Holiday shopping flips brick-and-mortar stores on their head. Empty shelves, endless lines and shopping trips that take you back-and-forth between every store for everyone on your list. It’s no surprise most of Americans have turned to crossing off their lists using online stores. While you can skip the lines, online shopping introduces new safety risks for your personal information.
Safe online shopping is achievable – you just need to know how to protect yourself. If you’re planning to do some holiday shopping this season, read on to learn tips for safe online shopping and how to avoid the most common perils associated with buying online.
Look for the Lock
Safe online shopping starts with knowing your connection is encrypted. Fortunately for consumers, it’s fairly easy to identify when a website has taken at least the bare minimum of security by securing the connection between your computer and their website. You can identify this by looking for the little padlock symbol on your browser or you can look to see if the website URL starts with “HTTPS” instead of “HTTP.”
SSL stands for “Secure Sockets Layer.” Simply put, it secures the communication between two sources that share information, like your web browser and the website. A site with an SSL Certificate will encrypt the connection and protect your credit card information from being revealed when you submit the information for payment processing.
Sites without SSL leave your payment information open for interception. Avoid online shopping on any site that doesn’t use an SSL to protect your data.
Beware of Fake Websites
One of the most common ways you can get burned shopping online is through phishing attempts. Phishing is a type of cyber attack where the attacker pretends to be a reputable source, such as a website you often use, to trick you into filling out sensitive information that they directly collect and use. Common phishing attempts look to have you input your password, credit card, bank account details or social security number.
These fake websites can be incredibly convincing! The two ways you’re likely to come across phishing websites during holiday online shopping are:
Fraudulent E-mails
If you ever receive an e-mail from a company, be careful about following links inside. Hyperlinks online can be disguised in several ways. The most likely way is to simply have a full URL visible, but the hyperlink goes somewhere else. Here’s an innocuous example of this works:
https://www.techferno.com/security
Despite the visible URL looking like it goes to our page about security, the actual URL takes you to our features page. E-mails will use this to look like they’re forwarding you to a legitimate online store, but actually send you elsewhere.
Phishing attempts against online shoppers will include unbelievable offers, suggestions that you won a prize (despite never having entered a contest) or “fear of missing out” with deals you need to redeem within minutes or they disappear forever.
However, phishing ranges beyond online shopping and often involves other services you’re familiar with, like financial institutions or social media accounts. Fake account alerts and messages, bank statements or non-existent charges are all designed to surprise and alarm you into acting quickly instead of doing your due diligence.
How do you avoid these scams? On desktop devices, most browsers allow you to mouse over any hyperlink and get a preview of where it will take you. You can also right-click the link and copy-paste it into the URL bar to see if the link is identical to what the hyperlink text suggests.
Mistyped URL
Not all phishing attempts are active. Some are passive, left like honeypots for excited shoppers to accidentally stumble across by mistyping a simple URL. If you don’t use bookmarks to reach your favorite online stores, be careful when typing in their names.
One transposed letter, mistakenly double-tapping a key or misspelling a common brand name are all potential slips from a legitimate online store to a fake one designed to phishing your details. Like any phishing website, these fake ones can be hard to differentiate from the real deal.
Practice Password Safety
Any time you use the internet, you need to be security-minded. That’s not to say that the internet is a minefield, but caution is your best defense against stolen credit cards and fraudulent charges. At its core, the one thing that protects you across any shopping site is your login credentials.
Strong passwords are important everywhere – but any site that has personal or financial information raises the stakes for security. A weak password could open the doors for thieves to access your account and make purchases – leaving you stuck with the bill or the tedious process of working with your bank to reverse the charges.
Additionally, no website is ever truly invulnerable from data breaches. While the major shopping sites take care to properly encrypt data you give them, not every site will. If you shop online, but with local businesses, they may not have the security you would expect from a brand like Amazon. If a nefarious actor manages to get unencrypted data from the website, it could spell trouble.
