Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News  ›  2019  ›  online-holiday-threats

Festive computer screen with mobile shopping cart

December 06, 2019

Stay Safe from Online Threats This Holiday Season

As the holiday season approaches, the Information Security Office (ISO) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber attackers may send emails and holiday e-cards containing malicious links or attachments infected with malware. They may also send links to spoofed webpages that look like legitimate businesses in order to capture account credentials and financial information.

The ISO encourages users to remain vigilant and take the following precautions:

There’s No Place Like Home for The Holidays

  • Avoid making purchases, paying bills, or handling sensitive information over public Wi-Fi. Criminals can spy on your online activity. Wait until you are on a secure network connection at home or use a Virtual Private Network (VPN).
  • When shopping be sure to use "https". Many sites use webpages that encrypt the information being entered. Indications that your information will be encrypted include a URL that begins with "https" instead of "http" and a padlock icon. If the padlock is closed, the information is encrypted.

Ho-Ho Hold on Before You Click

  • Think before you click! If an offer sounds too good to be true, it probably is. Never make a purchase through a linked URL or image.  
  • Only shop from official retailers. On the web, some businesses are fabricated by people who want your credit card information and other personal details. To be safe, consider doing online business only with retailers you trust and have shopped with before. At the very least spend time to confirm it’s a legitimate entity by checking customer reviews and other consumer feedback.

You Better Watch Out

  • Be wary of phone calls and emails requesting personal information. Attackers may attempt to gather information by sending emails or phone calls to confirm a purchase or verify account information. Legitimate businesses will not ask for this type of information over the phone or through email.
  • Create strong passwords for your devices and accounts. Attackers will use any information they scrape from the Internet about you to hack your password. When signing up for new accounts, be sure you are using strong, unique passwords for each site. Use a Password Manager to help you manage each sites password.

Make a List and Check it Twice

  • Monitor your bank and credit card statements regularly. If there is a fraudulent charge, report it immediately. Keep it simple and use the same credit card and email account for all your holiday shopping.
  • Shop with a credit card. If compromised, a credit card gives you more protection, and leaves you less vulnerable financially, than a debit or prepaid card. Many banks will let you set text or email alerts for transactions that exceed a certain amount.