As consumers start their holiday shopping, virtually everyone has the same Christmas wish: Please, don’t let anyone steal my identity.
A recent survey from TransUnion found that 96% of Americans say they’re worried about identity theft this holiday season, and almost two-thirds are more worried this year than they were last year.
And they’re not wrong—identity thieves like to strike during periods of high activity, like Black Friday and Cyber Monday. “Criminals fish where the fish are,” says Ken Chaplin, senior vice president for TransUnion. “This time of year, a lot of people are fairly busy and flustered and just trying to get things done, and they might not be as careful or diligent.”
When you shop at a brick-and-mortar store this season, it’s mostly up to retailers to keep your information secure. But when you shop online, you can fall into traps. Here are the do’s and don’ts for staying safe:
DON’T click on links in retailer emails.
Hackers like to prey on deal-hunters by sending “phishing” emails that look like they’re from brands you know and trust, says Joe Siegrist, CEO of LastPass, a password management and information security company. Then when you click on the email link, the hackers redirect you to a fraudulent site and steal your information.
If you see a great deal, double-check. “Go directly to those sites instead of clicking on links in the email,” Siegrist says. And legitimate businesses should never contact you to ask for your account information or password—if you get an email that does, go directly to the business’ website and enter your information there, or call the business to make sure the request isn’t fraudulent, Chaplin adds.
DO check to make sure you’re shopping at a secure website.
The tell: the URL. The address line should begin with https. That “s” is key—it means the information is being sent over a “secure” line, Chaplin says.
“You might do a web search for an item, and then you’ll click on some sort of a link, and that link might take you somewhere that’s not where you want to go,” Chaplin says. “Be sure that you do business only with websites that have the proper security measures in place.”
DON’T shop on public WiFi networks.
Thinking of sneaking out to a coffee shop to do a little online shopping on your lunch break? Be careful, Chaplin says. Only enter sensitive financial information like credit card and bank account numbers on secured WiFi networks with passwords. On networks without passwords, “whatever you’re typing and viewing online could be seen by someone else,” Chaplin says. “An open WiFi network is not secure.”
Phishers love open WiFi networks, too. “It’s a lot easier to fool you into thinking you’re on a legitimate site when you’re not,” Siegrist says. “They can replace the contents of the page with something they want to be shown.”
DO keep your software up-to-date.
To protect yourself from identity theft, keep your computer safe from malicious adware, Siegrist says. There are a number of adware removal tools out there, but here’s the free and easy way to protect your device: Say yes to software updates. That means installing Windows and Mac updates as they become available instead of always clicking “later.”
And pay extra attention to your internet browser of choice. “Your browser is a very important one—make sure you keep that up-to-date,” Siegrist says. “You have to actually restart your browser to get [the updates]. Don’t run your browser for days on end without a restart, especially if it’s indicating to you that it needs to.”
DON’T use a debit card for online shopping.
Credit cards have better liability protection than debit cards. And when you use a debit card, funds come straight out of your account, so it can take longer to recover your money if someone racks up fraudulent charges.
DO use a different credit card for online purchases.
If you can, use one credit card offline and a different credit card online, Siegrist says. That way, it will be easier to detect fraud. Need a new credit card? Check out MONEY’s Best Credit Cards for holiday shopping and for all year round.
DON’T save your credit card information on websites.
When you shop online, retailers will often prompt you to save your credit card information so that you can buy more items quickly and easily at a later date. Don’t do this.
“You definitely increase your risk when you store your credit cards at these sites,” Siegrist says. “The site itself is then keeping that credit card stored—that makes it a target for hackers.”
DO change your account passwords.
If you do have accounts at different online retailers, change your passwords at least once after Cyber Monday. That way, if any of the sites are hacked during the holiday season, your accounts will be more secure. “It’s good internet hygiene,” Chaplin says.
When you change your passwords, don’t reuse passwords across multiple sites—or else you’ll be giving hackers the master key to multiple accounts. Use this trick to create really secure passwords that you’ll actually remember.
And whenever possible, set up two-factor verification. That way, no one can get into your accounts without both 1) your password and 2) another separate piece of information sent to just you—like a text message or a code retrieved from an iPhone app. Here’s how to enable two-factor verification.
DON’T stress about credit card fraud.
Look, it’s no fun when a hacker steals your credit card number. But credit card number theft won’t wreck havoc on your financial life like other kinds of identity theft. Your liability for fraudulent charges is extremely limited, especially when a hacker just steals your card number and not your physical card. In that case, you owe nothing. And after a big data breach, your financial institution might mail you a new card no matter what, just to be safe.
(If someone steals your actual card and uses it, you could be out up to $50 on credit cards or $500 on debit cards—but that’s not relevant in cyberworld.)
Be worried if a hacker gets your social security number. In that case, a fraudster could open new accounts in your name and ruin your credit. If that’s what you’re afraid of, here’s what to do. But you shouldn’t be sharing your social security number when you shop online, anyway.
DO check your statements.
That said, you should still keep a close eye on your credit card and bank statements for suspicious activity, especially at this time of year. That aforementioned liability protection is only helpful if someone detects the fraud. With credit cards, you’ll want to identify fraudulent charges before you pay your bill. With debit cards, you need to report any fraudulent charges within 60 days of receiving your statement to get your money back.
And read the statements closely. “Criminals are a lot smarter than they used to be,” Chaplin says. “It used to be a huge charge would show up on your card and your bank would call you. Oftentimes now a charge will be $20, $30 a month, and you might not be aware of it.”
But never fear—though identity thieves may have gotten smarter, you can still outsmart them.