1. News
  2. /
  3. Business

Shopping online? Here’s how to outsmart criminals this holiday season

Make sure your purchases (and accounts) are secure.
Cybersecurity experts recommend taking several steps to outwit online criminals this holiday season when shopping online. Pictured are packages on a conveyor at the Ruskin Amazon facility in 2016. [James Borchuck | Times (2016)]
Cybersecurity experts recommend taking several steps to outwit online criminals this holiday season when shopping online. Pictured are packages on a conveyor at the Ruskin Amazon facility in 2016. [James Borchuck | Times (2016)] [ BORCHUCK, JAMES | Tampa Bay Times ]
Published Nov. 23, 2019

Rejoice, shoppers. The biggest retail season of the year is upon us, and you don’t even need to leave the comfort of your couch to participate.

But neither do the criminals.

The National Retail Federation expects 56 percent of holiday shoppers to make a purchase online this season, with 68.7 million Americans shopping during Cyber Monday alone. That means millions of opportunities for criminals to steal payment card information and identities and infect consumers’ devices.

RELATED: The best Black Friday deals in Tampa Bay — no matter who you are

“It’s very important for people to be vigilant when they shop online, particularly as we approach the holiday season,” said Eman El-Sheikh, director of the University of West Florida Center for Cybersecurity.

Here’s what cybersecurity experts recommend to outwit online criminals this holiday season.

Don’t shop on public WiFi

When you’re making online purchases, avoid public connections, such as WiFi at a coffee shop, hotel or airport, said Sri Sridharan, director of Cyber Florida at the University of South Florida.

“The bad guys can pick off all of your information from using the public WiFi that’s not secure,” Sridharan said, including payment card information or login credentials. Instead, stick to your home WiFi or a trusted network.

Resist the urge to click that link

Whether you’re looking for a deal or trying to track your package, be especially careful when clicking on links, even if you’re expecting a similar email.

“Phishing emails are always targeted to appear to come from a well-trusted source,” the University of West Florida’s El-Sheikh said.

Go directly to the site of the company the email purports to be from. This helps you avoid clicking on potentially malicious links, which could cause you to accidentally download malware or spyware onto your device.

Choose credit over debit

To minimize the damage should your payment card information be stolen, make online purchases with a credit card instead of a debit card, said Jessica LaBouve, ethical hacker for Tampa-based cybersecurity firm A-LIGN. Getting money back that was stolen from a debit account can take significantly longer than stopping a purchase made on a credit card.

“With your debit card, it’s your money," LaBouve said. “With your credit card, it’s the bank’s money.”

Don’t reuse any passwords you use for purchases

If you log into a retailer’s website before you make a purchase (say, for a rewards program), make sure you don’t use that same password for any other website.

“A lot of people reuse the same password for a lot of online stores, and those are compromised all the time,” LaBouve said.

If a retailer is hacked and your account information is stolen, for example, a reused password gives that hacker the ability to access other accounts of yours. This is particularly problematic if that password gives them access to sensitive accounts such as email or banking.

Follow trends affecting the local economy

Follow trends affecting the local economy

Subscribe to our free Business by the Bay newsletter

We’ll break down the latest business and consumer news and insights you need to know every Wednesday.

You’re all signed up!

Want more of our free, weekly newsletters in your inbox? Let’s get started.

Explore all your options

Don’t feel like remembering a bunch of complex passwords? Get a password manager and let software remember it for you. Or consider checking out as a guest to avoid storing your payment information.

Before you check out, check the URL

When you submit payment information online, Sridharan recommends checking for two things. First, make certain that the URL is correct. Hackers will often buy a URL that is similar to a legitimate site ( versus, for example) that looks like the real deal to collect victims’ payment card information. Once you’re sure you’re on the legitimate site, check for “HTTPS” in front of the URL. If it says “HTTP” without the “S,” your connection to the site is not secure, and someone can steal your payment card information.