How you can Protect Yourself on Cyber Monday from Cyber Attacks – Safe Online Shopping Tips from Cyber Security Companies

Home » Blog Post » How you can Protect Yourself on Cyber Monday from Cyber Attacks – Safe Online Shopping Tips from Cyber Security Companies

Cybersecurity Association of Maryland, Inc. member companies have provided the following tips to keep you safe from cyber attacks on Cyber Monday.

Topics to Guard Against Cyber Attacks:

  • Using Public Wi-fi
  • Visiting a New Website
  • Account/Password Safety
  • Using Credit Cards Online
  • During Your Purchase
  • Keeping Track of Your Purchases
  • Using Security Questions
  • Email Phishing
  • FYI: Additional Safety Tips

Using Public Wi-fi

“If you are shopping on your phone or computer and using an unknown WiFi connection, save the purchases for later. Don’t enter any personal information such as name, address, or credit card number until you are on a secure and known connection.” Loki Labs,

Visiting a New Website

“Check the seller’s customer satisfaction ratings. Review other user’s comments and check out the seller’s rating on sites like Google Shopping. Low “star” ratings may provide a red flag that cautions you to find a more reputable seller.” – Diverse Concepts,

“Check the Better Business Bureau website to see if there are a large number of complaints about the seller.” – Diverse Concepts,

“Go directly to the seller’s site rather than clicking a “coupon” link that was sent to you by an unknown source. Scammers can often use a tactic during cyber attacks called cross-site scripting to craft a hyperlink that appears to be the actual merchant site but actually relays your credit card information to the scammer when you put your payment information into the payment web form. Unless you can verify that a coupon came from the actual vendor’s site to which you have already subscribed, it’s best to avoid random coupons with unknown origins.” – Diverse Concepts,

“Find out the seller’s physical address. If the merchant only has a P.O. box listed, then that may be a red flag. If his address is 1234 in a van down by the river, you may consider shopping elsewhere.” – Diverse Concepts,

“Check the seller’s privacy policy. While we might not think about it, some sellers resell our personal information, buying preferences, and other data to market research companies, telemarketers, and spammers. Read carefully and always make sure that you are opting-out and not opting-in when asked whether you want to have your information shared with “3rd parties” (unless you like a lot of spam in your e-mail). You may also want to obtain a separate e-mail account to use while shopping online to avoid clogging up your personal e-mail box with the barrage of sale ads and other junk mail that is frequently sent out.” – Diverse Concepts,

“If you’re buying something on a new website and they want you to sign up for an account, use a new password. Never use the same passwords for shopping sites as you do for anything else, such as email, bank logins, etc. (It’s a good idea to use a different password for every site you go to but this is especially important.) Even if the company you’re purchasing from is legitimate, you don’t know who might have access to their database now or in the future.” – Loki Labs,

Account/Password Safety

“If at all possible, use another identifier other than your social security number, and wherever you store this (or any other Personal Identifiable Information (PII)) electronically, encrypt it and limit the file access permissions to it.” – Booker DiMaio,

Using Credit Cards Online

“Use a third party payment company, such as Paypal, to make your online purchases. You can link Paypal to your credit card, thereby adding another layer of protection to your personal financial information.” – Advanced Systems Development,

“We highly recommend using a separate bank credit/debit card tied to a bank account only used for online shopping. This account should contain enough money needed for the transaction(s). If the card, the card’s numbers or the account is compromised in anyway, the most the attacker would get is the money for that transaction; not you entire holiday savings. Since the account will be “zeroed-out” until an online purchase is executed, this type of card (not your main credit card) can be stored on websites if the shopper so chooses.” – CipherLogix,

“Whenever possible, use a credit card for payment. According to the American Bar Association’s website,, it is best to use a credit card when paying online because federal law protects credit card users from fraud and limits individual liability to $50.” – Diverse Concepts,

During Your Purchase

“Never, never, never have the browser or back-end shopping site save your credit card information ‘for future purchases.” – South River Technologies,

“Always sign completely out of a retail site once you finish your purchase – to ensure a hacker can’t hijack your session while you are busy wrapping presents or cooking.” – CoreMax Consulting,

“Check to make sure you see the lock icon and the word “Secure” in the address bar of your browser to ensure your shopping transaction is completely secure. If it’s not, shop somewhere else.” – Loki Labs,

“Hackers will attempt to trick you in any way, including creating websites that look exactly like a legitimate site and have a similar URL. Check the section between the first slashes (double slash) and the second slash (single slash). Example using “”: belongs to the same company but and could be fake sites.” – Loki Labs,

Keeping Track of Your Purchases

“Verify your transactions weekly so that if anything fishy happens you are able to catch and deal with it right away.” – Blackpoint Cyber,

