Skip to main content

How to Avoid the Pitfalls of Holiday Shopping Online

Hand typing on keyboard with credit card in other hand in front of Christmas tree

Now that the calendar has officially pushed us into the Holiday season, the reality of buying gifts is quickly building stress in your staff to make sure they get all the right gifts prior to the Christmas Holiday.

Did you know that up to 64% of employees report that they plan to do some holiday shopping while at work? This statistic makes people like us in the IT industry nervous and it should cause concern for business owners and leaders also. Here are a few more stats that will help highlight the need for more attention to being cyber aware as employees begin to look for the best deals on Cyber Monday and beyond:

  • 76% of companies allow online shopping on company time and devices
  • 55% said their company permits workers to shop online but has no strategy for educating on the risks associated with these types of activities

If your company allows online shopping, or if you are unaware what your employees are doing, it is a very good idea to offer them some information and support to help make sure their personal data (and yours) remains secure. Here are some easy things to share and encourage your staff to remain focused on as they look to make online purchases:

  • Shop from known websites (trusted sources)
  • Don’t click on ads unless you are 100% certain they are legitimate
  • Be careful giving out personal banking information
  • Learn how to recognize secure and insecure websites
  • Learn how to recognize phishing emails and dangerous attachments
  • Use secure passwords and never reuse them on multiple sites

The cyber grinches have gotten very good at disguising their phishing attempts with both realistic and reputable companies like Amazon, Wayfair, or Macy’s. A well disguised email with timely information like a deal or discount could be from a hacker instead of a retailer and your personal or company information could be compromised.

Can you spot the telltale signs of a phishing email?

Sample phishing email with areas highlighted to match caution points below

  1. The email address is not a valid address, but rather an address. Scammers will make subtle changes to the top-level domain to fool you.
  2. The To: and Cc: are missing so that you can tell this is a mass targeted email phishing attack.
  3. Hovering your mouse over the link, you can see that this is not an address. Instead it is an external address trying to steal your credentials.
  4. The signature is generic as to not alert you to any phishing attempt.

If you are not taking advantage of our advanced threat hunting tools, cybersecurity awareness training and anti-phishing resources, get yourself an early Christmas gift by asking us how to deploy them for you. It could be the best money you will ever spend.

Keep Reading