Article reprinted from UCOP, originally adapted with permission from UC Santa Cruz
Online shopping during the holiday season continues to grow in popularity. In 2015, Cyber Monday sales reached approximately $3B, an increase of 12-16% over the previous year's record-setting sales, with mobile sales accounting for approximately 27% of that figure—an increase of 50%. Cyber Monday revenues have more than tripled since 2009, and there is every expectation that the trend will continue. 
At the same time, criminals and hackers continuously devise new schemes to compromise computers, steal passwords, and trick you into revealing valuable information (personal, financial, etc.) to get your money.
Fortunately, many cyber threats are avoidable.
Keep these six tips in mind to help protect yourself from identity theft and other malicious activity while shopping and browsing online during this holiday season:
- If an offer seems too good to be true, it probably is. Don't be fooled by the lure of great discounts.
- Watch out for fake package tracking emails and fake e-cards. These often come with malicious links or attachments designed to infect your device or steal your account information.
- Always think twice before clicking on links or opening attachments. Be cautious about all messages you receive, even those that appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank. The messages could be spoofed and be malicious. Use known, trusted URLs instead of clicking on links.
- Never reveal your password.
- Don't ever give your financial information or personal information via email or text.
- Limit your online shopping to merchants you know and trust. Go to sites by directly typing a known, trusted URL into the address bar instead of clicking on a link.
Additional Ways to Protect Yourself Online
- Pay by credit card, not debit card. Credit cards offer protections that may reduce your liability if your information is used improperly. Debit cards typically do not have the same level of protection. Also, check your statements regularly.
- Look for “https” before logging in or entering any information online. Make sure web page addresses (URLs) begin with https (NOT http). The “s” stands for “secure" and indicates that communication with the webpage is encrypted.
- Make sure your browser is current and up-to-date.
- Only use apps from known, reputable sources. Malicious software ("malware") designed to steal credit card and other sensitive information can be downloaded onto mobile devices from seemingly legitimate shopping apps. Update your apps when notified. Also, disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data being intercepted by thieves.
- Don't respond to pop-ups. If a window pops up promising you cash, bargains, or gift cards in exchange for answering a survey or other questions, close it. Don’t respond. Similarly, don’t respond to popups indicating you need to purchase anti-virus software or software to “clean your infected computer”. These are all scams.
- Keep your devices up to date and virus free. Be sure your computer and mobile devices are current with all operating system and application updates. Anti-virus/anti-malware software should be installed, running, and receiving automatic updates.
- Don't auto-save your personal information or passwords. When purchasing online, you may be given the option to save your personal information or password online for future use. Consider if the convenience is really worth the risk. The convenience of not having to re-enter the information is insignificant compared to the amount of time needed to repair the loss of stolen personal information or passwords.
- Don't use public computers or public wireless for your online shopping. Public computers may contain malicious software that can steal your information and passwords. Additionally, criminals may intercept traffic on public wireless networks to obtain credit card numbers and other sensitive information. Set your devices to “ask” before joining new wireless networks to avoid unknowingly connecting to an insecure hot spot.
- Secure your home Wi-Fi. To thwart eavesdroppers and data thieves, enable strong encryption on your home wireless network - WPA2 is recommended. Make sure you control administrative access to your home network, and that all users are required to sign in with a strong password before connecting.
- Be alert for charity donation scams. Cyber criminals try to take advantage of generosity given during the holiday season and may use fake charity requests to gain access to your information or computer/device. Don’t click on links in emails requesting donations. Contribute by navigating to the trusted address of the charity.
- Secure your computer and mobile devices with a complex password. Don’t use the same password for any other accounts. Set a timeout that locks your device after a period of inactivity and be sure your devices require a password to start up or resume activity.
- Don't post pictures of tickets to concerts or sporting events on social media sites. Protect the barcodes on tickets in the same way you would protect your credit card number. Fraudsters create tickets using barcodes they find on social media sites and resell the tickets.