Holiday shopping season is upon us, and with it brings bargain-finders and hackers alike, looking to score a deal. The holiday season provides prime opportunities for online hackers to take advantage of unsuspecting shoppers through fake websites and charities, as well as links that will capture your sensitive data. Their goal is simple: use your personal and financial information to insert malicious software, steal your identity and take your money.

Cybercriminals have more than 15 billion stolen credentials to pick from. If they choose yours, that would mean that your bank accounts, health care records and other sensitive information is at risk. However, you can outsmart the hackers by taking CISA’s common sense steps to protect yourself and your data while holiday shopping online:

1. First, taking the time to set up multi-factor authentication (MFA) on your accounts makes it much less likely you’ll get hacked. This is a quick way to make stealing your information harder for the average criminal. These criminals are looking for an easy target; this is one way to make yourself less enticing.
2. Keep automatic software updates turned on. Running the latest version of software helps ensure the software is currently supported and tested for vulnerabilities.
3. Think before you click. Only shop through trusted sources and vendors. Going straight to the website is best, since most successful cyber-attacks start with phishing emails that look like they came from the retailer.
4. Use strong passwords. Check out these tips for creating a strong password, and consider using a password manager to generate and store unique passwords.