Skip to main content

For updates and guidance related to COVID-19 / Coronavirus, click here.


6 Tips To Stay Safe Online This Holiday Season

Kaitlyn Kiernan

Americans spent a record
$91.7 billion online between
November 1 and December 31
last year, an increase of
11 percent over the prior
year, according to Adobe

Do crowded stores spewing holiday music sound like your worst nightmare? Would you rather kick back on the couch and do your shopping from home? If so, you aren't alone. More Americans than ever are opting online over long lines to check off gifts from their holiday shopping list.

Americans spent a record $91.7 billion online between November 1 and December 31 last year, an increase of 11 percent over the prior year, according to Adobe Insights. And during the post-Thanksgiving, Cyber Monday weekend, 109 million Americans shopped online last year, compared to 99 million who shopped in stores.

Online shopping can also be a great way to snag deals and comparison shop, saving you time and energy over a trip to the mall. But it is not without its perils.

Related: 7 Tips for Creating a Better Password

If you are one of the millions likely to shop online this holiday season, check out these six tips to stay safe as you shop.

Watch What You Click

'Tis the season for retailer emails galore, but 'tis also the season for phishing emails. Don't let the hunt for a bargain blind you to scams. Santa's list isn't the only thing that should be checked twice. So too should the URL of any link you receive, whether it appears to be a deal from your favorite retailer, an alleged fraud alert from your bank or a coupon for a hot new product.

Avoid Public Wi-Fi

Free public Wi-Fi might have you saying ho-ho-how convenient as you look to check a few items off your list while out and about. But watch out. While public Wi-Fi might help you avoid data overage charges from your cellular provider, it can also be ripe hunting grounds for a hacker. Avoid entering passwords or other personal or financial information into any website from a public network, be it at an airport or your favorite coffee shop, or in a college classroom or hotel room.

"Traffic on open networks can generally be discovered by anyone else on that network," said Whitney Hewatt, a lead security engineer at FINRA. "You are better off using cellular communications when possible."

Create Strong Passwords

A strong password is your best defense online, but shockingly few people take the need for a strong password seriously. In fact, about 71 percent of online accounts are guarded by duplicate passwords, according to a 2015 report by TeleSign, an internet security firm, and the average number of accounts protected by the same password is a whopping seven accounts.

Ideally, a password should be at least 12 characters. It’s a simple fact that longer passwords are more mathematically secure—and they don’t have to be complicated to achieve that greater security. A 12-character password with just lower case letters has 95.4 quadrillion combinations compared to just 208.8 billion possible combinations for an eight-character lower-case password. Security experts suggest using a passphrase, which can be easier to remember than a string of random characters and numbers.

If you want to make your password even more mathematically secure, though, you can add in upper case letters, numbers and special characters. A 12-character password with upper and lower case letter, numbers and special characters has 475.9 sextillion possible combinations.

To do this, you can replace certain letters with numbers or special characters. For example, you could channel Santa Claus and go with, "M1Lk&C0oK13$_4Me." Or you can use a password generator (there are a number of free options available), or pick a random sentence or phrase to use for inspiration.

Regardless of the length and complexity, your passwords should be unrelated to any of your prior passwords and shouldn't include any information easily found online, such as your high school, the name of your pets or children. (Check out 7 Ways You Are Accidentally Revealing Your Password for more information.)

Be Smart About Where You Shop

It may be tempting to go after the cheapest price, but be wary if the cheapest price comes from an unknown website. Take some time to search around and verify that the retailer is legitimate and has positive reviews from purchasers. And when you visit a retailer's website, whether new or familiar, be sure you look for the padlock symbol in the address bar, and the "S" at the end of "HTTPS" to indicate that the website is secure.

Similarly, before you download a new shopping app, check that it comes from verified source. You can do that by going straight to the source to find the download. Visit the retailer's website for a download link. You don't want to find you've downloaded a fake app that looks just like a retailer's real app and end up giving away your personal information.

Keep Up-To-Date

Be sure to keep your operating system, software and apps up-to-date, and install any new updates as soon as they become available. That goes for your antivirus software too. Developers continuously find new vulnerabilities—weaknesses hackers may exploit to steal your data. Stay safe by installing updates that may be repairing a key vulnerability. 

Monitor Your Statements

It's a good idea to carefully comb through your bank and credit card statements all year round, but that is particularly true during the holiday season. If anything looks suspicious, contact your credit card company or bank right away. The holidays can be expensive enough without a fraudster accessing your accounts.

Even better: set up alerts with your credit card company for any purchases made when your card isn't present. That will allow you to know if a fraudulent charge has occurred right away.

Subscribe to FINRA's The Alert Investor newsletter for more information about saving and investing.