Now that we have passed the no return point of Thanksgiving and are officially in the Christmas buying season, it is time to review the opportunities and challenges of online shopping.

Shopping at the mall carries risks. Being careful to protect your credit cards and packages are things most of us do automatically. Walking to the car alone after dark with armloads of packages should send up red flags to stay aware.

Shopping online is more of a new tradition, where companies from around the world offer goods at low prices without the costs of brick and mortar businesses.

Hackers from around the planet celebrate the holidays with easy pickings from unsuspecting victims — especially Americans.

I say “especially Americans” because as I speak to groups at various conferences and events and train employees for American businesses, I find most Americans are amazed at the crime that occurs in cyberworld. They are astounded anyone would be interested in them and their paltry finances as I explain identity theft (in all its forms), bank and credit card fraud.

When I speak about the ease of cybercriminals in fleecing people in every country, eyes often get big with the realization that they are using “Password123” on all their accounts and haven’t updated anything on their computer/phone/tablet since they bought it.

Anti-malware? What’s that? Patch management? You mean letmein or my wife’s middle name (no one knows that) and our anniversary date isn’t a strong password?

I am not saying Americans are stupid. We are trusting, humble, optimistic and vulnerable. Failing or refusing to face a problem means you will never be able to solve it.

On my radio program, podcasts, writings, training and speaking events I usually talk about the Big 7:

  1. Passwords should be long and strong. Don’t duplicate or reuse them, and change them every 30 to 45 days.
  2. Anti-malware: Buy the best, configure it to automatically update and do deep scans at least once each day.
  3. Patch management: Update everything (applications, operating systems, etc.) as often as possible.
  4. Multifactor, or at a minimum two-factor, authentication should be used whenever possible.
  5. Credit freezes with Equifax, Experian or Transunion credit reporting agencies should be considered.
  6. Never use public Wi-Fi. It can't be repeated enough.
  7. Daily checking of bank and credit card accounts for fraud should be part of routine.

This list is appropriate everyday throughout the year, but buying online, especially during high buying times like the holidays, brings more attention from cybercriminals.

Have the Big 7 above in place before you go anywhere.

Use credit instead of debit cards.

Don’t shop at links from emails, Facebook or anywhere else. Google the place you want to shop at, and read the URL before you go. There is a major difference between and

4. Look for the lock icon and https in the URL. Note the examples above and below. If the website you want to shop at doesn’t care enough to protect you, they do not deserve your business. Do not go to any website that does not have an SSL certificate, i.e. When you see the "s," think of secure. If you don’t see the "s," think hacker.

If you believe you are a victim of online fraud, contact the following:

Also, if you believe you have been hacked contact your local police or sheriff’s office and the FBI.

Never reveal any private information over the phone, the Internet or in an email. Never. Private information includes any financial information.

Subcribe to the Times

Reporting like this is brought to you by a staff of experienced local journalists committed to telling the stories of your community.
Support from subscribers is vital to continue our mission.

Become a subscriber

Thank you for being a loyal subsciber

Your contribution makes our mission possible.


Ron Bush consults with businesses to help them write company's Information Security Policies and Procedures and train their employees in safe practices. He can be reached at The opinions are the writer's.