Online Shopping for the Holidays? Be Sure that Website is Safe


With the holiday shopping season in full swing, the Indiana Department of Revenue (DOR) and the Internal Revenue Service (IRS) warn individuals to take extra steps to protect their tax and financial data from identity thieves while online shopping.

The holidays offer cybercriminals a chance to steal sensitive data and then quickly turn that stolen data into cash, either by draining financial accounts, charging credit cards, creating new accounts or even using stolen identities to file a fraudulent tax return for a refund.

“While online shopping is easy and convenient, it is important to remain vigilant when choosing a site to spend your hard-earned dollars,” said DOR Commissioner Adam Krupp. “With hundreds of new websites being created each minute, it can be hard to know how to protect yourself from cybercriminals, but DOR and the IRS can help.”

Both DOR and the IRS have several tips to help individuals protect themselves while shopping online:

  • Avoid unprotected Wi-Fi. Unprotected public Wi-Fi hotspots may allow thieves to view transactions. Do not make any online purchases or financial transactions over unprotected public Wi-Fi.
  • Shop at familiar online retailers. Generally, sites with the “s” designation in “https” at the start of the URL are secure. Look for the “lock” icon in the browser’s URL bar. But remember, even criminals may obtain a security certificate so the “s” may not vouch for the site’s legitimacy. Beware of purchases at unfamiliar sites or clicks on links from pop-up ads.
  • Learn to recognize and avoid phishing emails. Look for misspellings and bad grammar. Also, remember to never click on links or attachments from unknown or suspicious sources. Remember neither DOR nor the IRS using email to send or request sensitive information.
  • Keep a clean machine. Use security software to protect against malware that may steal data and viruses that may damage files. Set it to update automatically so your device always has the latest security defenses.
  • Use strong and unique passwords. Be sure to use different passwords for each account and use a password manager if necessary. Experts suggest a minimum of 10 characters.
  • Use multi-factor authentication. If it is offered, set up your multi-factor authentication for accounts. This means that users may need a security code, usually sent as a text to a mobile phone, in addition to usernames and passwords.
  • Encrypt and password-protect sensitive data. If keeping financial records, tax returns, or any personally identifiable information on computers, encrypt this data and use a strong password.

To learn more on how to prevent identity theft, visit DOR’s website at and click on “Stop ID theft” on the menu.

Tags: , , , ,