Skip to content


Take a Second Before Adding to Your Online Cart

As online sales surge, consider these 10 cybersecurity tips to keep your holidays bright

By Cydney Baron | December 10, 2020

In the single biggest U.S e-commerce day ever, Cyber Monday kicked off what promises to be a record season of online holiday shopping.

But with more shoppers online, at least for the foreseeable future, comes an increased need for cybersecurity.

“Cybercriminals are ready for the holiday season, and they expect to have an extremely profitable year in 2020,” said Paul Tucker, BOK Financial chief information security officer.

“This year’s holiday shopping season will see more opportunities for consumer abuse, primarily due to the increase in online shopping due to the pandemic,” he said, adding that retailers’ e-commerce websites will likely be the cybercriminals’ primary targets.

Online sales reached a staggering $10.8 billion on Cyber Monday, Nov. 30, up 15.1% from just a year ago, setting a record for the largest U.S. online shopping day ever, according to Adobe Analytics. To avoid crowded stores during the pandemic, and to pass idle time spent at home, shoppers opted to fill virtual shopping carts.

Adobe Analytics compared data from some top retailers and found some interesting Cyber Monday shopping trends:

  • The number of orders picked up curbside was up 30% from a year ago, as shoppers sought out ways to safely retrieve their items bought online that same day.
  • Thirty-seven percent of digital sales on Cyber Monday were made on mobile devices.
  • During the final hours of Cyber Monday, from 7 to 11 p.m. Pacific time, consumers spent $2.7 billion, accounting for 25% of the day’s revenue.
Typically the busiest shopping day of the year, Black Friday’s in-store traffic fell by 52.1% compared to last year, according to Sensormatic Solutions, which tracks sales and inventory. “For the six key weeks of the holiday season this year, traffic in retail stores is expected to be down 22% to 25% year over year,” the firm reported.

Threats to spoil your holidays

As retailers plan new campaigns to entice online shoppers, cybercriminals are crafting new attacks and methods by utilizing phishing pages for banks, online stores and social networks. What do they want? Your personal or company online credentials, Tucker said.

Your mobile phone is also a target. “In previous years, cybercriminals developed malicious applications that promised online coupons,” he said. “Fake websites will try to steal your credentials for sites like Amazon and your bank.”

Phishing attacks typically reach a crescendo between Dec. 15 and 21, Tucker said. And companies will continue to see ransomware attacks over the holiday season due to employees shopping on their company computers.

Protect yourself

Tucker offered 10 tips for safely shopping online:

  1. Monitor your online statements for your debit and credit cards to watch for anything out of the ordinary.
  2. Consider using credit cards since they may have more consumer protections.
  3. Think before you click. Resist clicking on unsolicited links for holiday savings.
  4. Instead, type the website directly from your browser. This will help validate if it is the real website.
  5. Avoid free public WiFi while you shop in stores. Spend a few more dollars and use your LTE or 5G services when in public, especially during this time.
  6. Person-to-person mobile apps such as Zelle, Venmo and CashApp provide immediate payment, but it make it extremely difficult for financial institutions to recover funds if fraud is suspected.
  7. Lock down your login. Utilize multi-factor authentication for additional protection.
  8. Be cautious about using your company’s computer to shop online. You may unwittingly cause harm to your company’s network.
  9. Watch out for fake shopping apps. Only install mobile apps from reputable sites such as Apple’s App Store or Android’s Google Play store.
  10. Shop with reputable retailers and vet new-to-you businesses to ensure legitimacy.
  11. If you have been scammed by cybercriminals, report it to the FBI’s Internet Crime Complaint Center.