“Even if you don’t normally check your credit card statements, it’s a good idea to be a little more vigilant during the holidays. Check for fraudulent charges on your statements and alert your bank or credit card company immediately.” – Loki Labs,

“Delete shopping accounts that you haven’t used in the past 6 months – outdated accounts are easier to hack.” – Blackpoint Cyber,

Using Security Questions

“When asked to come up with security questions and answers for shopping websites, it’s not necessary to tell the truth. Your true answers to security questions such as “Mother’s Maiden Name” or “Name of Pet” are easily obtainable with a little research, so make up false answers and record them for yourself on paper. Answers that cyber criminals will not be able to figure out.” – Blackpoint Cyber,

“Although it is the season for giving – your personal information is not the best gift. Resist filling our more information than you need for your purchase. Criminals can stitch together information from different sources such as satisfaction surveys, etc. to create an amazingly accurate profile of you. Don’t make it easy.” – CoreMax Consulting,

“Never give your social security number or birthday to any online retailer. Vendors should never ask you for your social security number unless you are applying for in-store financing or something to that effect. If they are trying to require you to enter a social security number just to order a product, then they are most likely scammers. Run away fast. While your birthday may seem like an innocent enough piece of data to give out, it’s just one more of the three to four data elements needed by a scammer to steal your identity.” – Diverse Concepts,

Email Phishing

“An offer that is too good to be true could easily be a phishing scheme – make sure you know who you are dealing with.” – CoreMax Consulting,

“To protect yourself from cyber attacks such as email phishing scams and make sure that email is really from the named retailer, set up the Inky Phish Fence Chrome extension in your Gmail. It is free and it will warn you if an email is misleading or fraudulent. Add it here: Consumers with,, and accounts can use the free Inky Phish Fence add-in to ensure that mail that looks like it’s from a Cyber Monday vendor really is: Consumers with accounts can use our free Chrome extension for Gmail: Email-based phishing is the number one source of cybercrime and Inky Phish Fence is the only free solution available.” – Inky,

“Phishing scammers will also be out in full force. They know people are doing more shopping this time of year and may try to send you an email that looks like it’s from a vendor you recently made a purchase from. Some general tips for avoiding phishing scams are:

  • Don’t open unexpected attachments. It may seem obvious not to download an .exe file but even PDFs, Word documents, and Excel spreadsheets can be infected.
  • Email names can be misleading. Check the actual email address and not the displayed name, as these can be completely different.
  • Before clicking on links, hover over them with your mouse to see what their URL is (where they lead to). Even if a link pretends to display one URL it could lead to something else.”
    – Loki Labs,

FYI: Additional Safety Tips to Guard Against Cyber Attacks

“Lastly, there’s been a rash of unethical actors out there calling victims by phone and offering to help with the victim’s computer. In order to “help”, these actors will install malware to access your computer remotely, make a few tweaks to the machine, and ask for your credit card number for payment. Don’t fall for this scam. When you need technical support, call the manufacturer or seek out a reputable local company.” – Advanced Systems Development,

“Be aware of a new hack affecting PC monitors; this hack is real (not fake news). This hack exploits the weakness in the monitor’s firmware by allowing the monitor’s pixels to be manipulated in such a way that hacker images overlay rouge web pages to trick the shopper into thinking that the rouge web site is real. Follow this link for the details or Google search “PC monitor hack”. – CipherLogix,

“Be very careful with pop-ups which threaten legal consequences and encourage you to call the phone number shown – don’t. Close the window by pressing Alt-F4 together or reboot.” – Advanced Systems Development,

“On your personal computer, create a pseudo “Administrator” account not using the UserID “Administrator” but some other identity, i.e. “Mary The Admin”, and grant it administrator privileges by adding it to the appropriate security groups. Change your account to a regular user and remove it from the previous administrator security groups. Re-start your computer and logon as yourself and use this account for your day-to-day activities. By making those changes, any attempt to make system level changes to your computer by cyber-criminals or even yourself will force the OS to ask for the necessary credentials to do so, e.g. Mary’s. If you are not purposefully changing something, “Cancel” the action and stop the hacker from taking over your system!” – Identity Checkpoint,

“Be wary of friends and family members asking for money over Facebook, email, or other electronic means, especially if they normally communicate with you in other ways. Hackers can gain access to these types of accounts and then try to convince the people in their friends list to send them money for an emergency.” – Loki Labs,

Cyber Monday Online Shopping Safety Tips Provided by:

Cyber security companies offering tips to guard against cyber attacks: South River Tech, Loki Labs, Identity Checkpoint, Cipher Logix, ASD, blackpoint, Booker DiMaio, CoreMax, DCi, Inky

Interested in learning more about how to safely guard your personal information against cyber attacks? Visit our directory of cyber security companies. Or, check our our cyber security directory map to find one near you.


Posted on
Skip to toolbar