US flag signifying that this is a United States Federal Government website

  Official website of the Cybersecurity and Infrastructure Security Agency

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites..

Woman holding her phone, shopping bags, and a credit card
  1. About NICCS >>
  2. Featured Stories >>
  3. Safe online shopping this holiday season

Safe online shopping this holiday season

Year after year, cybercriminals successfully take advantage of the increase in online activity during the holidays. The Association of Certified Fraud Examiners reports that the incidence of fraud increases by 20% during the holiday season.  The Department of Homeland Security’s STOP.THINK.CONNECT. national cybersecurity awareness campaign urges you to remember the following online shopping tips to avoid your information ending up in the wrong hands:

  • Don’t fall for phishing, no matter how sweet that discount may seem: Phishing emails are the main type of attack aimed at online shoppers during the holiday season to steal your personal and financial information to sell on the dark web. Hackers send emails offering high discounts, free products, and/or issues with a product order you have placed. If it seems too good to be true, it probably is. Do not click on any link or open any attachment that looks suspicious. Look for typos, call the company directly to confirm the legitimacy of an email’s claim, and make sure to report any strange activity. Report phishing attempts to United States Computer Emergency Readiness Team (US-CERT).

  • If there’s no ‘s’ head for the ‘X’: Before entering shipping, billing, or payment information with an online retailer, make sure the web address begins with ‘https://’. The ‘s’ means “secure” and ensures the data entered is encrypted and is less likely to be stolen and then sold online. ‘X’ out of any page that requires your information but doesn’t have a secure ‘s’.

  • “Please pass the CREDIT”: Credit cards are considered safer to use than debit cards when shopping online. Under federal law, your personal liability for fraudulent charges on a credit card cannot exceed $50. If a cybercriminal obtains your debit card information, not only is your liability higher, but the hacker also has direct access to the funds in your bank account. Also, monitor the activity on all your bank accounts throughout the holiday season. Check with your financial institution on any services they may offer to help track your spending activity.

  • Put the criminals to work: One of the easiest ways to protect your personal information is by changing passwords regularly. Create a password using a combination of upper and lowercase letters, numbers, and symbols. Never use the same passwords for your most sensitive accounts, such as banking, email, and social media.

  • This season’s “must-have” items – strong authentication and password managers: According to the Lock Down Your Login campaign, strong authentication is a way of confirming your identity with multiple security methods. It may come in the form of entering a pin that only you know, using special tokens, providing biometric keys like a thumbprint scan, or confirming a log-in through a separate application on your mobile device. Password managers act as a vault for your passwords. Often you submit one or two passwords used by the manager to create multiple, different, long, random, and complex passwords to use for each of your online accounts. Password managers simultaneously address the safety issue of using the same password across accounts and help ensure you will not forget the passwords.

  • Update your software: Keep the software on all devices (phone, computer, tablets, etc.) up to date; updates often come with security patches to keep hackers from accessing the information on your devices.

DHS encourages all Americans to stay safe online throughout the year. Visit for more tips and guidance and protect yourself online during this holiday shopping season.

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate on a survey?