Original release date: November 23, 2022
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) is committed to helping Americans stay safe online this holiday season. In the coming weeks, millions of Americans will be looking for the best deals on the internet. Meanwhile, cyber criminals will be hard at work looking to target online shoppers.
The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get your personal and financial information to compromise your data, deploy malicious software, steal your identity, and take your money. But with some simple actions, you can stay safe while you shop online.
“As the nation’s cyber defense agency, our goal is to make sure Americans are safe online, especially during the holiday season,” said CISA Director Jen Easterly. “By following a few guiding principles like checking your devices, shopping from trusted sources, using safe purchasing methods, and following basic cyber hygiene like multi-factor authentication, you can drastically improve your online safety when shopping online for gifts this year. Your cyber safety should be treated like your physical safety. Stay vigilant, take steps protect yourself, and trust your instincts. If you see something that doesn’t look right, there’s a good chance it isn’t.”
At CISA, we are committed to helping Americans better protect themselves online. We recommend taking a few easy actions to prevent yourself from becoming a victim of cyber crime while shopping this holiday season:
- Check your devices: Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if multi-factor authentication is available, are you using it? Multi-factor authentication (or two-factor authentication), uses multiple pieces of information to verify your identity. Even if an attacker obtains your password, they may not be able to access your account if it’s protected by this multiple step verification process.
- Shop through trusted sources: Think about how you’re searching online. How are you finding the deals? Are you clicking on links in emails or ensuring you’re on the correct vendor’s website? Are you clicking on ads on webpages? You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something’s probably not right.
- Use safe methods for purchasing: If you’re going to make that purchase, what information are you handing over? Make sure you understand how your information will be stored and used.
Visit CISA.gov/shop-safely for more tips on how to have a safe and successful online shopping experience this holiday season.
In addition to his guidance for individuals, CISA and the FBI released guidance last year urging all organizations – especially critical infrastructure partners – to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats during the holidays. We strongly encourage organizations to review this guidance and ensure they remain vigilant during this holiday season.
About CISA:
As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information.