Illustration: Mitch Blunt

It's the season for eggnog lattes, office parties, and lots of online shopping. But it’s also the most wonderful time of the year for hackers.

Like the Grinch peering down the mountain at Whoville, cybercriminals are watching you. They're seeking easy targets for phishing, ransomware, credit card fraud, identity theft, and other nefarious schemes.

So before you start typing in your credit card number to get that too good to be true deal you saw in a Facebook ad, take a minute to make sure that your devices are locked down.

And be careful where you click and who you give your information to. What looks like a gift from Santa could actually be a big pile of coal.

Here are a few ways to stay safe from online threats as you do your holiday shopping.

Better Watch Out

Update everything. One of the easiest and best things consumers can do to boost their digital security this holiday season is to make sure that all of their devices are up to date.

When software providers find out about bugs, they send out patches to fix them. But hackers are constantly on the lookout for old, unpatched systems. So make sure the operating systems on your computers and mobile devices have all of those patches. The same goes for all the apps on them that you use to shop.

More on Protecting Your Privacy

And don’t forget about your antivirus software. Don’t have any? There are many good free and paid versions out there. Consumer Reports members can consult our ratings for help in picking one.

Strengthen weak pass­words. Creating strong passwords is especially important on shopping, email, and banking accounts. Long strings of random letters, numbers, and symbols are best. And never use the same password for more than one account.

Enable two-factor authenti­ca­tion. You’ll need two pieces of information to log in to an account from a new laptop or phone. The first is your password; the second is typically a one-time code sent to your smartphone. This will help keep hackers out of your accounts even if they have stolen your password. (Two-factor authentication can also be called multifactor authentication; the wording varies by company.)

Don't feed the phish. Careful what you click on. Fraudsters might actually be behind what looks like an emailed shipping notification or ad on social media promoting a great discount on a hot holiday gift. Instead go directly to that shipping company or retailer's website. 

Beware of naughty apps. According to RiskIQ, a cybersecurity company that keeps a database of blacklisted apps, about 2 percent of the holiday shopping-themed apps out there are malicious. They're either carrying malware or looking to steal your payment or personal information.

Protect yourself by sticking with the major app stores, and be careful what permissions you grant the apps you use.

Be wary of free WiFi. Cybersecurity experts have long warned consumers to stay off public WiFi for fear that their internet traffic could be intercepted by a hacker. Thanks to the widespread use of encryption on websites, that's not quite as big a concern anymore.

That said, there’s no reason to tempt fate. Wait till you get home to check your checking account balance. Or just use the data connection on your phone. It's significantly more secure than WiFi.

And consumers still worried about a potential hack can take the extra step of using a virtual private network (VPN).


Go to 
Consumer Reports’ 2019 Holiday Gift Guide for updates on deals, expert product reviews, insider shopping tips, and much more.
 

Checking It Twice (and Maybe More)

Sometimes consumers can do everything right and still get their information stolen. So it’s important to keep a close eye on your online accounts so you can spot fraud right away.

Keep it simple. One of the easiest ways to do this is to use the same credit card and email account for all of your holiday shopping. In addition to making it easier to spot phishing emails, you get the added benefit of keeping a closer watch on how much you’re spending.

Stick with a credit card. While banks and credit unions will eventually make you whole if someone empties your checking account, seeing your money disappear can be a lot more stressful than an inflated credit card bill.   

One more tip: Many banks will let you set text or email alerts for transactions that exceed a certain amount of money. That lets you know right away whether a cybercriminal has gone on a shopping spree with your account.