The Ultimate Guide to Shopping Online Safely
Make sure your confidential data is safe from cyber criminals’ malicious reach
✓ Using the same password for all digital accounts
✓ Automatically filling in credit card details and home address when shopping online
✓ Clicking right away on an offer found on social media
✓ Agreeing to Terms and Conditions you never read
✓ Connecting to free wi-fi from coffee shops
Guilty of any of these? Perhaps all?
Well, you are not alone.
There is a huge discrepancy between what people should do to increase their online security and what they actually do. The main reason for that? They are unaware of the risks they are exposing themselves to and ignore all the warnings.
“It won’t happen to me“, right?
Every year, 9 million Americans fall prey to identity theft. Personal information may be used to open new credit card accounts, ask for loans from banks, rent pla
Cyber attackers are constantly upping their game, thus increasing the chances for you to become a victim.
With the Christmas shopping season at its peak, we’ve been working on a complete guide to safely shop online.
Here’s a sneak peak at what you can learn right now:
How can I choose where to buy from?
Check the 3 Rs: Reputation, Recommendations, Research
Try to shop mostly from well known, trusted websites and brands. Go for online shops that are at least half an year old. This will reduce the chances of unpleasant surprises.
It doesn’t guarantee you a 100% protection against frauds, as legit online shops are also vulnerable to cyber attacks. However, they will pay more attention to security measures and invest more in protecting your sensitive data.
If you want to buy something from a shop you haven’t bought from before, do some research first. Ask around, perhaps someone you know already experienced their services. Search for mentions in media, social channels, blogs, forums, see what reviews they received from other customers.
How to spot trustworthy online shops?
1. Don’t buy anything from websites that don’t provide complete information about the company.
Look at what’s written in the Footer, visit their About page.
If you only found a contact form, that’s a bad sign.
Another bad indicator is if they are using a free public domain for their e-mail address, such as Gmail or Yahoo, instead of the website’s domain. It shows that the webstore representatives are sloppy and unprofessional.
2. Take your time and read the Terms and Conditions, Guarantee, Privacy and Return / Refund policies.
For your own peace of mind, you should never skip on reading these when shopping online.
Here’s an example to remember: Five years ago, more than 7.500 online shoppers unknowingly sold their souls to GameStation, a British computer game retailer. In the Terms and Conditions was included an “immortal soul clause”, that gave the company the right to claim their soul.
How many times have you unknowingly sold your soul online?
Stay informed and know your rights. Beware of what hidden charges and services you might agree on, that you normally wouldn’t. Check if the company offers shipping insurance or refunds, in case your package is lost or damaged.
You should also pay attention to discrepancies – does the website say one thing on a page and contradicts somewhere else?
Other red flags:
3. Look for trust or quality seals. These show that the website undergone an independent evaluation proccess and met all the requirements of the company that issues the seal.
Quality seals were created with the purpose to increase online shoppers confidence. However, you should be aware that they aren’t always a guarantee that a website is trustworthy, as some websites may display these fraudulently.
How can I tell if my payments are safe?
Before you rush into filling in any sensitive data, such as personal information or credit cards details, make sure that you’re on a secure connection. Otherwise, your data can be accessible to anyone who knows how to get it.
How can you check that? It’s easy:
Look at the address bar. Does the link start with “https” instead of “http”? The extra “s” means that the website has a valid Secure Sockets Layer installed (short for “SSL“). This is a method to ensure that the data sent and received is encrypted and the online transaction isn’t intercepted in transit. It’s not something compulsory, but most legit websites will obtain SSL digital certificates.
Another method is to look for the icon of a closed padlock. It’s usually located on the left of the web address, but it depends on the browser you’re using. Some browsers will also highlight the address bar in green. These are indicators that you are visiting an encrypted site and the connection is secure.
If you want to find out more informations about the SSL certificate, you can click on the padlock icon.
What other potential threats should you look out for?
1. Beware of phishing strategies.
These are methods to trick you into giving confidential information, used to gain access to financial account or steal your identity.
How do they work?
E-commerce phishing works through emails that, in appearance, were sent by a legitimate person or company, such as Amazon or PayPal. They try to lure you into handing over ID, passwords, social security number, credit card details. This happens either by replying to their e-mail, by following a link contained by the e-mail or via attachment.
Why does it work?
Phishing strategies evolved greatly in the past years. They usually play on your emotions or urgency. They can promise great deals or alert you that it might be a problem with an account. It then leads to malicious content: look-alike websites, that ask you to enter personal informations.
Other times, they may direct you to the real website and show you a pop-up, where you’re asked to introduce sensitive data. This way, attackers minimize the chances for you to realize what happened.
How can you stay away from it?
Be vigilant when you click on links from ads or pop-ups. This is also available for e-mails, no matter if they were from someone you know or not. Just clicking on a link is enough to get your computer infected.
Here’s an example of phishing e-mail:
Beware of bogus or misleading links. Check them by hovering your mouse over them. Links may look identical, but use a spelling variation or a different domain (.net instead of .com, e.g.).
Pay attention to URL shorteners you are clicking on. Attackers may take a long URL, shorten it using legit services, such as bit.ly, and then redirect them to the intended destination.
Useful tool: You can check URLs using URLvoid.com . It’s a free service that can check the shop through online reputation tools, thus detecting fraudulent and malicious websites.
Safest way to go? Every time you want to visit a website, it’s recommended that you make an effort and manually introduce its link in the address bar.
Be careful with what personal information the website is requesting you. Do they really need all that information about you, such as your social security number or your birthday? Fill in the least amount of data needed for a delivery.
