This content is viewable by Everyone


Don’t Let the Bad Guys Steal Your Holidays!

  • Author: Esther Silver

  • Date:

Learn about safe online shopping practices and pass the quiz at the end of the article and you could win one of six $50 Amazon gift cards!

Online shopping has become a familiar go-to: in just a few clicks, your order is processed and on its way to your door. It is estimated that over 20% of retail sales are now online. It’s tough to beat the ease and convenience, making the holiday season the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. This could easily turn your hassle-free online shopping experience into a red-tape nightmare.

According to TransUnion, in 2022, “the average number of suspected digital fraud attempts on any given day between Thanksgiving and Cyber Monday (Thursday, Nov. 24, and Monday, Nov. 28) was 82% higher globally than during the rest of the year (Jan. 1, 2022, to Nov. 23, 2022).

Common ways that attackers take advantage of online shoppers include:

  • Creating fraudulent sites and email messages
  • Intercepting insecure transactions
  • Targeting vulnerable devices

Fortunately, many cyber-threats are avoidable. When you shop in person, you most likely lock the car and put away your cash or credit card when you’re done with your purchase. Similar habits can protect you, your purchases, and your identity when you're shopping online – both during the holiday season and year-round:

Safe Shopping Habits

  • Shop reliable websites and get there safely. If an offer sounds too good to be true, it probably is! Don't be fooled by the lure of great discounts by less-than-reputable websites or fake companies. Use the sites of retailers you know and trust and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link. Scammers frequently will use a URL that is very close to a real retailers URL so look closely. Extraneous symbols in the URL are also a red flag.
  • Beware of seasonal scams. Fake package-tracking emails, fake e-cards, charity donation scams, and emails requesting that you confirm purchase information are particularly common around the holidays. Use known, trusted URLs instead of clicking on links.
  • Conduct research. There are a lot of fake and malicious companies out there this time of year. When considering a new website or online company for your holiday purchases, read reviews and see if other customers have had positive or negative experiences with them. Also verify the website has a legitimate mailing address and a phone number for sales- or support-related questions.
  • Pay by credit card only, not by debit card, wire transfers, money orders, or gift cards. Credit cards offer protections that may reduce your liability if your information is used improperly. Debit cards typically do not have the same level of protection. Wire transfers, money orders, and gift cards put the money directly into a scammer's pocket, and you likely won't receive anything for the money you paid.
  • Don't auto-save your passwords or credit card numbers. The inconvenience of having to re-enter the information is insignificant compared to the amount of time you would spend trying to repair the loss of your stolen information.
  • Check your credit card and bank statements regularly. These are often the first indicators that your account information or identity has been stolen. If there is a discrepancy, report it immediately.
  • Don't ever provide your financial information or personal information via email or text.

Best Habits for Shopping and Everything Else You Do Online!

  • Always think twice before clicking links or opening attachments – even if they appear to be from people you know, legitimate organizations, your favorite retailers, or your bank. Messages can easily be faked. Use known, trusted URLs instead of clicking on links. And open known, expected attachments only. When in doubt, throw it out!
  • Keep clean machines! Before searching for that perfect gift, make sure your device, apps, browser, and anti-virus/anti-malware software are patched and up to date.
  • Unique account, unique long and strong password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your UCSF and personal accounts and make sure that your critical accounts have strong and long passwords – and multi-factor authentication if possible.
  • Secure all your devices with a complex password. Don’t use the same password for multiple accounts. Set a timeout that locks your devices after a period of inactivity and be sure they require a password or other authentication to start up or resume activity.
  • Use only apps from known, reputable sources. Less reputable apps can include malicious software ("malware") designed to steal credit card and other sensitive information. Keep your apps up to date.
  • Look for https:// (not http://) in the address bar before using your credit card online. This assures a secured encrypted connection to the website.
  • Don't respond to pop-ups. Ignore pop-up offers and deals. Just close them. Don’t respond, click on the links, or call the phone numbers. Similarly, don’t respond to pop-ups saying that you need to buy anti-virus software or software to “clean your infected computer.” These are all scams.
  • Disable Bluetooth, wireless, and Near Field Communications (NFC) when not in use to reduce the risk of your data being intercepted by thieves.

Take the IT Security Awareness quiz. Everyone who passes is entered to win a prize! The prize for passing this quiz is an entry in a drawing for one of six $50 Amazon gift cards.

Shopping security resources