10 Tips for Safer Online Shopping
The holiday season will be here before you know it, so it’s time to brush up on your online shopping safety skills. From spotting shady websites to avoiding deals too good to be true, it’s important to stay vigilant while you shop. For example, the Better Business Bureau recently warned consumers about a new “card declined scam.” Here’s how it works: After you enter your credit or debit card number to pay for an online purchase, an error message appears, stating your payment method has been declined and urging you to try a different card. Confused, you enter a different card number but receive the same error message. What’s going on?
If you call your bank to ask about the errors, the representative will probably inform you that you’ve been charged more for your purchase than anticipated. Yep, it’s that easy to become a scam victim. Below are basic guidelines for avoiding incidents like this and other ways to keep yourself safe online.
1. Only Shop on Popular or Familiar Websites
(Credit: wera Rodsawang / Getty Images)
Search results can be rigged to lead you astray or even infect your device with malware. A good deal isn’t worth the risk when we all know Amazon carries everything under the sun. Likewise, almost every major retail outlet, from Target to Best Buy to Home Depot, has an online store.
Beware of misspellings or sites using a different top-level domain (.io instead of .com, for example)—those are the oldest tricks in the book. Yes, sales on these sites might look enticing, but that’s how they trick you into giving up your info.
2. When in Doubt, Look for the Lock
(Credit: BestForBest / Getty Images)
If you’re unsure if the site you’re buying from is legit, look at your browser’s address bar. Never buy anything online from a site that doesn’t display a lock icon near the URL. The lock icon indicates that the site has SSL (secure sockets layer) encryption installed. This means your data transfers are more secure than they are on an unencrypted site.
Another way to tell if a site has SSL is to look for a URL that starts with https://, which is standard, even on non-shopping sites. Google Chrome flags any page without the extra S as “not secure, ” so a site without it should stand out even more.
3. Research the Seller Before Buying
(Credit: NickyLloyd / Getty Images)
If you’re wary of a site, perform your due diligence and look them up before you shop. The Better Business Bureau has an online directory and a scam tracker. Yelp and Google are packed with retailer reviews. Put companies through the wringer before you plunk down your credit card number. There’s a reason that non-delivery/non-payment is the most common cybercrime complaint: it hurts when that happens, financially and emotionally.
That said—online reviews can be gamed. If you see nothing but positive feedback and can’t tell if the writers are legitimate customers, follow your instincts.
If nothing else, make sure you have a concrete address and a working phone number for the seller. If things go bad, you have a place to take your complaint. In fact, call them before you order so you can clarify a return policy and where to go with any issues after the purchase.
(Credit: OscarWong / Getty Images)
There is no reason an online retailer needs to know your birthday, middle name, Social Security number, or any other personal information beyond your payment method and mailing address. Feel free to lie if a retailer requires you to fill in that data to complete your transaction. What are they going to do? Tell on you?
The more scammers know about you, the easier it is to steal your identity. When possible, default to giving up as little personal data as possible. Major sites get breached all the time, so keep your information private.
5. Don’t Use Your Debit Card to Shop Online
(Credit: Westend61 / Getty Images)
If your debit card is compromised, scammers can access your bank account directly. Instead, use a credit card or mobile payment app when shopping online. Some banks offer disposable credit card numbers to make online shopping even safer, as do some security services like IronVest. The Fair Credit Billing Act ensures that you are only responsible for up to $50 of credit card charges you didn’t authorize if you get scammed. Most reputable card issuers won’t hold you responsible for any unauthorized charges at all. Most banks will also return any cash stolen by identity theft, but they often have to perform an investigation, and it could take days or weeks to get your money back, compared with minutes for a credit card.
Regularly review the electronic statements for your credit card, debit card, and checking accounts. If you see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only when you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems; however, you might be liable for the charges anyway.
6. Pay With Your Phone in Stores
(Credit: MoMo Productions / Getty Images)
Paying for items using your smartphone has become pretty standard in brick-and-mortar stores and is more secure than using your credit card. Using a mobile payment app like Apple Pay or Google Pay means you’ve authenticated your identity using your device, so no one else can claim to be you and steal your data or money. Plus, you avoid card skimmers.
7. Watch Out for Fraudulent Gift Card Exchanges
(Credit: Quinn Rooney / Getty Images)
When it comes to gift cards, stick to the source when you buy one. Scammers like to auction off gift cards on sites like eBay with little or no funds on them. Alternatively, the many gift card “exchanges” out there are a great idea—they let you trade away cards you don’t want for the cards you do—but you can’t trust everyone else using such a service. You might get a card and find it’s already been used. Make sure the site you’re using has a rock-solid guarantee policy. Better yet, go directly to a retail brick-and-mortar store to get the physical card, or buy electronic gift cards issued by the retailer, sent directly to your recipient.
8. Stay Private While Using Public Wi-Fi
(Credit: Prostock-Studio / Getty Images)
If you’re shopping via a public hotspot, stick to known networks, even if they’re free, like those found at Starbucks or Barnes & Noble. You should probably also use a virtual private network (VPN) to be safe (here’s why). For more, see our tips for public Wi-Fi hotspot security.
Recommended by Our Editors
9. Install and Use Security Apps
(Credit: Westend61 / Getty Images)
Use a password manager to create uncrackable passwords and passkeys. It will keep track of them and fill them in as you shop. You can also save time filling out mailing address forms by storing that info in your password manager and letting it enter the data for you at checkout.
It’s also a good idea to protect all your devices against malware with regular updates to your antivirus program. Better yet, consider a full security suite, which will have antivirus software and will also fight spam, delete spear-phishing emails, and prevent phishing attacks from websites (the latter two try and steal your info by mimicking a message or site that looks legit).
Consider installing an ad blocker extension on your favorite browser, too. An ad blocker not only cleans up your browsing experience by eliminating annoying or intrusive banner and popup advertising but also blocks trackers that monitor your browsing activity.
Finally, enable multi-factor authentication for all of your online accounts. An authenticator app makes this incredibly easy, or you can use a hardware security key.
Remember, it’s not enough to have this stuff installed. Make sure your security tools are always up to date. Otherwise, any new threats can get to your devices—and there are always new threats.
10. If You Do Get Scammed, Don’t Get Mad, Get Revenge
(Credit: Prostock-Studio / Getty Images)
Don’t be embarrassed if you get taken for a ride while online shopping. Instead, make a bit of scene—online, of course. Complain to the seller. If you don’t get satisfaction, report the incident to the Federal Trade Commission, your state’s attorney general, or even the FBI. That will probably work best if you buy in the US rather than from foreign sites or international dropshippers. If you’re going to get scammed, try to get scammed locally…or at least domestically.
Hacked? Here’s You Can Do About It
If you still find yourself a victim of identity theft or if your accounts are compromised after your online shopping spree, check out our guide for what to do when you’ve been hacked. After following our steps to secure your accounts, bookmark and visit PCMag’s online safety checklist to keep yourself and your family safer online all year.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Eric Griffith
Senior Editor, Features
Read the latest from Eric Griffith
About Kim Key
Senior Security Analyst
Read the latest from Kim Key
link