Online Shopping — Pause, think before you pay!

The 12 Cyber Security Tips of the 2020 Holiday Shopping Season 

With holiday shopping already in full swing and the impacts of the COVID-19 pandemic making people rely more on online shopping, a useful gift for you is these 12 Cybersecurity Tips. Don’t let a cyber-grinch ruin your holidays!

Online shopping laptop

#1 Be Skeptical  

Online shopping dogCybersecurity online during the holiday season starts with being skeptical. According to McAfee, “It’s beginning to look a lot like the holiday season — and with the holidays comes various opportunities for cyber-scrooges to exploit this. While users prepare for the festivities, cyber-criminals look for opportunities to scam holiday shoppers with various tricks.” That’s why it is necessary to be skeptical rather than trusting.

Use common sense when shopping online:

  • If a deal seems too good to be true, assume it is a scam.
  • If you think an e-mail is fake, it probably is.

#2 Watch Out for Seasonal Scams

Unfortunately, the cyber-scrooges have found ways to exploit the goodness in people’s hearts during the holiday season. E-mail phishing scams are especially rampant during the holidays.

For this reason, a cybersecurity mindset is necessary when opening any and all e-mails this holiday season. Cyber-criminals often send fake holiday e-cards with links that are malicious and steal personal information.

McAfee also reports, “Since many people do a lot of their holiday shopping online, users should also beware of shipping notification scams, as respondents […] have fallen victim to these scams throughout this year.”

This seasonal scam is a threat this year due to the amount of online shopping and higher number of shipping delays. 

Sadly, charity donation scams are also an issue during the holiday season.

Cybersecurity tip: if the e-mail has typos, grammar errors, or the company logo looks different, assume it is a phishing e-mail.

#3 Shop Only on Sites You Know

There are currently 7.1 million online retailers in the world and more than 8 in 10 Canadians  shopped  online  in 2018. Not all of these online retailers are trustworthy.

That’s why it is important to shop only at sites you know, such as the official online stores for in-store retailers you frequent.

If you see a gift item advertised as significantly lower at an unknown online retailer, research to make sure it is a safe site before purchasing.

Online shopping credit card#4 Use a Credit Card 

When shopping online, always use a credit card instead of a debit card.

It is better to have your credit card compromised than for a cyber-criminal to drain your checking account. Plus, credit cards offer fraud protection.

#5 Keep Software Updated

Set computer and mobile devices to update automatically. In addition to installing software updates that make devices work better, these updates also make devices more secure and protect users from cyber-criminals.

Online shopping autosave#6 Don’t Autosave Info

Yes, it is convenient to have the stores where you shop save your personal credit card information, but it is riskier. If you store your credit card information via autosave, hackers can access that information.  Protecting yourself against cyber-crimes is worth the little bit of extra time it takes to re-enter your credit card information each time you want to make a purchase.

Bonus — it’s harder to make impulse purchases when you have to enter your credit card information!

#7 Avoid Shopping Online using Public Wi-Fi

Public Wi-Fi sounds like a good idea, but cyber-criminals can also take advantage of it.

Cybersecurity online during the holiday season means avoiding public Wi-Fi for this very reason.

If you must use public Wi-Fi, use a VPN. The National Cyber Security Alliance explains, “A VPN is a service that encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing."

The encryption part of a VPN is like what you get when you visit an HTTPS site. Anyone who happens to intercept internet traffic between the smartphone or laptop and the VPN server won’t be able to decipher its contents, including public Wi-Fi hackers.

#8 Use Strong Passwords and Multi-Factor Authentication

Online shopping loginOne of the most effective ways to practice cybersecurity is to use strong passwords and multi-factor authentication. When creating strong passwords, use a combination of letters, numbers, and symbols. Also, avoid these common password mistakes:

  • Using personal information, such as a pet’s name or anniversary
  • Using your user ID as your password
  • Using simple number sequences, such as 12345
  • Recycling your password and using it for multiple websites
  • Not changing your passwords frequently
  • Sharing passwords

For more information see our setting up passwords/pass phrases page.

With multi-factor authentication, the user must enter additional proof of ID to gain access.

For example, you are required to both login with a password as well as provide a one-time verification code sent via text message.  While a cyber-scrooge may have your password, unless he has access to your cell phone, he won’t have a way to receive the one-time verification code.  

#9 Go Directly to the Source

Treat emails or pop-ups as suspicious unless you can verify them. In tip #2 above, we discussed the potential for shipping notification scams. If you receive an e-mail from a shipping company such as UPS, go to the UPS website or contact customer service to verify rather than clicking any links inside the e-mail. This would be the same for e-mails you receive about deals online. Don’t click on the link. Find another way to verify if it is real.

#10 Check Your Statements

Stay on top of cybersecurity online during the holiday season by routinely checking your credit card and bank statements. If you notice any discrepancies or purchases you have not made, contact your credit card company immediately. 

#11 Never Give Your Personal Info Out Online

Never (ever) give out your personal information online. For example, if you receive an e-mail or text message requesting personal information, such as your credit card number, it is likely a scam.

#12 Pay Attention to the URL 

Online shopping URLOne way to practice cybersecurity online during the 2020 holiday season is to pay attention to the URL. The URL is the website address, such as

A website’s URL can tell you if it is a secure or not. Secure websites should use https. The “s” means secure.  Additionally, the padlock icon appears to the left of the website address on secure online retailers.   If you don’t see the “s” or the padlock, the site is not secure.

Cybersecurity tip — if you receive an e-mail with links, hover over the link to see the URL where you would be taken if you clicked it. 

More tips to keep your online shopping cybersafe