Online Shopping and Travel Safety Tips for the Holiday Season

Article Cybersecurity
Happy woman buying Christmas gifts online


The holidays are quickly approaching and that means many of us are busy with holiday shopping and travel. The holiday season is a popular time for cybercriminals to strike as they take advantage of those who may be distracted and let their guard down.

To combat cybercriminals from ruining your holidays, we’ve compiled a list of safety tips to engage in not only this time of year, but all year long.

Email Safety

  • Think before you click. Phishing and ransomware attacks tend to increase during the holiday season. As everyone moves into holiday mode, staff may not be as diligent about paying attention to emails. Remind your users to review emails closely and not to click on links in suspicious emails.
  • Don’t respond to urgent requests without verifying the sender. We have seen an uptick in smishing–text messages sent to staff members from criminals posing as executive officers who request actions by staff (i.e. purchase of gift cards, sending payments, etc.). Ensure staff are vigilant by verifying senders and following procedures for dual authorization, etc.

Online Shopping

  • Resist deals that are too good to be true. No matter how tempting a special offer may be, remember to only purchase from trusted and established online retailers and ensure payment sites are secure.
  • Only shop from trusted retailers using a secure site. Sites that use “https://” and not “http://” are secure. Ensure there is a lock icon that represents a secure site before entering any credit card information.
  • Be wary of websites that look similar to a trusted site, but have domains that are either misspelled or end in “.net.” Scammers can defraud consumers by imitating large online retailers this way, hoping to access your credit card information without you noticing you’ve landed on a fraudulent site.
  • When possible, always use your credit card or secure, third-party payment services like PayPal or Google Pay, instead of a debit card that is linked directly to your bank account. If fraud does occur, getting the funds reimbursed to your bank account is more difficult as debit cards don’t offer the same level of protection. It is also a good idea to monitor your accounts carefully this time of year.


  • Avoid shared computers. If you are traveling and staying at a hotel, avoid using shared business centers or computer labs for any type of secure payments or when accessing your email or other accounts. It is impossible to know if those systems are up to date with the latest security software and patches and should not be trusted.
  • It’s tempting to use public Wi-Fi while traveling or staying at a hotel. However, public Wi-Fi does not use a secure connection, making you vulnerable to hackers who can uncover your passwords and financial or personal data. Only access your online banking or engage in online shopping while on a secure connection. If you really need to use Wi-Fi, install a virtual private network (VPN) that will enable secure Internet access while traveling.
  • While engaging in social media, don’t overshare your holiday plans. Think “Home Alone”–you don’t want the bad guys targeting your house while you are away with the relatives.
  • Keep an eye on your electronics—laptop, tablet, or cell phone—at all times while traveling. Do not leave them unattended or locked in a vehicle.


  • Confirm adequate staffing of IT Security staff. With so many staff taking end-of-year vacations, do you know who will be on call in the event an incident does occur? Do you have your response plans clearly documented with contact information for critical staff? Criminals often target organizations on the weekends or over extended holidays when they know you might not identify an attack as rapidly as you would with a full staff watching.
  • New Year, New Passwords! Use the downtime to update any outdated or simple passwords!

Don’t let cybercriminals rob you of joy this holiday season. Staying aware, vigilant, and proactive during the holidays will help prevent you and your organization from becoming a victim of a cybercrime.


About the Author
Katie Johnson

Katie Johnson


Manager, Operations Support

As the manager of Operations Support, Katie leads the team responsible for supporting and delivering CampusGuard services including online training, vulnerability scanning, and the CampusGuard Central® portal. With over 15 years of experience in information security awareness training, Katie is also the Product Lead for CampusGuard’s online training services. As a Senior Customer Relationship Manager for a limited number of customers, Katie assists organizations with their information security and compliance programs and is responsible for coordinating the various teams involved.