Six Cybersecurity Tips for the Holiday Shopping Season

Ho, ho, ho, hold on before clicking on that link advertising an amazing deal this holiday season.

Phishing, that ever-present and ever-growing organizational concern, is a preferred attack method for hackers because of its relatively simple premise: deceiving a user into clicking a link that allows access to personal information. Even with the flurry of activity surrounding Black Friday and Cyber Monday now in the books, cybercriminals still have all of December to take advantage of both consumers and organizations through phishing schemes.

The primary concern surrounding holiday phishing is to protect the regular consumer, but phishing can be just as threatening for organizations. An employee could cause a breach by clicking a malicious link from a personal email that they’ve accessed at work or by falling for a phishing scheme sent to their company email. So how can organizations make sure their people don’t give them the unwanted holiday gift of a security breach?

Here are six tips to help you and your end users get your holiday shopping done safely:

  1. Organizations: refresh the topic of phishing to your employees

Remind employees how to recognize and report a phishing email. Phishing is effective because it creates a sense of urgency, which is something that might stand out as suspicious in April, but blends in right now in a season full of ads urging users to “act before this deal disappears.”

  1. Be proactive; eliminate the attack before it reaches your employees

Your people don’t need to be the first defense against suspicious holiday deals. We recommend having an email security solution in place to provide targeted threat protection against spam, malware and phishing.

  1. Do your shopping on a secure network

We’re all connected all the time. To keep your personal information (name, address, credit card) and devices safe, always connect to a secure network.

  1. Verify shipping updates and tracking numbers manually

The most popular phishing emails during the holiday season contain malicious links disguised as shipping updates or delivery notifications. Never click on tracking numbers; copy and paste the number (or write it down) and use the carrier’s website to get your update.

  1. Delete deals with attachments

Think about it: when have you ever gotten an attachment from Amazon or Target? Vendors include sales information directly in the body of an email. If you see an attachment, don’t click; it may contain malware.

  1. Don’t click on popup ads

Popups may be tempting, but cybercriminals often use them to direct you to malicious websites, so it’s best to stay away. For safest surfing, go directly to the vendor’s website or, even better, their app.

How can Schneider Downs Help?

Our cybersecurity practice is comprised of experts in multiple technical domains. We offer phishing simulation assessments that will help your organization build resilience against these types of actions. Our customized assessments replicate real-world attacks and are conducted by our team of skilled professionals in a controlled and secure environment. Learn more about our cybersecurity services at or contact us at [email protected].

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Cybersecurity in the Construction Industry
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.