* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Company \& Culture](https://www2.paloaltonetworks.com/blog/category/company-culture/)
* Cybersecurity Tips From U...

# Cybersecurity Tips From Unit 42 for the 2020 Holiday Shopping Season

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F11%2Fu42-cybersecurity-tips-safer-holiday-shopping%2F)  
[](https://twitter.com/share?text=Cybersecurity+Tips+From+Unit+42+for+the+2020+Holiday+Shopping+Season&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F11%2Fu42-cybersecurity-tips-safer-holiday-shopping%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F11%2Fu42-cybersecurity-tips-safer-holiday-shopping%2F&title=Cybersecurity+Tips+From+Unit+42+for+the+2020+Holiday+Shopping+Season&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/11/u42-cybersecurity-tips-safer-holiday-shopping/&ts=markdown)  
\[\](mailto:?subject=Cybersecurity Tips From Unit 42 for the 2020 Holiday Shopping Season)  
Link copied  
By [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn")  
Nov 30, 2020  
4 minutes  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[best practices](https://www.paloaltonetworks.com/blog/tag/best-practices/?ts=markdown)  
[cybersecurity tips](https://www.paloaltonetworks.com/blog/tag/cybersecurity-tips/?ts=markdown)  
[online shopping](https://www.paloaltonetworks.com/blog/tag/online-shopping/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/tag/unit-42/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2020/11/u42-cybersecurity-tips-safer-holiday-shopping/?lang=ja "Switch to Japanese(日本語)")

2020 has been a year like no other, with the COVID-19 pandemic changing our everyday lives -- particularly the way we celebrate the holidays. As a Unit 42 threat researcher, my mind goes to the holiday shopping season and helping consumers stay safe online.

Just as holiday decorations seem to go up earlier and earlier each year, the surge of online shopping seems to start earlier every year too. The existing trend has grown even more pronounced with many retailers advising customers to shop earlier than ever due to [potential pandemic-related shipping delays](https://apnews.com/article/shopping-coronavirus-pandemic-shipping-holiday-shopping-postal-service-866c7244f823e427511bfabb56d071da). Amazon Prime Day on Oct. 13 and 14 has become an unofficial start to the holiday shopping season, followed by Black Friday and (of course) Cyber Monday. That all leads into Christmas, Hanukkah and other winter holidays.

However, with an extended holiday shopping season -- one that will be predominantly online due to COVID-19 -- come more opportunities for cybercriminals to target consumers with a variety of attacks.

To help you avoid the top four threats that consumers should be aware of, here are Unit 42's 2020 cybersecurity tips for safer holiday shopping.

## Protect against ransomware by separating work and personal devices.

2020 has been the year of [ransomware](https://unit42.paloaltonetworks.com/?search_field=ransomware&pg=1). Attackers have been [brazen during the COVID-19 pandemic](https://www.paloaltonetworks.com/blog/2020/07/unit-42-cybercrime-gold-rush/), primarily targeting [healthcare organizations](https://us-cert.cisa.gov/ncas/alerts/aa20-302a), [educational institutions and municipalities](https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2020/09/22/cybercriminals-strike-schools-amid-pandemic).

While attackers have largely targeted the enterprise and public sector this year, we may see consumers who are working from home and doing their shopping on their work devices get targeted by attackers. The goal for the attackers would be to compromise the consumer's work device, get on the corporate network and infect the organization with ransomware.

Consumers should remember to do their work stuff on their work device and their personal stuff on their personal device. This avoids giving attackers an opportunity to target a consumer's employer.

## Examine email offers carefully to avoid phishing scams.

The most common threat vector for attackers is the phishing email. It's easy and it works, and it's another area where we've seen attackers [emboldened during the COVID-19 pandemic](https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/).

During the holiday shopping season, consumers should be on the lookout for a variety of phishing scams, such as fake shipping notices, fake order confirmations and bogus charities.

Remember to think before you click. Don't click on links from unknown sources. If a deal or offer seems too good to be true, it probably is.

## Double-check domain names to ensure you're visiting the website you intend to visit.

One of the top threats that Unit 42 has observed this year is [cybersquatting](https://unit42.paloaltonetworks.com/cybersquatting/), where cybercriminals register domain names that appear related to existing domains or brands, with the intent of profiting from consumers' typing mistakes. The purpose of squatting domains is to confuse consumers into believing that legitimate brands own these domain names (for example, convincing people that walrmart44\[.\]com belongs to Walmart).

With consumers primarily doing their holiday shopping online this year, attackers will be active in setting up squatting domains that are similar to the stores where people love to shop. For example, Unit 42 [discovered](https://unit42.paloaltonetworks.com/cybersquatting/) that Amazon is one of the top abused domains in 2020.

Consumers should make sure that they type domain names correctly and double-check that the domain owners are trusted before entering any site. Look for that lock symbol or the "https" in the browser.

## Keep an eye on credit card statements to catch formjacking attacks and other suspicious activity.

Another top threat that Unit 42 has observed this year is [formjacking](https://unit42.paloaltonetworks.com/anatomy-of-formjacking-attacks/), where cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site's form page. It is designed to steal credit card details and other personal information from payment forms that are captured on the "checkout" pages of shopping websites.

The challenge for consumers who are doing their holiday shopping online is that formjacking attacks are difficult to detect. Your transaction will go through, but behind the scenes, your credit card information is being stolen by attackers -- and could potentially be sold on the dark web.

Consumers should make sure to double-check their credit card statements to ensure there's no suspicious activity.

In general (not just related to formjacking), consumers should always use a credit card, or prepaid gift card, when making purchases online. This ensures a quick resolution in the event that a cybercriminal gets the card information and makes, or tries to make, a purchase. With prepaid gift cards in particular, it also limits the amount of money a cybercriminal has the potential to steal.

*For more cybersecurity tips from Unit 42 on how to keep your household safe, see "* [*Cybersecurity Tips for the Household CIO of 2020*](https://www.paloaltonetworks.com/blog/2020/10/cc-household-cio/)*" and "* [*How to Protect Against Cyberattacks When Working From Home During COVID-19*](https://www.paloaltonetworks.com/blog/2020/04/network-working-from-home/)*."*

*** ** * ** ***

## Related Blogs

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Cybersecurity Tips From Unit 42 for the 2021 Back to School Season](https://www2.paloaltonetworks.com/blog/2021/08/back-to-school/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Cybersecurity Tips From Unit 42 to Help Stop Ransomware Attacks](https://www2.paloaltonetworks.com/blog/2021/07/stop-ransomware-attacks/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

[#### Cybersecurity Tips From Unit 42 for the Household CIO of 2020](https://www2.paloaltonetworks.com/blog/2020/10/cc-household-cio/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### More on the PAN-OS CVE-2024-3400](https://www2.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Today's Cyberthreats: Ransomware, BEC Continue to Disrupt](https://www2.paloaltonetworks.com/blog/2022/07/cyberthreats-incident-response-report/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative](https://www2.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language