Four steps to stay safe when shopping online

Strategies to avoid being a victim of a cyber attack 1:20

Editor's Note:

Jen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA), which leads the national effort to understand, manage, and reduce the risk of cyber and physical infrastructures.

(CNN) -

On days like Cyber ​​Monday or "Cyber ​​Monday," and as millions of Americans search for the best deals the Internet can offer, cybercriminals are working hard to target online shoppers.

The holiday shopping season is a great opportunity for crooks to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities.

Its objective is simple: obtain your personal and financial information to compromise your data, insert malicious software, steal your identity and keep your money.

And if you think you don't deserve to be the target of these evildoers, think again.

Criminals don't need to know how much is in your bank account to want to get into it.

Your identity, your financial details, what's in your email ... everything is valuable, and cybercriminals will launch as wide a network as possible to reach whoever they can.

In fact, they are counting on you to believe that no one is going to want to attack you.

At the Cybersecurity and Infrastructure Security Agency (CISA) we have developed some simple steps to prevent you from being a victim of cybercrime this holiday season.

• Cybersecurity Expert Explains How To Avoid Being A Victim Of Cyber ​​Fraud

Start by protecting your devices

Mobile phones, computers and tablets require the installation of software updates, including the latest features and security patches.

Protect your devices by downloading the latest software updates.

The easiest way to do this is to turn on automatic updates.

Next, take a look at your online accounts and make sure they have strong passwords.

Believe it or not, the most common password is "password" followed by "123456".

Make sure to use different and complex passwords for each account.

Consider using a password manager to avoid having to remember complex alphanumeric combinations that make passwords more difficult to crack.

• Why you shouldn't ignore software updates

Enable multi-factor authentication

The most important thing you can do to protect your accounts online is implement multi-factor authentication.

Your email, your online bank, and your social media accounts should allow you to activate multi-factor authentication.

This means that they will use an additional piece of information to verify your identity.

It can be as simple as receiving a code via text message, but for even greater security, you can use a security key or an authentication app.

The bottom line of multi-factor authentication is that even if a criminal obtains your password, they will not be able to access your account.

Just this extra step makes it 99% less likely to get hacked.

Learn how to spot "phishing" scams

Most of us receive emails from retailers about special offers during the holidays.

Cybercriminals often send phishing emails that appear to come from merchants, but are actually designed to steal your information or infect your system with malware.

To avoid falling victim to a "phishing" scam, do not click links or download attachments unless you are sure where they came from.

If you are unsure whether an email is legitimate, type the URL of the business or business in your browser instead of clicking the link.

Never provide your password or personal or financial information in response to an unsolicited email.

Legitimate companies will not email you asking for this information.

If you receive a suspicious email that you think may be a "phishing" scam, you can report it at us-cert.gov/report-phishing.

Trust your instincts.

If it looks suspicious, it probably is.

Therefore, before providing any personal or financial information, make sure that you are interacting with a real seller.

Always use safe shopping methods

Always assume that a public Wi-Fi network is not secure and, therefore, do not access sensitive personal or financial information if you need to use it.

Look for "https" (instead of just "http") in the subject line of a web address to confirm that a site is encrypted and keep your browser and security software up to date.

If you can, use a credit card instead of a debit card when making a purchase.

Criminals can use debit cards to steal directly from your bank account, and while there are laws that limit your liability for fraudulent credit card charges, you may not have the same level of protection for your debit cards and your bank account.

What steps can you take to make your online purchases safe?

Since you are likely to make more purchases during the holidays, be sure to check your credit card and bank statements frequently for any fraudulent charges.

Notify your bank or financial institution and local law enforcement immediately if you see suspicious charges.

Ultimately, good cybersecurity is not about technology, but about people

Treat your cybersecurity just like you treat your physical security.

Stay alert, take the steps above to protect yourself, and trust your instincts.

If you see something that doesn't look right, it most likely isn't.

Cyber ​​security Online shopping