Cybersecurity tips for holiday online shopping

Jessie Pudelek

Thanksgiving has come and gone, and we are now setting our sights on the holiday season and trying to find that perfect gift! In the rush of holiday shopping it is especially important to keep cybersecurity best practices in mind so your financial information and money stays safely yours. Fermilab’s cybersecurity team has compiled a few easy tips to help you stay safe when shopping online.

Use well-known, reputable websites

It is always safer to stick to well-known, reputable websites when making online purchases. Lesser-known sites are riskier since it may be unclear how the site is storing and protecting your credit card information. You should also watch for malicious “fly-by-night” websites. These sites are up for only a short period of time and are designed to look like legitimate businesses when, really, they are trying to steal your information. If you choose to shop with a company that is not well-known, do some research first to see what kind of reputation it has.

Look for the lock

When making online purchases, look for a lock icon in one of the top corners of your web browser. The lock icon tells you that the site is using the HTTPS protocol that encrypts your web session and, thus, your financial transactions. Without this, your credit card information would be transmitted to the company in plaintext, which an attacker can easily intercept and read.

Use one credit card with a low credit limit for all online purchases

It is much easier to keep track of online purchases and what stores have your credit card information if you use only one credit card for online shopping. It is also a good idea to keep a lower credit limit on this card so that if it does get compromised, the attacker will not be able to access as much money.

Check your credit card transactions

It’s important to keep track of your credit card transactions. Know what you have purchased and where so that, if you see an unusual charge on your card, you will know it has been compromised and can cancel it right away.

Make purchases at home

It is safest to do online shopping at home, where you are on your private network and behind your own security controls instead of at an open public Wi-Fi environment such as a coffee shop where other people in the area can intercept the data that is being sent to and from your computer.

Be wary of phishing, especially package delivery scams

Phishing emails are always a significant threat and even more so during the holidays. In 2018, phishing emails rose 50% during the holiday season, compared to the annual average. Package delivery phishing scams are especially tricky during the holiday season, when we are naturally expecting lots of packages. The best way to confirm whether you’ve received a real-delivery email is to copy and paste the tracking number into the delivery site, such as for UPS or FedEx, to see whether there is information for the package. This is preferable to clicking on a link. If the site says the package is not found, you know it is a phishing email.

If you receive any suspicious emails at work, forward them to the Fermilab Cybersecurity Team at Doing so allows us to block any malicious links and protect others at the lab. We post screenshots of malicious messages on our Suspicious Emails of the Week page on the Cybersecurity At-Work site.

If you report a suspicious email, you will also be entered for a chance to win a Fermi Trading Card (pictured above). These cards are great for collecting and keeping track of the Cybersecurity Team’s contact information. They can also be used as bookmarks! Three winners will be selected each week.

Looking for more information? Check out the first episode of Irwin’s Cybersecurity Corner on safe online shopping.

Jessie Pudelek is a computer security analyst at Fermilab.