Once again the holidays are here, and you’re juggling so many wish lists you’re tempted to include it as a “special skill” on your resume.

Or maybe you’re so overwhelmed every holiday season, you’re out shopping on Christmas Eve before frantically wrapping presents while the rest of the house nestles snug in its bed.

Of course most of our shopping these days is done online, which is where the world’s cyber criminals lie poised to profit from all our good cheer (and active bank accounts). As you flit from site to site, clicking buy button after buy button, are you keeping your personal and financial information safe?

Let’s Start with Your Browser

Pop quiz: What’s the difference between http and https? No, one isn’t plural. But if the URL to the site you’re shopping on doesn’t have that “s”－or display a little padlock beside it－then it doesn’t have a valid SSL certificate and isn’t secure. In other words, any personal info you provide on a non-secure site is at risk of being stolen.

The risk is even greater if you’re shopping on your phone, laptop, or other mobile device while using public Wi-Fi－that’s the Wi-Fi that comes free in parks, coffee shops, libraries, and other public places. It’s perfectly fine for basic browsing and messaging, but once you’re in a buying mood you’ll want to switch to your mobile data plan. Otherwise you could be exposed to any unsavory folk just waiting to intercept your credit card number and book a flight to Belize.

You’ll also want to avoid storing any credit card info in your browser or adding it to autofill. Sure, it can be a pain to type out that long number during your first purchase from an online shop, but it’s better than giving a resourceful thief another way to vacation on your dime.

Background Checks

And while you’re shopping at that unfamiliar online merchant or trying out its mobile app, be sure to give it the once-over before you hit Buy. You can check its reputation and reviews at a site like www.resellerratings.com, or confirm what kind of permissions the app is requesting when you install it. Unnecessary access to personal contacts or device storage, for example, might be cause for suspicion－although you can usually adjust that access later in your phone’s settings.

Credit Where It’s Due

Do you use your debit card for online purchases? Here’s why that may not be the best idea: debit cards don’t have the same safeguards as credit cards－or even third-party services like PayPal and Google Pay – because they’re tied to your checking account. If a cyber thief gets hold of your account info, he (or she) can clear out your account and leave you with the Worst Christmas Ever.

Credit card charges on the other hand are tied to a line of credit rather than your checking account, so the minute that international airfare or new Tesla Model 3 shows up, you can contact us and let us know you don’t own a passport and are quite happy with your secondhand Prius, thank you very much.

That brings up two more precautions you can take: asking us and any other financial institutions you have cards with to temporarily lower your maximum charge limit, so that large holiday purchases are immediately flagged; and regularly checking your online statements to make sure there’s no suspicious activity.

A Phishy Situation

And then there’s phishing (with a ph). That’s when an evildoer impersonates a company or someone you know to trick you into giving them sensitive information or access to your computer. This usually comes via an email but also sometimes in a banner ad. These posers are very good at recreating the look of trusted businesses or institutions, then asking you to click on their (evil) links. Which of course you should never do. If it’s a business you know, then log directly onto its website and find out if they actually need the info requested.

The same goes for charities and requests for donations, of which there will be plenty this time of year. But don’t let the spirit of giving get the better of you, no matter how noble sounding the cause or how cute the puppies.

Getting Pre-emptive

If you don’t do this already, you’ll also want to switch up your passwords. Not only is it ideal to use a different one for each site, but try to make them as long and complex as possible. If you have trouble remembering all of them, password managers are great and can do the heavy lifting for you. Two-factor authentication is also good — a unique code is texted to you when you sign into a site – and adds an effective stopgap if some shady type manages to filch your digits.

One final way to protect yourself during the holidays is to check your antivirus software to see if its virus definitions are up to date. Most software automatically updates itself against the latest bugs and malware, but it never hurts to make sure everything’s current and doing its job.

Ready to tackle those wishlists now? If not, you’ll find more online safety tips on WSECU’s Security Central page.

Have a happy (and safe) holiday!