An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Be safe online this, every holiday season

  • Published
  • By Cybersecurity & Infrastructure Security Agency

DEPARTMENT OF HOMELAND SECURITY, Washington, D.C. — The holiday season is a prime time for hackers, scammers and online thieves. While millions of Americans will be looking online for the best gifts and Cyber Monday deals, hackers will be looking to take advantage of weaknesses in shoppers' devices or connections in order to extract personal and financial information.  

To defend against these attacks, here are a few simple steps to take:

Check your devices

  • Before making an online purchase, make sure the device you’re using is up-to-date. Running the latest software or firmware helps ensure the manufacturers are still supporting it and providing the latest vulnerability patches.
  • Ensure your accounts have strong passwords and use multi-factor authentication, if available. Multi-factor authentication uses multiple pieces of information to verify your identity. 
  • Check the devices’ privacy and security settings to understand how your information is used and stored. Don't share any more information than needed.

Only shop through trusted sources

  • Make sure you're interacting with a reputable, established vendor before providing your information. If you’ve never heard of the vendor or website before, consider a different vendor.
  • Check that website URLs begin with "https" and a closed padlock icon. These items confirm your information is being encrypted online. 
  • Don’t connect to unsecure, public Wi-Fi, especially to bank or shop.
  • Cyber criminals often send phishing emails — designed to look like they’re from retailers — that have malicious links, attachments or ask for your information. Simply delete these emails.
  • Never provide your password or information in response to an unsolicited email. Legitimate businesses will not email you to request this data.

Use safe methods for purchases

  • Check the website's privacy policy before transmitting your information to understand how it will be used and stored.
  • If you can, use a credit card instead of a debit card as there are laws to limit your liability for fraudulent credit card charges. These same laws often don't apply for fraudulent debit card charges. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. 
  • Check your bank statements frequently for fraudulent charges and notify your financial institution immediately if any are found. 

For more cybersecurity best practices, visit https://www.cisa.gov/shop-safely