December 12, 2018

Online Shopping – Cybersecurity Tips for the Holidays

Woman sitting, surrounded by holiday presents, with laptop on her lap and shopping online
Woman sitting, surrounded by holiday presents, with laptop on her lap and shopping online

The busy holiday season is here and, for many, that means shopping and spending time with family and friends. It is also a busy time for cybercriminals, with over 40 percent of online scam attempts occurring during the last quarter of the year.

To have a safe and secure holiday season, we recommend the following safety precautions:

  • Use a Credit Card: It’s nearly impossible to tell how secure an online merchant is, so it’s best to be cautious and shop as though all merchants have been compromised. With that in mind, if you have a choice between using your credit or debit card, shop with your credit card. While you may not be liable for fraudulent charges, the effect of having your debit card compromised can be felt immediately when your checking account has been drained, and checks or recurring charges do not clear.
  • Review your Statements: Keep a close eye on your bank and credit card statements. Fraudsters are notorious for using the busy holiday season to make unauthorized charges on stolen cards, and the bogus purchases can get buried amid the flurry of legitimate purchases. Review your statements regularly (daily is best) and quickly dispute unauthorized charges.
  • Don’t Take the Bait: A favorite holiday phishing and malware scam involves spam emails that purport to have been sent by the U.S. Postal Service, FedEx, UPS, or other shipping services. The spam email is usually regarding a wayward package or asks for additional information for delivery. When in doubt, visit the e-commerce site or shipping site directly, and avoid clicking on links or attachments in emails.
  • Click with Care: Cybercriminals love to use holiday shopping and travel scams to gain access to information and computer systems. Scammers try to lure you to copycat websites of well-known brands or retailers by advertising great deals on hot-ticket items on social media sites or through search engines. Their goal: to deliver malware to your computer, steal your credit card number, or “phish” for personal information.
  • Connect with Caution: Most public Wi-Fi networks are not secure, so think twice before shopping or banking while on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth before leaving home.

A security tip no longer recommended is the “look for the padlock” test. The presence of a padlock icon next to the website address used to signal a legitimate site versus a phishing trap. Unfortunately, half of all phishing scams are now hosted on a site whose address begins with “https://” and includes a padlock icon. The presence of the padlock icon does not mean the site is legitimate. A website address with an “https://” address or “Secure Sockets Layer (SSL)” simply signifies that data transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties; not that the site is legitimate.

Major web browsers are working with security organizations to index and flag new phishing sites with warning pages; however, not all phishing scams are flagged quickly. With the “look for the padlock” test taken away, it’s paramount that you stay alert and vigilant about reviewing emails, links, and attachments for suspicious content. For more tips on how to keep your information safe during the holiday season, and how to help your family and friends with a cybersecurity checkup, visit

At River City Bank, your personal and financial security is our top priority. If you have questions or concerns, please call a customer service representative at (916) 567-2899 or (800) 564-7144 or visit your nearest branch.

Related Posts