Shopping online can be a convenient way to get through your holiday shopping list, but just as in the physical world, there are precautions every online shopper should take to protect personal and financial information.
For the most part, shopping online is safe—that is, if you use familiar, reputable websites. But sometimes in order to find that perfect gift you may need to stray from your usual vendors, and that means you must take extra precautions to make sure that you don’t end up handing your credit card data to online fraudsters.
Threats that can thwart safe online shopping
There are a number of threats to online shoppers on Black Friday week, Cyber Monday week, and any other time of the year, including:
- Poorly secured or unsecure sites that could leak your personal or financial information
- Cybercriminals could steal your private data, including passwords, to break into your accounts
- Scam sites may offer deals that seem too good to be true (because they are)
- Some sites may send you spam, so you should know their policies and look for opt-out controls
- Some sites may contain malware or harmful ads
So what can you do to ensure your holiday shopping experience is safe and enjoyable? Here are seven essential cybersecurity tips to help you stay out of trouble when shopping online.
1. Shop on familiar Web sites whenever possible
There are many popular online stores, some of which have a reputable brick-and-mortar counterpart, and others that are online-only. Amazon, Apple, Barnes & Noble, Bed Bath & Beyond, Costco, Fry’s Electronics, Kohl’s, Newegg, Target, and Walmart are just a handful of reputable online shopping sites.
Well-established businesses tend to face more scrutiny from legislators and consumers alike. This often means they are more likely to have higher standards for site security, and are more likely to comply with consumer privacy laws such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR), than some very small or lesser-known online stores.
Also, be aware that some sites like eBay and Amazon allow third-party sellers to sell items, even if they’ve just barely created a seller account. Be cautious about buying from third-party sellers without an established reputation. Again, if a deal seems too good to be true, or if it’s a high value item and the seller has zero experience selling on that site (or worse yet, negative feedback), avoid buying from that seller.
2. Shop safer on less-familiar sites
Sometimes you may not be able to find a particular item at the most popular online retailers, and you might be tempted to buy an item elsewhere.
If you’re unsure about the legitimacy of an online shopping site that you’ve never heard of before, try checking the site’s ratings on sites like Trustpilot or the Better Business Bureau. Then if you still can’t verify that a site is legitimate, it’s safest to just avoid making the purchase, no matter how tempting the deal may be.
However, what if you’re fairly certain that a site is safe but still want to take an extra level of precaution? You can use a virtual credit card number (or virtual debit card number) for a one-time use transaction, or for exclusive use with a single site. Check with your credit card company or bank to find out if they offer virtual card numbers. If not, you can try a third-party service like Privacy, where a free personal account allows you to create up to 12 virtual credit cards per month, with paid tiers if you want more virtual cards than that.
Generally, if you’re connected to a secure site, you should see a small, closed-padlock icon (similar to 🔒, but usually in a single color) to the left of the address in the address bar.
Historically, you might notice that the site address would begin with “https://”, which would indicate at least a basic level of protection—the “s” stands for secure! However, in many modern browsers, you’ll no longer see the protocol portion of the address unless you click inside the address bar. If you don’t see https:// after clicking there, and you don’t see a padlock icon, then your connection to the site may not be secure.
4. Use strong, unique passwords
Using a unique password for every site is critically important to protecting your other accounts. Consider that password breaches happen all the time, and if your password leaks from one site and you use it on multiple sites, your security at those other sites is also compromised.
To help you keep track of all your unique passwords, consider using a widely trusted password manager, such as 1Password, Dashlane, iCloud Keychain, Keeper, or LastPass.
Your passwords should also be sufficiently long and complex. Length is generally considered to be more important than complexity, so consider using passwords of 10–16 characters in length, or longer if you prefer (the longer, the better). However, even with a long password, it’s still a good idea to use a combination of uppercase and lowercase letters, numbers, and special characters. If you’re using a good password manager, you can often have them generate a pseudorandom password for you.
5. Avoid public Wi-Fi networks (or use a trusted VPN)
Always assume that public Wi-Fi networks are not secure, even if they seem to be. Public networks—such as you might find at a restaurant, coffee shop, hotel, library, or your dentist’s office—may not have any security at all, or may have very weak security. Either way, they could leave you vulnerable to various attacks from hackers connected to that network. Also, some companies log or monitor customers’ or users’ usage of their network.
Thus, you may want to avoid shopping or entering sensitive data (bank account information, credit or debit card details, etc.) when using the Web on a public Wi-Fi network.
The exception to this rule is if you tunnel all your network traffic through a trusted virtual private network—a VPN. Be sure to check out our featured article about VPNs to learn more about how they can protect you, and Intego’s recommended VPN providers.
6. Use good protection software
Invest in a computer security suite that offers anti-virus, a two-way firewall, and other essential tools, like Intego’s Mac Premium Bundle X9, to protect your data and your computer from online threats. Intego also offers Windows antivirus protection. (See below for special links to our Cyber Week 2020 deals!)
If you shop or read reviews on Amazon, Best Buy, Sephora, Steam, TripAdvisor, Walmart, or Yelp, you may also want to check out Fakespot. They have an iOS app and a Chrome browser add-on, and it’s very handy for analyzing reviews to get another opinion about whether they might be legitimate or disreputable. Just because an item on Amazon has positive reviews doesn’t necessarily mean it’s a good product; it might be padded with spam reviews to make it look better than it really is.
7. Monitor account statements for fraudulent activity
After making online transactions at sites you haven’t visited before, be sure to double-check for any accidental or potentially fraudulent charges. Take a close look at your account and billing statements. Unauthorized credit card usage should be reported immediately in order to have the best chance of getting the charges reversed, and to prevent further unauthorized activity.
You should never give your social security number to simply make a purchase from a site! Unlike credit fraud, identity theft including a compromised social security number is much harder to detect and properly address.
Shopping online should be secure and enjoyable, and with these cybersecurity tips you can stay safe while you shop.
Intego’s Cyber Week deals for 2020
If you happen to read this by December 5, 2020, first-time buyers (and past customers with expired subscriptions) can get a very special discount on Intego’s Mac software: up to 65% off Mac Premium Bundle X9—the ultimate Mac protection and utility suite.
You can also get a discount on Intego Antivirus for Windows. Remember to use these links to maximize your savings, and be sure to tell your Mac and PC using friends about these great deals!
How can I learn more?
For tips about safely buying consumer electronics—and how to avoid getting stuck with outdated and insecure tech—see our related article:
On the latest episode of the Intego Mac Podcast (episode 163), we discussed how to make good choices about buying on-sale electronic devices. Be sure to subscribe to make sure you never miss the latest episode!
Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.