17 Underused Online Shopping Security Tips
You might think they are obvious, but most people don’t know them
Online shopping is easy and convenient. It takes just a few clicks to order a product and have it delivered to your front door. Maybe you can add a few clicks more for product and price comparisons across websites, but that’s about it. Hassle free and comfortable.
But where there’s money and users to be found, malicious hackers will roam too.
As we go through this article, we’ll talk about the various methods cybercriminals use to exploit unsuspecting shoppers and how you can protect yourself against them.
Here are just a few of the things you will learn by the end of the article:
- Why a credit card is safer than a debit card
- How to spot a fake shopping site
- Why it’s important to keep your software updated, and how to do that automatically.
Best 17 security tips for online shopping.
1. Make sure you’re buying from a real online address
Not all people buy from safe online shops like Amazon or eBay.
One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of drive-by-downloads, or malicious links. However, the most dangerous aspect you should be concerned about is the checkout process.
Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name and address. This opens you up to identity theft, credit card fraud or social engineering attacks.
Here are some dead giveaways that a shopping site is fake:
- Strange URL’s such as “prada-at-awesome-price.com” or “the-bestonlineshopping.com”.
- A strange selection of brands. For instance, the website claims to be specialized in clothes but also sells car parts or construction materials.
- Broken language. Any self-respecting online shop will hire a specialized copywriter to come up with beautiful product descriptions. Alarm bells should go off in your head if descriptions don’t make sense.
- Strange contact information. If the email for customer service is “email@example.com” instead of “firstname.lastname@example.org” then you can bet that online shop is fake.
- Prices are ridiculously low. An online shop that has an iPhone 7 at 150$ is most likely trying to scam you.
- Horrible design. Online shops, particularly those in the fashion niche, take great of the design and usability of their websites.
Hopefully, these basic tips will help you purchase products only safe online shopping sites.
2. Access secure shopping sites that protect your information
If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed.
To know this, the site should start with https:// and you should notice the lock symbol, which is in the address bar at the top.
To access secure websites, we recommend a useful browser extension like HTTPS Everywhere that encrypts connection to major sites and increases your information security.
3. Stay safe using secure connections
Some people think Wi-Fi is a more important resource than water or food. We admit their arguments are fairly convincing (a Wi-Fi connection allows you to buy as much food/water as you need).
However, Wi-Fi however has some serious limitations in terms of security. Unsecured connections allow a hacker to intercept ALL of your traffic and see everything you’re doing on an online shop in real time. This means checkout information, passwords, emails, addresses, you name it.
Here are some Wi-Fi warning signs to take into account before buying stuff online
- The connection is open and doesn’t have a password.
- It uses WEP/WPA encryption. While better than nothing, they are simple encryption languages and can be easily broken.
- The router is in an exposed location, allowing people to tamper with it.
The most secure type of encryption for Wi-Fi routers is WPA2 AES, and offers a vastly better protection than WEP or WPA. Yet even this type of connection can be hacked by a persistent attacker.
A densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot is a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed.
You should also never buy things online from an open Wi-Fi network with no password, no matter how few people are connected to it. It’s simply not worth the risk.
Here are some more steps you can follow to stay safe while using a public Wi-Fi.
4. Update your browser, antivirus and operating system.
Unpatched software is a frequent cause of malware infections. Online shoppers are most at risk because of this, due to the sensitive information involved.
Make sure you at least have an updated browser when you order things online. This will help secure your cookies and cache, while preventing a data leakage.
You’ll probably balk at having to constantly update your software. It’s a tedious and time consuming operation, and most of the time the benefits are under the hood and offer no new features.
For this reason, we’ve developed Heimdal FREE, a tool that automatically updates your software, all while being invisible and not bothering you with needless notifications.
5. Keep an eye on your bank account
Malicious hackers really want your credit card data, and online shops are the best place for them to get their hands on such information.
Credit card data leaks aren’t always your fault. Often times, companies get hacked and their information falls into the hands of cybercriminals.
For this reason, we urge you to periodically review your bank account and check up on any suspicious activity.
Here are some more financial safety tips:
- Never let someone see your credit card number;
- This may seem obvious, but don’t keep your PIN number in the same spot as your credit card (you would be surprised how many people do this);
- Destroy and delete any bank statements you have read. For statements in digital form such as pdf’s or Word documents, we suggest you use a file shredder instead of simply deleting them, since this makes the files completely unrecoverable;
- Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address;
- Whenever possible, try to activate two-factor authentication payment methods
- Be sure to keep confirmation numbers and emails for any online purchases you may have done;
- Immediately lock your credit cards if you lose them. Even if you’re sure you just misplaced them, it’s best to be paranoid rather than defrauded.
