To get ahead you have to stay informed.


Safe Online Shopping for the Holidays

What you'll learn: How to be safe while online shopping


The holiday season brings cheer and an increase in online shopping activity – and with that comes an increase in fraudulent activity from scammers, malware campaigns and identity thieves. Don’t let this put a damper on your holiday but rather arm yourself with the knowledge and tools needed to recognize, avoid and report these attempts so that you are not a victim.

Be vigilant when browsing or shopping online this holiday season. Watch out for:

  • E-cards from unknown senders may contain malicious links.
  • Fake advertisements or shipping notifications may deliver infected attachments.
  • Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.
    • Unexpected emails from recognized brands like Target, Costco, Home Depot, Walmart or Apple about a recent in-store or online order.  The email will look real and have a reasonable subject like “Acknowledgement of Order”, “Thank you for your order”, “Order Confirmation” or “Order Status”. It may then offer a follow-up by clicking on a link.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Don’t carry credit cards you won’t be using
  • Shop at online site you can trust:
    • Make sure the website address starts with “https”; the “s” stands for secure.
    • Look for the padlock icon at the bottom of your browser, which indicates that the site uses encryption.
    • Type new website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.
  • Don’t reveal personally identifiable information such as your bank account number, Social Security number, or date of birth to unknown sources.
  • Check your account statements regularly. Review your banking, credit card, or payment service statements regularly to ensure there are no unauthorized charges or withdrawals.
  • Monitor Your Credit.
  • Make sure you check your mailbox often to prevent packages from being stolen or your sensitive information from being pilfered from the mailbox on your curb.
  • Avoid accessing your personal or bank accounts from a public computer or public Wi-Fi network, such as the public library. Not only can cybercriminals potentially gain access to your accounts through public Wi-Fi, but strangers can easily shoulder surf and see the sensitive information on your computer or mobile device screen.
  • Get Real-Time Purchase Alerts
  • Make strong and complex passwords.
    • Create a password with 8 characters or more and a combination of upper and lowercase letters, numbers, and symbols.
    • Use unique passwords. Use different passwords for different programs, accounts, and devices. By having multiple passwords, even if attackers do get one of your passwords the rest of your accounts are not compromised.
  • Consider using two email addresses – one for family and friends and another for online shopping and bills makes unusual emails stands out if you receive a request for order confirmation in the mail queue used for family.
  • Review social media permissions. If a payment service is linked to your social media account, your payment or purchase history could accidentally be shared with your larger network. The more you post about yourself, the easier it might be for someone to use the information you post to access your accounts, steal your identity, and more. Be sure to review and understand those privacy permissions and settings.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • File a complaint with the FBI's Internet Crime Complaint Center (IC3).
  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

Sources of additional info:

Have a happy and safe holiday season from PenFed!

Have More Questions about Security? PenFed Has Answers.

Learn more about protecting yourself from online theft and threats.