With the holiday shopping season now shifting into high gear, Mayor Muriel Bowser is urging District residents to prioritize safe online shopping when making purchases. The Office of the Chief Technology Officer (OCTO) will be sharing tips throughout the coming weeks to provide residents with important information on how to protect their personal and financial information from cyber threats, which increase significantly during the holiday season. Additionally, the Metropolitan Police Department (MPD) is reminding residents to use established Safe Exchange Zones across the District when they purchase items through online marketplaces.
“Cybersecurity during the holiday season requires both awareness and action,” said Chief Technology Officer Stephen N. Miller. “By adopting essential best practices, District residents can protect themselves while enjoying holiday shopping.”
Residents can protect themselves while shopping online by verifying legitimate vendors, monitoring financial accounts for suspicious activity, recognizing email phishing attempts, and using secure payment methods and networks.
Key Cybersecurity Tips for Holiday Shoppers
Verify Vendors: Before completing any online purchase, verify you’re dealing with a legitimate, established vendor. Cybercriminals create sophisticated fake storefronts during the holiday rush, so make sure the website you’re using is the real one. Research unfamiliar retailers, check reviews, and verify contact information before sharing personal or financial data.
Monitor Your Accounts: Regularly review online banking and credit card statements for unauthorized transactions. Enable real-time alerts through your bank or other financial institution to catch suspicious activity immediately. Early detection is the best defense against fraud.
Email Safety: Email phishing attempts increase exponentially during the holiday season. Exercise caution with unexpected messages, even those appearing to come from known retailers. Verify the sender’s authenticity before clicking links or downloading attachments. When in doubt, navigate directly to the retailer’s website rather than using email links. And remember: if an offer seems too good to be true, it probably is.
Payment Security: Use credit cards or prepaid debit cards instead of bank debit cards that are directly linked to your account. Consider using established payment services like Apple Pay, Google Pay, or PayPal for added protection.
Secure Websites: Always confirm you’re shopping on an SSL-encrypted website—look for https:// in the URL (note the ‘s’). This encryption protects your payment and personal information during transmission. Unsecured sites (https:// without the ‘s’) should never be used for transactions.
Wi-Fi Security: Public Wi-Fi networks lack adequate security measures and are vulnerable to interception. Shop and access sensitive accounts only on trusted networks. If you must use public Wi-Fi, protect yourself with a Virtual Private Network (VPN), or use your mobile device as a personal hotspot.
Password and Data Protection: Never provide passwords or sensitive information in response to unsolicited communications. While some personal information is necessary for transactions, be selective about what you share. You are not obligated to complete every form field. If a retailer requests excessive information, consider alternative vendors.
Software Updates: Keep all devices updated with the most current software, including phones, computers, tablets, and even smart home devices. Updates are not just about new features; they patch critical security vulnerabilities that cybercriminals actively exploit. Enable automatic updates whenever possible to maintain continuous protection.
Essential Security Practices
Residents are encouraged to strengthen their security posture with these essential practices:
- Use a unique, complex password (minimum 12 characters) for every account
- Consider using a secure password management tool
- Enable multi-factor authentication wherever available
- Maintain updated software across all devices
- Recognize and report phishing attempts
- Configure privacy settings appropriately
- Enable automatic updates
Free Cybersecurity Workshops
OCTO is offering free Tech 101 workshops weekly and throughout the holiday season to help residents learn more about protecting themselves online. These hands-on sessions cover password management, identifying phishing attempts, secure online shopping practices, and device security. To register for a workshop, visit s.dc.gov/techworkshops .