6. Use antivirus protection for your PC
The most frequent tip on how to be safe online is to use a good antivirus. Granted, it will struggle to block out the newest and most sophisticated threats out there, but it will keep you safe against known malware.
Here’s a comprehensive guide on how you can find the biggest and baddest antivirus out there.
7. Bulletproof your system against cybercriminals
There are more tools out there to help you do safe online shopping.
An antivirus has one major disadvantage: it is a reactive solution to a malware infection. This means that most of the times it becomes effective AFTER a malware has arrived on your PC.
As a solution to all this, we propose you use a tool that can block an incoming malware BEFORE it reaches your PC.
Such software should be able to do the following:
- Using an advanced traffic scanner, it can filter incoming and outgoing traffic to your PC and detect any potential malware.
- Even if malware has somehow made its way onto your PC, it can effectively remove it from your device
- It will scan a website for embedded malware and block it from loading in case it finds one.
We really believe that our own Heimdal PRO is worth your time and trust, so maybe you’d like to give it a try.
8. Keep your shopping accounts secure with a password manager
Often times, we do online purchases from multiple sites that specialize around a certain niche. But most people will simply reuse the same password for each account, and that in itself is a major security risk.
However, a password manager like Dashlane or LastPass will greatly simplify and secure your login process, by helping you come up with more secure passwords and automatically introducing your login details.
9. Don’t fall for their tricks
Having the right security programs will go a long way in improving your safety when buying things online.
But what will really take your internet shopping to the next (security) level is a good understanding of cybersecurity threats combined with a few common sense rules on what you should and should not do online.
Here just a few relevant online shopping safety tips:
- Don’t click on any suspicious links or emails;
- Report any site that seems fraudulent, and also use the “flag as spam” button for any suspicious email;
- Don’t reveal more personal information than you have to in order to complete the purchase.
10. Do not purchase from spam or phishing emails
The graph above shows how many people open phishing emails and then click the link. Phishing emails are so well optimized they often enjoy higher open and click rates than legitimate emails from trusted businesses.
A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order product” or “Buy now”, and that’s when the malware attack starts.
And a big source of click rates is the Unsubscribe button.
A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam because malicious hackers don’t play nice.
The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.
12. Keep a record of your transactions
If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product.
So, write it down: what you bought, when and from what website.
Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.
13. Don’t give internet shops more private information than they need.
In order to shop online you need to provide two types of information: payment information, such as credit cards data, and shipping location, which is usually your home or work address.
Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.
The safest way to pay online is to give your money directly to the delivery agent instead of paying by credit card. This way, the online website won’t get to have your payment information in their database, meaning a malicious hacker won’t get his hands on your data if they break into the seller’s website. Admittedly, few online retailers allow this, but if available, use it.
And if you don’t want to give away your work or home address, see if it’s possible to have the package dropped off at a certain delivery point where you can just go and pick it up.
14. Hold on to your receipts and destroy them when not needed
We strongly recommend you keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues.
If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any little information about you.
15. Don’t keep too much information on your smartphone
These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them. These devices are now much less about calling people, and more about photos, social media and whatnot.
Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents.
For this reason, we recommend you keep as little information as possible on your phone, and instead rely on offline storage or cloud solutions.
16. Buy from a mobile device, not from PC
Are you buying from a major retailer, like Amazon or Walmart? Well, now all of them have dedicated mobile apps. Apps are more secure online shopping channels than websites since malicious hackers need to create specific attacks for specific apps.
17. Use a credit card, not a debit card
Credit cards have some extra-legal defenses built in that make them safer to buy stuff with compared to debit cards.
For one thing, with credit cards you aren’t liable if someone does fraudulent credit card transactions, so long as you report the fraud in a timely manner. After all, its the bank’s money, not yours.
Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.
Ultimately, banks are much more protective of credit cards since it’s THEIR money on the line, not yours. Ideally, there shouldn’t be a difference, but you know how things go.
Online shopping safety is a growing concern among both e-retailers and shoppers. The former wants to protect their reputation and preserve consumer trust, while the latter wants to know their money is safe.
A lot of progress has been done over the years, such as two-factor authentication and improved infrastructure. But one thing we are apprehensive about are companies seeking to “improve conversion rates”. In order to sell more, they cut down on the steps required to buy something, and more often than not, those extra steps tend to be security measures.
So, how do you shop online keeping yourself free of phishing attempts, data breaches or identity theft operations? Do you have other solutions?