Shop Online Safely Armed with Knowledge, Defeat Cybercriminals


The world of shopping truly has gone from brick and mortar to cyberspace. As more Californians go online to buy their items – especially for Cyber Monday – they are potentially putting their financial lives at risk. So, with that in mind, the California Governor’s Office of Emergency Services (Cal OES) is here to help arm you to defend against those cybercriminals lurking in the shadows of the world wide web just waiting to pounce on your financial data.

Here are ten simple ways to protect yourself against scams during the holidays:

  1. Don’t click links in emails

Emails are a particularly common way for fraudsters to gain access to your credit card information or identity. Hackers send what’s called a phishing email, in which they copy a store’s sale or discount email and include a link to a false portal asking for your info. A quick and easy way to avoid falling for a phishing scam is to check the sender’s details carefully and hover over links before you click.

  1. Don’t open attachments from retailers

Just as you should avoid clicking on email links, don’t open attachments from retailers. Cyber criminals aren’t only impersonating retailers, either. You could get a fake email that seems to be from a major shipping company like UPS, FedEx or DHL. Instead of clicking on a tracking number listed in an email or opening up an attachment, go directly to or to check the tracking number.

  1. Avoid pop-ups and ads

Malware and viruses aren’t just spread via email. They can follow you around the Internet in the form of pop-ups and advertisements — these are referred to as malvertising, or malicious advertising. These types of ads can send you to sites that ask for your information, but they can also infect your device with a wide variety of harmful programming such as adware, spyware and ransomware. This is a form of malware that locks up specific files or your entire computer and forces you to pay to get access back.

  1. Beware of e-skimmers

Card skimming has been happening for years. It’s a scam that typically happens at gas stations or ATMs, where a criminal installs a device that gathers credit card numbers and information when you swipe your card. That practice has gone digital, the FBI says. Cyber thieves can install malicious code on a retailer’s website to gather credit card data when you check out.

  1. Use a credit card

Many experts recommend that you use credit cards instead of debit cards. That’s because the Fair Credit Billing Act makes it so consumers are only liable for up to $50 in fraudulent charges. And many major credit card companies, including American ExpressDiscoverMastercard and Visa, offer “zero liability” policies, so you don’t have to pay for any fraud.

  1. Use a secure network to shop

When shopping online, make sure you’re using a private Wi-Fi connection or your smartphone’s cellular network to browse the internet. Public Wi-Fi networks are notoriously insecure and could open you up to malware or hacking.  If you absolutely need to use public Wi-Fi, use a Virtual Private Network, or VPN, that will encrypt your browsing history and activity. 

  1. Be suspicious of free offers

During the holidays, there’s an “explosion” of survey and gift card scams. These are generally emails that supposedly offer you payments or gift cards in exchange for taking surveys.  Instead, when the user clicks through, they end up on websites that may look legitimate and ask you for your credit card information or Amazon account credentials “so they can pay you.” Yet when you type your credentials in this site, you’re giving them directly to the attacker.  These types of emails may also contain a common technique Baggett calls “hidden text.” Normally invisible to you, this is text scammers put in to confuse the mail protections that Microsoft, Google and others use to try to protect you.

  1. Diversify your passwords

Many folks use the same passwords over and over again. But cyber thieves can use a stolen password to try to break into other accounts and sites that may expose your personal data.

  1. Monitor your accounts

Throughout the holiday season, keep a close eye on your bank and credit card accounts. To help protect your identity, set up alerts and monitoring — either with your bank or an outside app — that will let you know if any suspicious activity occurs. Also, keep a close eye on your annual credit report for any new accounts or queries you didn’t initiate.

  1. Beware gift card scams

A gift card can be the perfect holiday gift for that hard-to-please person on your list. But scams tied to these cards are becoming increasingly popular. One popular strategy used by criminals is to scan or write down the card number in the store, draining the funds before they are even gifted.  When buying physical gift cards off the shelf, carefully inspect it to make sure there’s no tampering and you cannot see the code or PIN. Many experts recommend buying electronic gift cards online.

What to Do If You’re a Victim

If you have problems during an online transaction, first try working it out with the seller, online retail website, or online auction site. If that doesn’t work, call your credit card company to dispute and reverse the charge. You may also report the company to the Attorney General’s Public Inquiry Unit, the Federal Trade Commission, and the Better Business Bureau.



Cal OES Podcast Resources:

Cal OES Cyber Guys’ Protection Advice for October as Cyber Security Awareness Month

Podcast #30: The Age of Massive Data Breaches


Cybersecurity & Infrastructure Security Agency Resources:





Additional Resources: