If you’re turkey-induced hangover kept you from venturing out on Black Friday, you were not alone! Each year, the number of shoppers foregoing the craziness and limitations of brick-and-mortar holiday shopping increases. While Black Friday is still a tradition for many, the National Retail Federation estimates that Cyber Monday 2017 will be the largest online shopping day of the year – and possibly of history!

Unfortunately, this fact isn’t lost on cyber thieves who will also be out in force – shopping for opportunities to rob consumers. If you’re planning to cozy up to your laptop after work today, here are a few steps you can take to outsmart the grinches.

Change Your Online Passwords (and Make Each One Unique)

Unfortunately, many of us use the same password for multiple sites – so we won’t forget what password we used! This is a recipe for disaster. If a cyber criminal learns your password due to a data breach, for instance, you can be fairly certain he will log onto other popular sites, use your password again, and hope it will match.

Don’t get Lured in By Phishermen

One common way criminals steal your identity (and money) is by creating fake websites that resemble authentic ones. The most effective way you can ensure you’re not being scammed is to type an online retailer’s web address directly into your browser, rather than clicking on a link or pop-up ad to be directed to it. Additionally, make certain that you’re spelling the retailer’s name correctly and that you haven’t mistakenly made a type. Often criminals will create dummy sites with common misspellings of popular retailers, hoping to reel in careless shoppers.

Activate Two-Factor Authentification

Cyber criminals are becoming bolder and more innovative. One of the most common ways hackers gain access to victims personal information is to infiltrate their email accounts. Your email account stores a wealth of information – including the pieces they need to log into sites you frequent and change your passwords so they can access your personal data. One step you can take to make this much harder for thieves is to activate two-factor authentification. Basically, this means before you (or a thief) can access your email, social media, and other accounts you must take an additional step to verify that you really are you. Often, when two-factor authentification is activated, a site will text a unique code to your smart phone, that you will then be required to enter into your mobile account before being granted access.

Check Your Credit Card and Bank Transactions Daily

Even the most cautious shoppers can be victimized. The sooner you spot a fraudulent purchase, the more quickly you can dispute charges and cancel your stolen accounts. Additionally, many banks offer transaction monitoring services that will flag unusual activity, and even automatically suspend your account until you let the bank know if the charges are legit.