Holiday Shopping Tips

A holiday message from LCDI’s Faculty Fellow Duane Dunston
Assistant Professor of Information Security at Champlain College

Safe Holiday Shopping recommendations:

1. This time of year the Phishing email attempts kick into high gear especially with the use of bogus delivery confirmation messages.  Be very, very careful with those messages, especially if you ordered a package and you are waiting on a confirmation.

Phishers attempt to gather information from you by throwing out bait (a fake email from your bank requesting your username and password) and hoping you’ll bite – phishing.


a. If you receive a message regarding a package that you purchased via email.  Manually visit the website for the shipping company, instead of clicking the link in the email., are the most popular delivery methods.  You can also copy and paste the tracking number into the website on its respective page instead of clicking the link.

2.  If at all possible and it is in your budget, try to shop with reputable online sellers like,,, etc. Just because a site is “Secure”, has a locked padlock, the site could still be fraudulent.  A criminal can pay about $30 to get a valid secure certificate (to display the padlock) to lure you to their site.  The amount of money they can steal from you after getting your credit card information and banking information quickly pays off their small investment.

3.  Be attentive of low-price items and the shipping cost.  Some companies offer the item at a low-price, but the shipping can cost a whole lot of money.

4.  During the holiday season, some reputable companies will hire a third-party organization to handle the financial transactions.  Some organizations will do that to minimize the load on their system.  Using
a secure site uses up more resources because everything is being encrypted (scrambling your financial information) so someone can’t easily see your financial information across the Internet.  During the holidays, many companies get 100 to 200 times more visits than normal so it is not unusual to be redirected to another website to handle a financial transaction.


a. You can call the company you want to purchase the item from and ask them to verify the name of the third-party organization handling the financial transaction.  REMEMBER, don’t ask them if “XYZ company” is handling the financial transaction, let them tell you the name of the company.

5.  Stay away from resellers on sites like that want you to pay for items through a third-party organization called an “escrow” company.  These pop-up often and can be fraudulent companies.

6.  If you are using instant messaging programs, it is best to completely close those applications before shopping online. A lot of people look at the keyboard when they are typing and it is very easy for an instant message window to pop-up as you type sensitive information and you press “Enter”.

7.  Close all browser tabs and all other browser windows to before performing a financial transaction or checking your banking information.  There are attacks where someone can inject malicious web links that perform a transaction in another browser tab you may have open.

7a.  If you normally use Internet Explorer to surf the web, for example, then download Firefox or Chrome and ONLY use that browser for financial transactions or accessing other sensitive information.  Mac users, if you normally use Safari, then download Firefox or Chrome and ONLY perform your financial and other sensitive transfers using Firefox or Chrome.  The few seconds it takes to open a new browser and perform a transaction is worth the effort considering the ramifications of a financial loss.

8.  Be sure you have the latest antivirus software.  This will help find programs such as keyloggers, backdoors, or other malicious programs that attempt to capture personal information.

9. It really comes down to being AWARE!!!  If you shop with, for example, you can be pretty much be assured that your credit card information is being sent over a secure connection.  The risk of your credit card being stolen online is about the same as giving it to someone at a store or at a restaurant.

The Better Business Bureau has some good information that I recommend you all take some time to read:

10.  If you receive an email asking you click a link to provide information or verify transactions, CALL YOUR BANK!

Have a great winter break!

More Cyber Tips
Earth Day: Offsetting Your Carbon Footprint
Pioneers in Tech: Elizabeth “Jake” Feinler
Pioneers in Tech: Radia Perlman