As we enter the holiday shopping season, cyber criminals are sharpening their cyber-scam strategies. We like to remind our readers about the enhanced risk during the holidays [view related posts here, here, and here]. There has been an increase in online shopping over the years, and particularly since the pandemic began. The holiday season is such a risky time with the potential to become the victim of a cyber-attack that the U.S. Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued a joint warning to “all Americans” alerting them to stay vigilant against cyber-attacks this time of year. CISA has offered a website to assist consumers.

CISA recommends these three simple steps to keep consumers safe when shopping:

  • “Check your devices – Before starting your hunt for the best deal, make sure your devices are up-to-date and all of your accounts have strong passwords. If you purchase an internet connected device or toy, change the default password and check the device’s privacy and security settings to make sure you’re not sharing more information than you want.
  • “Shop through trusted retailers – Before making a purchase and providing any personal or financial information, make sure you’re using a reputable, established vendor. Similarly, if you’re planning to make a charitable donation, be sure to research who or where your donation is going to ensure it’s a legitimate organization.
  • “Using safe methods for purchases – If you can, use a credit card or other forms of digital payments as opposed to a debit card as credit cards often have better fraud protections.”

For more information about shopping online safely this holiday season, visit CISA.gov/shop-safely.

For consumers, this holiday season promises to be even more chaotic than usual due to pandemic-related supply chain shortages. Many consumers may be shopping from unfamiliar sites in the hope of avoiding stockouts and shipping delays. As we have reported in the past, scammers can spoof and mimic well-known sites to make you believe you are shopping on the real site. Once you are on the site and buy an item (usually promoted at a deep discount), the scammer steals your payment information and/or other information you have provided on the website.

When online shopping, make sure you are on the official site of the business; using links from other sites is risky. If you see something on another site, instead of clicking on the link provided, use a new browser search to navigate to the real site.

If you are using an unfamiliar site, do your homework. Consider checking customer reviews or watchdog groups like the Better Business Bureau to verify that the vendor is legitimate, and only submit payment information through an HTTPS enabled form or trusted third-party payment processor. You may wish to consider using only one credit card for your online transactions to ensure that in the event the credit card is compromised, you have limited it to just one and not several cards that you will have to replace.

Safe shopping and enjoy the holidays!

*This post was co-authored by C. Blair Robinson, legal intern at Robinson+Cole. Blair is not yet admitted to practice law.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.