8 Tips to Keep Your Identity Safe This Holiday Season

Cyber Week sales are expected to reach $311 billion worldwide leading into the holiday season. While big sales promotions like Black Friday and Cyber Monday are great for taking advantage of deals, especially online, the unfortunate reality is that cyber crime also peaks this time of year. In fact, a 2024 study conducted by anti-virus software Norton, showed that 48% of people have been scammed while holiday shopping online.

Hackers are also aware that online shoppers may lower their guard when searching for that special gift they’ve been eyeing on sale. Hackers buy and sell personally identifiable information (PII) on the dark web, and can be skilled at hiding their attempts to steal personal information.

The good news is that with awareness and a small amount of effort you can proactively protect yourself and your family from identity theft leading into the holiday season.

1. Freeze your credit

While it might sound counterintuitive to shopping the season away, freezing your credit can keep your sensitive, personal data from being accessed by people who shouldn’t have it. That means being able to block fraudulent credit or loan applications, even if a hacker has insider info like your Social Security number, address, or birthdate.

2. Check your credit reports regularly

What you don’t know can hurt you. Your credit report (which is more than just your credit score) is vital to your overall financial well-being, so it’s important to keep an eye on things like credit inquiries, open and closed accounts, payment history, and other credit-related data. Checking it at least once a year (if not more) will help you better spot anything that looks suspicious and report it in a timely manner.

3. Safeguard your Social Security number by only giving it out when absolutely necessary

Your Social Security number (SSN) can be used to apply for credit in your name. If you’ve bought a car, opened a bank or credit card account, taken out a mortgage, or engaged in any other major financial activity, you’re probably familiar with this. No one has a legal right to your SSN except you. If someone is asking for it, that’s a red flag. Double check whether it’s absolutely necessary, and don’t enter it (or any other personal or payment data, for that matter) anywhere that’s unencrypted.

4. Beware of phishing, vishing, and smishing

You’ve probably heard of phishing (email) scams, but what about those strange voicemails (voice phishing, or vishing) or text messages (SMS phishing, or smishing) that seem to be cropping up everywhere these days?

Their aim is to deceive you into clicking a malicious link by sending cyber attackers straight to your inbox or phone. This tactic, known as social engineering — basically means they’re tricking you into thinking their messages are legitimate. Hackers are now using generative AI to improve their phishing, vishing, and smishing attempts, making it even more difficult for consumers to spot when they’re being targeted.

Whether it sounds like a customer support issue or you’ve won a free gift, you should always be wary of any incoming messages asking you to click on a link or open an attachment. Make sure to always verify their validity independently.

5. Use strong passwords and add multi-factor authentication (MFA) to your accounts

MFA is of the easiest (and best!) ways to protect yourself online and secure your user accounts. It’s now available on most platforms, and should at minimum be enbaled for your email, finance, and social media accounts. These days, most online accounts offer some form of multi-factor authentication, so take a moment to dig into your profile settings and activate it wherever possible.

MFA provides an extra layer of security that makes it very difficult for hackers to access your data. It requires users to verify their identity with two or more pieces of evidence (or factors). These factors are typically information that the user knows, such as a username/password combination, plus something they have in their possession, like the code from an authentication app on a mobile device. Stronger forms of authentication are preferable, like an authentication app, but it’s acceptable to use email and text as a second factor if those are the only options available.

6. Shred documents that contain personally identifiable information (PII)

This one is self-explanatory. The good old fashioned shredder is still the best way to keep any and all printed personal information out of thieves’ hands. If you don’t own one, not to worry. Check online for local shredding events in your area, as many cities and counties now offer them. Or find a local shipper or printer who provides these services.

7. Use a digital wallet

Since most of us are all about convenience anyway, taking advantage of today’s plethora of digital wallets can make your life easier and more secure, all at once. What’s a digital wallet? ApplePay, Google Wallet, PayPal, Venmo, and Cash App are a few examples. They all take advantage of digital capabilities like Bluetooth and wifi to securely transmit your payment data at a point of sale, encrypting your credit card number at the same time. That means no swiping your card and worrying about stripe readers or accidentally leaving your card behind. Just make sure you use a secure, well-established provider and a password-protected device.

8. Happy (and secure!) shopping awaits

While all of these tips are a great starting point to protect yourself and your family, if you suspect your identity has already been stolen, it’s important to act right away. Start by visiting the FTC’s Identity Theft website to report the theft and create a recovery plan.

If you ever receive a suspicious email that appears to be from Salesforce, or suspect your Salesforce credentials have been compromised at any point, whether related to theft or not, report (and forward) this immediately to security@salesforce.com.