Shop Safely This Holiday Season & Beyond

holiday themed image showing open laptop with credit card near track-pad, coffee and holiday themed items are visible near the laptop


The holiday season is the ideal time for cybercriminals to take advantage of unsuspecting or inattentive online shoppers. Protect your purchases, your sensitive information, your devices and the the data stored thereon by making sure these precautions are part of your online shopping habits:

  • Regularly patch/update all of your devices – this is a general best practice – all internet connected devices, including IoT devices, should be regularly patched and updated. Patches address known vulnerabilities which malicious actors seek to exploit.
  • Strengthen your logins – fortify your online accounts whenever possible with the strongest authentication available, whether it’s multi-factor authentication (“MFA”) which involves authentication with a device and an application or code, or biometric authentication which may involve the use of a fingerprint or facial recognition software.
    For more information on NYU MFA, please visit:
  • Protect your devices with antivirus software – which will protect you from known viruses, spyware and malware.
    • NYU supported antivirus and malware protection software (for Windows or Mac) is available to all NYU degree seeking students, faculty, staff, and all NYUHome-eligible consultants for use on their personal and NYU-owned devices that connect to NYU-NET. Please see the Symantec Endpoint Protection access and eligibility KBase article for more information.
  • Be savvy about WiFi usage
    • Refrain from online shopping, performing financial transactions or accessing any of your online accounts on public WiFi even if it’s password protected. Although your local coffee shop may offer password protected WiFi, a hacker could be among the patrons and may be spying on all network activity and stealing credentials and other sensitive information.
    • If you must use public WiFi, connect to a virtual private network (“VPN”) first. For more information on NYU VPN, please visit:
    • To prevent your device from auto-connecting to open networks and to prevent other devices from connecting to your device(s), turn off WiFi and Bluetooth when not in use, or with respect to WiFi, make sure that you’ve set your device to ask you before it joins open networks.
  • Refrain from using public computers to access any of your accounts or sensitive information  – these computers may be infected with spyware or keystroke loggers.  
    • If you must use a public computer to access personal accounts/sensitive information, it is recommended that you change your password for all accounts you’ve accessed using a trusted device asap.
  • Phishing alert! Analyze email deals and always visit sites of interest by searching for sites or by typing URLs into your browser’s address bar – remember that it is not advisable to visit sites via embedded links in email messages. These embedded links may lead you to a forged login prompt where your credentials are stolen once you’ve entered them and the redirect may be to a spoofed website.
  • Shop on reputable websites – buy from known and trusted sellers.  Look for the green padlock icon image of green padlock iconin your browser’s address bar followed by “https://” before entering your payment information.  Remember, if an offered deal sounds too good to be true, it most likely is! Please also be aware that customer testimonials are not proof of the legitimacy of a website as testimonials can be forged.
  • Your personal information has value, protect it – be alert to the types of information being sought when completing a transaction and fill out required fields only. If the information is not necessary, don’t supply it.
  • Safeguard your devices against theft and lock your devices when not in use – when on the go, your devices should always be in a secured location or within your reach and screens should be locked when not in use.
  • Be aware of identity theft – closely monitor your financial accounts for transactions you did not make/authorize.
    • For tips on preventing and correcting identity theft, please see the following NYU IT Connect article: Protect Who You Are Online.