Department of Homeland Security December Cybersecurity Update

Holiday Shopping Tips from STOP.THINK.CONNECT.

Just like food and decorations, deep discounts and bargain prices have become a huge part of the holidays. As shoppers go online to find good deals, they are also exposing themselves to cyber criminals seeking to exploit the festive season.

Scammers and spammers view the holidays as a golden opportunity to take advantage of unsuspecting online shoppers. Hackers may use tactics like preying on popular keyword searches to lure shoppers to malicious websites, with the goal of collecting financial and personal information.

To help keep you and your bank account safe, it’s important to learn how to shop securely during the holidays. These simple tips from the STOP.THINK.CONNECT.TM Campaign can help protect your personal information and transactions throughout the holiday season:

  • Watch out for deals that look too good to be true. Scammers often try to trick shoppers by offering extremely low prices on hard-to-get items. Don’t open suspicious email attachments or follow unsolicited web links in email messages.
  • Consider using a credit card instead of a debit card. There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection when using your debit card. Check with your card providers to see what protections they provide for each card you have.
  • Avoid financial transactions on public Wi-Fi, which is often not very secure. Save your online shopping, banking, or sensitive transactions for your home network.
  • Keep your computer, browser, anti-virus, and other critical software up to date.
  • Check privacy policies. Before providing personal or financial information, check the website’s privacy policy to ensure your safety.
  • Beware of fake URLs. Malicious websites look like legitimate sites, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Also look in the address box for the “s” in https:// before any transaction. That “s” tells you that the site is taking extra measures to help secure your information.
  • Keep a record of your purchases and copies of confirmation pages in case there are unauthorized purchases on your bank statements. If there is a discrepancy, report it immediately.

Watch Out for These Three Holiday Phishing Scams

Phishing scams use seemingly legitimate emails to trick you into clicking a malicious link or attachment. Scammers use phishing emails to collect your sensitive personal and financial information or infect your machine with malware and viruses. During the holidays, phishing attacks are extremely common and can have devastating consequences. Here are three common phishing scams to look out for:

  1. Fake order confirmations. Online shoppers are used to receiving order confirmation emails from retailers, but what if you haven’t bought anything? Scammers use emails with subject lines like “Order Confirmation,” “Order Status,” or “Thank You for Your Order” to get their victims to click on malicious links or attachments. Don’t fall for it — if you haven’t ordered anything online, the email is fake.
  2. Fake delivery failure notifications. Online shoppers receive packages all the time, and scammers can take advantage of this fact by sending out fraudulent delivery failure or status emails. These emails pose as popular delivery services and claim your package cannot be delivered unless you open an attachment or click a link to supply more information. The scammer either wants to steal your personal information or infect your device with a virus.
  3. Fake charities. During the holidays, many people like to share with those in need. Unfortuntately, scammers also try to take advantage of people’s good will. Watch out for copycat charities with names that sound similar to legitimate charities. Before you give to a charity, research it first. The Identity Theft Resource Center is a good place to start.

You can report suspected phishing attempts in a variety of ways, such as visiting the Anti-Phishing Working Group (APWG) at In addition, the United States Computer Emergency Readiness Team (US-CERT) at also collects phishing email messages and website locations to help people avoid becoming victims of phishing scams. Finally, you can visit the National Cyber Security Alliance’sSpam and Phishing page for more information on how to protect yourself against these attacks.