Top 5 Cybersecurity Holiday Shopping Tips

Top 5 Cybersecurity Holiday Shopping Tips

As we enter the holiday shopping season at full speed on Friday, with many places as early as Thursday, we will be spending more money as a society. Thieves, criminals, and malicious hackers know this and are standing by to steal your purchases and your data. This blog post is meant to act as a preliminary guide to help you stay safe. We encourage you to share this with all your friends so everyone is aware and has a happy holiday season.

1. Physical Security


Criminals will be looking for opportunities to physically steal items. This could be items you’ve bought or your financial information, such as checks, cash, and credit cards. They will be watching for opportunities in crowded parking lots, when they have the chance to blend in and loot your car or even steal it.


Try to park in well lit areas. Keep your phone and keys nearby. You may want to carry a small canister of pepper spray. Shopping in pairs or teams will help to allow one person to unlock the car while the others remain alert to the surroundings. Place all valuables out of plain sight. If you fall victim to theft, immediately report it to the police and any financial institutions that issued anything that was stolen.

2. Online Shopping


This is problematic year-round. This is a period of increased scams, malware links, and more active attempts to compromise websites and/or fool the users into clicking bogus links.


Ensure you shop on reputable sites: Amazon, Wal Mart, Target, etc. Ensure that you are on an HTTPS vice http site so that it is encrypted. If a deal seems to good to be true, it probably is. Be wary of what you click and what people tag you in on social media. Ensure that your malware protection is up to date. Consider using something like PayPal for online transactions with smaller retailers. Do not shop online using public or non-secured Wi-Fi, people can easily sniff and capture your information.

3. Credit Card Safety


This is a time when people have their credit card numbers and information stolen.


Review your statement and account information often. If you find something out of the ordinary or something that does not make sense, call the card issuer. Dispute charges that are not yours. You are only liable for the first $50-500 depending on the issuer IF YOU USE CREDIT vice DEBIT. Shred all credit card related documents. You may also want to consider Google Wallet or Apple Pay if you have a device that supports it.

4. Credit Reporting


If someone successfully steals your identity or any information that could be used to do so, they will likely try to take out credit cards or loans in your name. You may or may not receive the documents. There is little you can do to find out about this aside from checking your credit reports.


You should already be checking your credit report regularly. This is a good time of year to check. You can use sites for the bureaus: TransunionEquifax, or Experian; or you can use sites that monitor all three bureaus like Credit Score CompleteCredit Karma, or True Credit. If you find a discrepancy on your report, contact the organization that granted the credit and your local authorities.

5. Oversharing Information and Social Engineering


We will all be taking pictures with our families. We will probably be posting them to social media. Depending on your security settings, this could be viewed by outsiders. They could have the intent of social engineering you to gain information to steal your identity or other nefarious purposes. Pictures of children are frequent targets for predators seeking child porn.


Before you post, review your security settings. I highly discourage you from posting global or publicly visible posts. When/if you receive a friend request from a random person, decline if you don’t know them or have few people in common with them. Additionally, be cautious with any requests for information, namely:

  1. Parent’s Names and/or Maiden Names
  2. Schools you attended
  3. Cars that you’ve owned
  4. Childhood friends
  5. Other possible sensitive information that could be used to compromise your accounts

Other Relevant Articles:

Potential Amazon Password Leak
Top 5 Cybersecurity Threats in 2015
Top 5 Cybersecurity Myths that May Surprise You
Experian (includes T-Mobile)
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

Remain Vigilant this Shopping Season


Enter your email address:

Delivered by FeedBurner

Subscribe to our mailing list

* indicates required

About Joe Gray

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading.