Security & Privacy

Shopping online can be a convenient way to get through your holiday shopping list, but just as in the physical world, there are precautions every online shopper should take to protect personal and financial information.

For the most part, online shopping is safe—that is, if you use familiar, reputable websites. But sometimes in order to find that perfect gift you may need to stray from your usual vendors, and that may especially be the case this year, thanks to supply chain issues around the world. Because of this, you must take extra precautions to make sure that you don’t end up handing your credit card data to online fraudsters.

Threats that can thwart safe online shopping

There are a number of threats to online shoppers on Black Friday week, Cyber Monday week, and any other time of the year, including:

• Poorly secured or insecure sites could leak your personal or financial information
• Cybercriminals could steal your private data, including passwords, to break into your accounts
• Scam sites may offer deals that seem too good to be true (because they are)
• Some sites may send you spam, so you should know their policies and look for opt-out controls
• Some sites may contain malware or harmful ads

So what can you do to ensure your holiday shopping experience is safe and enjoyable? Here are seven essential cybersecurity tips to help you stay out of trouble when shopping online.

1. Shop on familiar Web sites whenever possible

There are many popular online retailers, some of which have a reputable brick-and-mortar counterpart, and others that are online-only. Amazon, Apple, Barnes & Noble, Bed Bath & Beyond, Best Buy, Costco, Fry’s Electronics, Kohl’s, Newegg, Target, and Walmart are just a handful of reputable online shopping sites.

Well-established businesses tend to face more scrutiny from legislators and consumers alike. This often means they are more likely to have higher standards for site security, and are more likely to comply with consumer privacy laws—such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR)—than some very small or lesser-known online stores.

It’s also important to be aware that some popular sites allow third parties to sell items. Scammers sometimes pose as third-party sellers to try to exploit a popular site’s reputation.

Some sites like Amazon allow third-party sellers to sell items, even if they’ve just barely created a seller account. And while some brands sell directly on eBay, most sellers are actually third parties. Be cautious about buying from third-party sellers that don’t have an established reputation. (An ideal third-party seller reputation rating on Amazon or eBay is greater than 90% positive, which may also appear as 4 ½–5 stars on Amazon. With both sites, you should also pay attention to the quantity of seller feedback to ensure the seller’s reputation isn’t artificially high due to only having a few reviews, which may potentially be fake.)

Again, if a deal seems too good to be true, or if it’s a high value item and the seller has little or no experience selling on that site (or worse yet, negative feedback), avoid buying from that seller. That said, Amazon and eBay have relatively good buyer protection measures in case you do have problems with purchases from third parties.

2. Check for fake reviews

If you shop or read reviews on Amazon, Best Buy, eBay, Sephora, Shopify, or Walmart, you may also want to check out Fakespot. With apps for iOS and Android, and browser add-ons for Firefox and Chrome, Fakespot is a handy way to analyze reviews to get another opinion about whether they might be legitimate or disreputable. Just because an item on Amazon has positive reviews doesn’t necessarily mean it’s a good product; it might be padded with spam reviews to make it look better than it really is.

Related:

How to Spot Fake Product Reviews

3. Shop safer on less-familiar sites

Sometimes you may not be able to find a particular item at the most popular online retailers, and you might be tempted to buy an item elsewhere.

If you’re unsure about the legitimacy of an online shopping site that you’ve never heard of before, try checking their ratings on sites like Trustpilot or the Better Business Bureau. If you still can’t verify that a site is legitimate, it’s safest to just avoid making the purchase, no matter how tempting the deal may be.

However, what if you’re fairly certain that a site is safe, but you still want to take an extra level of precaution? You can use a virtual credit card number (or virtual debit card number) for a one-time use transaction, or for exclusive use with a single site. Check with your credit card company or bank to find out if they offer virtual card numbers. If not, you can try a third-party service like Privacy or Revolut, where free or paid accounts allow you to use virtual credit cards.

You should also considering using Apple Pay, if you have set this up on your device. When you pay on a site with Apple Pay, that site never gets your credit or debit card number, but rather a token for that specific transaction, which protects you from subsequent malicious use of your card number.

4. Shop on secure Web sites with a privacy policy

If you know you’re shopping on a reputable site, you may not need to be quite as concerned about security and privacy. But if you’re shopping on a site you’ve never visited before, how can you know if it’s safe enough? Two basic tests it must pass include whether it uses HTTPS security, and whether it has a privacy policy.

Nearly all sites use HTTPS, meaning that the connection between you and the web server is encrypted. Most web browsers will warn you if you visit a non-secure page, especially if you try to fill out a form (which is necessary to create an account or make a purchase on a new site). Generally, if you’re connected to a secure site, you should see a small, closed-padlock icon (similar to 🔒, but usually in a single color) to the left of the address in the address bar.

Historically, you might notice that the site address would begin with “https://”, which would indicate at least a basic level of protection (the “s” stands for secure). However, some browsers like Safari no longer display the protocol portion of the address unless you click inside the address bar. If you don’t see a padlock icon, and you don’t see https:// after clicking in the address bar, then your connection to the site may not be secure.

Also, ensure that the store site contains a privacy policy. You’ll often find a link to it near the bottom of the site (in the footer), or in a menu on the site’s homepage. Consider reading or skimming the site’s privacy policy to verify that nothing looks out of the ordinary, and that they appear to take your privacy seriously.

5. Use strong, unique passwords

While some shopping sites may allow you to check out as a guest, others require you to create an account before making a purchase. You might be tempted to reuse the same password for multiple sites. However, using a unique password for every site is critically important to protecting your other accounts. Password breaches happen all the time, and if your password leaks from one site and you use it on multiple sites, your security at those other sites is also compromised.

To help you keep track of all your unique passwords, consider using a widely trusted password manager, such as 1Password, Bitwarden, Dashlane, iCloud Keychain, or Keeper.

Related:

4 Best Password Managers in 2023: How to choose the right one for you

Your passwords should also be sufficiently long and complex. Length is generally considered to be more important than complexity, so consider using passwords of at least 10–16 characters in length, or longer if you prefer (the longer, the better). However, even with a long password, it’s still a good idea to use a combination of uppercase and lowercase letters, numbers, and special characters. If you’re using a good password manager, you can often have them generate a pseudorandom password for you.

6. Avoid shopping on public Wi-Fi networks (or use a trusted VPN)

Always assume that public Wi-Fi networks are not secure, even if they seem to be. Public networks—such as you might find at a restaurant, coffee shop, hotel, library, or your dentist’s office—may not have any security at all, or may have very weak security. Either way, they could leave you vulnerable to various attacks from hackers connected to that network. Also, some companies log or monitor customers’ or users’ usage of their network.

Thus, you may want to avoid shopping or entering sensitive data (bank account information, credit or debit card details, etc.) when using the Web on a public Wi-Fi network.

The exception to this rule is if you tunnel all your network traffic through a trusted virtual private network—a VPN. Intego offers the Intego Privacy Protection VPN for Mac and Windows. Be sure to check out our featured article about VPNs to learn more about how they can protect you, and Intego’s recommended VPN providers if you want to use a VPN on iOS or Android devices, too.

Related:

Why you should use a VPN on Mac and iOS — and How To

7. Use robust personal protection software

Even if you follow all the tips above, you still need to beware of fraudulent sites that serve malware disguised as legitimate software (i.e. Trojan horse malware). You should also beware of threats that might already be lurking on your computer, unbeknownst to you. Malware such as RATs, which often include a keystroke logger, could potentially record your passwords and credit card information as you type them, and send them to a remote attacker.

Invest in a computer security suite that offers anti-virus, a two-way firewall, and other essential tools to keep you safe. Intego’s Mac Premium Bundle X9 is the best software suite for protecting your Mac, your data, and your personal information from online threats. For Windows users, Intego also offers Intego Antivirus for Windows.

8. Monitor account statements for fraudulent activity

If you’ve recently made any online transactions at sites you’d never visited before, be sure to double-check for any accidental or potentially fraudulent charges. Take a close look at your account and billing statements. Unauthorized credit card usage should be reported immediately in order to have the best chance of getting the charges reversed, and to prevent further unauthorized activity.

One more tip: you should never give your social security number to simply make a purchase from a site! Unlike credit fraud, identity theft—including a compromised social security number—is much harder to detect and properly address.

Shopping online should be secure and enjoyable, and with these cybersecurity tips you can stay safe while you shop online.

Intego’s Cyber Monday deals for 2023

Here are all of our Black Friday and Cyber Monday deal links for this year:

• First-time buyers (and past customers with expired subscriptions) can get a special discount on Intego’s Mac Premium Bundle X9.
• You can also get incredible savings on Intego Antivirus for Windows.
• And if you need a VPN to use with your Mac or Windows PC, you can get Intego Privacy Protection VPN at a great low price.

Remember to use these links to maximize your savings, and be sure to share these deals with your friends and family so they can save big as well!

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels:       

About Kirk McElhearn