That means a strong password isn’t enough – you need to use unique passwords for every site you use. Otherwise, the website with the weakest security will compromise your account everywhere. If you’re currently using the same password across every site, start now, before holiday shopping, and update each one to something different.
Shop at Home
The best place to shop online is in the comfort of your own home – specifically on your own internet connection. Why? Because public wi-fi will never be as safe as your home wi-fi. Even if it’s a password-protected network you use all the time, like at work or at a resort, that network could suffer from several risks:
Man-in-the-Middle – You never know exactly what you’re connecting to with a public network. Someone could be intercepting your data by using software designed to “sniff” out packets of data you send through the network. Using these packet sniffers, they can capture private or sensitive information ranging from sites you visit to information you submit.
Spoofed Connections – Wi-Fi connections can be named anything, at any time. You may trust a Wi-Fi network, but someone could trick you into logging into their Wi-Fi network by imitating the network name. They can then use software to track unsecure information transferred from your PC to websites.
Malware – Viruses are an ever-present risk online. And few viruses are as easy to transfer as those sent to poorly protected laptops on public networks.
When you’re at home, a hardwired connection or connecting to your Wi-Fi makes you less likely to encounter security risks associated with malicious networks.
Credit Cards Offer Better Protection
Which card do you use to shop online? A debit card or credit card? If your answer was a debit card, you may want to reconsider! While the protections offered for bank cards varies from bank to bank, in general, credit cards offer a greater deal of protection versus fraud than debit ones.
This is due to federal laws and the differences between how they approach fraud with credit cards versus debit cards. For credit cards, federal laws can leave you with no liability for fraudulent charges while your card provider investigates the claim. Debit cards? The limitations are often as weak as requiring you to report fraud within 48 hours of the charge to have it reversed without any further recourse!
If you only view your statements once a month, you may find yourself footing the bill for fraudulent charges.
Keep an Eye on Your Statements
Speaking of statements, you should always pay attention to them. Most modern banks and credit unions give you access to online statements that are recent as within the past few hours. Whether your concerned about safe online shopping, or just want to avoid a card skimmer at the gas station, statements are your best bet for detecting fraud early.
A common mistake when glancing over your statement is looking for big purchases. While in the past, fraud would be committed with massive charges to get the most out of a card before it was cancelled, banks caught on. Big charges are flagged and often delayed stopping fraudulent orders before they happen. So, scammers updated their tactics and now charge several smaller charges over time. Sometimes they even sign you up for fake subscriptions that drain just a few dollars from your card every week or month!
Look over every charge. It only takes a few minutes each day or month. Catching fraudulent purchases early increases the chances of reversing the charges and prevents major headaches from the situation becoming worse.
Reviews Are Your Best Warnings
Many online stores operate differently than you expect from a physical store. Especially niche stores that are separate from the “big” ones we all know. The best place to start is to look at reviews. This applies both for newer storefronts, as well as on websites like eBay or Amazon that allow anyone to sell products instead of just the manufacturers.
Keep an eye out for common themes in reviews. For small storefronts you’ve never heard of, look for reviews that have mentions of orders being frequently cancelled or never arriving. They may not be legitimate. Scammers sometimes pretend to sell valuable items at low prices to capture personal information or payment details, then cancel the order and sell your data or make fraudulent orders.
On marketplace sites like eBay, scams can be more straightforward. Electronics, fashion and other high-ticket items are rife with counterfeit products and non-functional fakes. Unfortunately, these counterfeiters will make new accounts frequently. You can’t look to reviews for information, but you can look to see if they have a positive history. Only shop with sellers that have a long history of happy reviews.
Protect Your Passwords with a 14-Day Free Trial
It’s time to take control of your client passwords. Techferno Password Manager offers beyond-bank security and multiple access levels so you can adapt the tool to how your team works.
Designed for agencies, IT companies and any other business that manages several passwords, Techferno Password Manager allows you to share access to passwords and more while retaining the protection of our state-of-the-art secure platform.
Sign up for your 14-Day Free Trial today!
GET SOCIAL WITH TECHFERNO