be able to take advantage of that exclusive Black Friday deal, but most of the competing big-name stores will likely have something similar. Plus, what good is that brand-new big-screen TV you got for a ‘steal’ if attackers got access to your credit card number?

Beware of enticing ‘Amazing Deal’ links in your email inbox

If a deal looks too good to be true, it probably is.

Phishing emails are still a popular tool for cybercriminals. The difference these days, however, is that they look more legitimate than they did in the past. Obvious red-flags like blatant grammatical errors or strange email addresses from the sender are less common and the bad guys are finding more creative ways to get you onto their fake, information-stealing pages.


An example of a UPS Phishing email (Source: PC Mag)

And the fact that the holiday season has many legitimate great deals actually benefits cybercriminals, giving them a perfect opportunity to blend in with a phishing email that would normally seem out of place.

So don’t just immediately click a link in that ‘great deal’ email that popped up in your inbox. Verify that the sender is legitimate, check for grammatical errors and inconsistencies, and even compare it with another email you’ve gotten from that company in the past that you know was legitimate. If there’s something odd or out-of-place, don’t pull the purchase trigger and potentially open yourself up for identity theft or money loss.

Know your surroundings

Just because you can connect to WiFi almost anywhere doesn’t mean you should connect to WiFi any time it’s available.

If you’re doing any of your holiday shopping online, it’s really in your best wishes to do it over a secure network.

As appealing as it may seem to knock out some of your holiday shopping as you’re sitting sipping your mocha at that coffee shop, know that public WiFi hotspots are just that – public. That means anybody can connect to them, including an attacker looking to catch a hapless holiday shopper unawares.

There’s a much lower chance someone will break into your network at home, unless of course your home network isn’t password protected. Which brings up another good tip – password-protect your WiFi network at home. And make sure to actually use a strong password! No ‘password’ for your password.

Mobile Devices are vulnerable, too

PC, Mac, Android, iOS…it doesn’t matter. No device/operating system is malware or hacker-proof. Let me rephrase: that means mobile devices aren’t in the clear! No, not even the iPhone is safe; remember the recent WireLurker malware?

So if you’re thinking: “I’ll just do my all my online holiday shopping on my tablet to avoid the chances of getting hacked”, don’t do that. It’s a flawed mindset.

Mobile is a hot target for hackers at the moment. Remember that today’s mobile devices aren’t the bricks of yesteryear that you used to make calls and play Snake. Nope, today’s smartphones (and especially tablets) are bonafide computing machines, and protecting them in the same way you’d protect your computer isn’t an idea that should be ignored.

But aside from installing mobile security (which you should definitely do), there are other actions you can take to mitigate mobile risks, a major one being not jailbreaking/rooting your devices and/or using third-party app stores. Easier to do and access on Android devices, these third-party app stores are often riddled with malicious apps that can steal your information and dollars.

Safeguard all your devices

Even if you’re intelligent in your browsing and downloading habits, having computer ‘street smarts’ isn’t enough anymore. New threats are emerging seemingly by the hour, vulnerabilities like HeartBleed and Shellshock are coming into light, and if you fall victim to an encrypting ransomware (that seems to be ever-evolving) with no sort of protection, you’re paying hundreds of dollars to get your files back or paying even more for a new computer.

But let’s bring it back to the holiday shopping topic. Take the fake phishing email scenario, for example. Even if you take the aforementioned steps to verify the validity of the email, you’re not completely out of the ‘cyber’ woods. Like I said, hackers are becoming increasingly more clever and those phishing emails are often very difficult (if not flat-out impossible) to distinguish from the real thing. You need an intelligent security solution to have your back in case you get tricked despite your best efforts.


The holiday shopping season is less than a week away so be sure that you’re ready and that your devices are secure. Follow these basic online shopping security tips and go out there and buy those presents…carefully, yet confidently! And by ‘go out there’, I mean on the internet. That way, you can avoid this:

(Source: CNN Money)

Happy holiday shopping!

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This