It’s also encouraged that you use a dedicated email address, only for online shopping. This way you will reduce the risk of future phishing, spam and scam messages to your main email address.
2. Other notable threats are Dridex or Dyreza. These are malware that use the source code from Zeus, a Trojan horse that infected millions of computers and tried to retrieve their private financial informations. Once the cyber attackers have all the credentials they need, they log into banking accounts and make unauthorized money transfers through a complex network of computers. We wrote an extended article about it.
Take your time and read our article on top financial threats.
How can you secure your online transactions as much as possible?
Go for Credit Cards instead of Debit Cards
When buying online, pay with a credit card instead of debit card. Credit cards have built-in protection programs that shield you from any kind of fraud, theft, unauthorised transactions, overcharging, ordering items that never arrive or paying for services that are never performed.
They also provide you a period to review card statement and report potential fraud. The purchases are stalled while the bank investigates the transactions.
It’s recommended that you use a separate card, only for online transactions. Put money on it every time you want to buy something.
Ask your bank to activate all available security measures
Enable two-steps approvement for transactions, using your phone number. However, when you’ll need to make transactions via your mobile, use the token instead of SMS.
Turn on SMS notifications for all card transaction. It will alert you in real time when an online transaction exceeds a certain amount.
If the shop is asking to store your credit card details, for further purchases, choose not to. For your safety, it’s better to take your time and fill them in every time you want to make a transaction.
Put a security freeze on your credit report. It doesn’t cost much and will prevent the opening of new accounts in your name. You’ll have to lift it every time you want to apply for a loan, a job or rent a home, but it’s better to be safe than sorry.
Periodically monitor your transactions / bank account activity
Make a habit of checking your account every day, or at least once every other day. Look for unknown or shady transactions.
If something’s amiss or there’s a transaction you don’t recognize, no matter how small the amounts of money, pick up the phone and immediately contact your bank.
How do I create strong passwords?
Always pay attention to the way you are choosing your passwords, as they are the top cause for frauds and data breaches.
Here’s how to create strong passwords:
Length: Go for passwords longer than 15 characters. The longer, the more secure, as combinations possibilities increase exponentially.
Characters: Make sure you include both uppercase and lowercase letters, numbers and symbols.
Uniqueness: More than 50% of users use the same passwords for all their accounts and never changed them. But you don’t use the same key for your house, car and office, right? Create different passwords, never repeat them. Otherwise, if someone manages to hack one of your accounts, they will be able to gain access to all of them.
Content: Avoid passwords that can be easily guessed. Passwords that contain your name, the word “password” or “hello” or the name of the website you’re creating them for, family members names or birth dates, pets names, your city or county – these are all big NOs.
Change them periodically. Monthly is recommended. Change them especially after you accessed your accounts on a foreign computer or public hotspot. Don’t store them on a .txt file on your PC or mail draft.
Activate multi-factor authentication, if available. That means that you’ll receive on your phone a unique one time code. It adds a second layer of protection, that’s much more difficult to be accessed by cyber attackers.
Amazon recently started to roll out this option to some users:
Don’t forget to secure your recovery questions. With social media and blogging so accessible, someone that intents to hack into your account can use all the information you willingly made public. In order to avoid this, choose recovery questions that the answers are nowhere available and nobody knows them. Another option would be to treat the answers just like any other password.
It will be easier to remember all the passwords if you start using a password manager. With it, you’ll only have to remember one passwords, the one that you use to access your password manager account. Read more about it in our dedicated article.
What to do if one of your online accounts was hacked?
If one of your online accounts or service providers got hacked, immediately change the password used for that account. It doesn’t matter how often you use it or how important it is to you. Even if it’s just an entertainment service, make sure you change it.
If you used that pass for other accounts, also change those passwords and use different ones.
After that, change the password for the email linked to that account.
How to make sure your Internet connection is secure?
Don’t connect to public hotspots and wi-fi or use public computers. They may be easily compromised and your entire internet session could be tracked, including your credit card data. We strongly discourage their use, either encrypted or not.
It’s safer for you to connect using 3G – make your phone a hotspot and use it.
However, if you do have to connect through a public hotspot, make sure that when you’ll be prompted to set network location, always select Public – this comes with extra security measures.
Don’t log into your e-mail, banking or other major accounts while connected to public wi-fi or using public computers.
Start using VPN.
A VPN (Virtual Private Netowrk) can offer extra shield when you want to safely navigate online. It’s a network that uses the Internet public infrastructure to connect to a private network, usually created and owned by corporations. They can be used to hide a user’s online activity from attackers.
ComparisonVPN is a great resource, that helps you compare VPN products.
How to increase your computer security?
Always keep your software up to date. Don’t ignore the requests for updates.
If you have Adobe Acrobat Reader, Adobe Flash, Quicktime or Java installed on your computer, be aware that these are notorious for their vulnerabilities. Only 8 popular applications are responsible for making 99% of computers vulnerable to cyber attacks because of the outdated software.
Install good antivirus software, from a reliable security company.
It should include real-time scanning, automatic update of virus database and firewall. You can read our guide on how to choose the best antivirus.
Remember that it’s not enough and a traditional antivirus can not detect second generation malware.
All these measures also apply to mobile devices (smartphone or tablet). Keep them secured and clean. Install the latest updates and software versions.
If you share your computer with family members, make sure they are taking the same security measures. Educate your children on the matters of online safety as early as possible.
As a rule of thumb, you should always just trust your gut.
Be suspicious with those exclusive offers that seem too good to be true (they probably are!) or that demand urgent action.
If something smells fishy, it’s safer to go with your instincts and leave that website.