Security & Privacy

7 essential tips to stay safe shopping online, Cyber Week and all year

Posted on November 29th, 2020 by and

Cyber Monday

Shopping online can be a convenient way to get through your holiday shopping list, but just as in the physical world, there are precautions every online shopper should take to protect personal and financial information.

For the most part, shopping online is safe—that is, if you use familiar, reputable websites. But sometimes in order to find that perfect gift you may need to stray from your usual vendors, and that means you must take extra precautions to make sure that you don’t end up handing your credit card data to online fraudsters.

Threats that can thwart safe online shopping

There are a number of threats to online shoppers on Black Friday week, Cyber Monday week, and any other time of the year, including:

  • Poorly secured or unsecure sites that could leak your personal or financial information
  • Cybercriminals could steal your private data, including passwords, to break into your accounts
  • Scam sites may offer deals that seem too good to be true (because they are)
  • Some sites may send you spam, so you should know their policies and look for opt-out controls
  • Some sites may contain malware or harmful ads

So what can you do to ensure your holiday shopping experience is safe and enjoyable? Here are seven essential cybersecurity tips to help you stay out of trouble when shopping online.

1. Shop on familiar Web sites whenever possible

Amazon LogoThere are many popular online stores, some of which have a reputable brick-and-mortar counterpart, and others that are online-only. Amazon, Apple, Barnes & Noble, Bed Bath & Beyond, Costco, Fry’s Electronics, Kohl’s, Newegg, Target, and Walmart are just a handful of reputable online shopping sites.

Well-established businesses tend to face more scrutiny from legislators and consumers alike. This often means they are more likely to have higher standards for site security, and are more likely to comply with consumer privacy laws such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR), than some very small or lesser-known online stores.

Also, be aware that some sites like eBay and Amazon allow third-party sellers to sell items, even if they’ve just barely created a seller account. Be cautious about buying from third-party sellers without an established reputation. Again, if a deal seems too good to be true, or if it’s a high value item and the seller has zero experience selling on that site (or worse yet, negative feedback), avoid buying from that seller.

2. Shop safer on less-familiar sites

Sometimes you may not be able to find a particular item at the most popular online retailers, and you might be tempted to buy an item elsewhere.

If you’re unsure about the legitimacy of an online shopping site that you’ve never heard of before, try checking the site’s ratings on sites like Trustpilot or the Better Business Bureau. Then if you still can’t verify that a site is legitimate, it’s safest to just avoid making the purchase, no matter how tempting the deal may be.

However, what if you’re fairly certain that a site is safe but still want to take an extra level of precaution? You can use a virtual credit card number (or virtual debit card number) for a one-time use transaction, or for exclusive use with a single site. Check with your credit card company or bank to find out if they offer virtual card numbers. If not, you can try a third-party service like Privacy, where a free personal account allows you to create up to 12 virtual credit cards per month, with paid tiers if you want more virtual cards than that.

3. Shop on secure Web sites with a privacy policy

Generally, if you’re connected to a secure site, you should see a small, closed-padlock icon (similar to 🔒, but usually in a single color) to the left of the address in the address bar.

Historically, you might notice that the site address would begin with “https://”, which would indicate at least a basic level of protection—the “s” stands for secure! However, in many modern browsers, you’ll no longer see the protocol portion of the address unless you click inside the address bar. If you don’t see https:// after clicking there, and you don’t see a padlock icon, then your connection to the site may not be secure.

Look for a padlock icon. You may also see https:// if you click in the address bar.

Also, ensure that the store site contains a privacy policy. You’ll often find a link to it near the bottom of the site (in the footer), or in a menu on the site’s homepage. Consider reading or skimming the site’s privacy policy to verify that nothing looks out of the ordinary, and that they appear to take your privacy seriously.

4. Use strong, unique passwords

Using a unique password for every site is critically important to protecting your other accounts. Consider that password breaches happen all the time, and if your password leaks from one site and you use it on multiple sites, your security at those other sites is also compromised.

To help you keep track of all your unique passwords, consider using a widely trusted password manager, such as 1Password, Dashlane, iCloud Keychain, Keeper, or LastPass.

Related:

How to Choose the Right Password Manager for You

Your passwords should also be sufficiently long and complex. Length is generally considered to be more important than complexity, so consider using passwords of 10–16 characters in length, or longer if you prefer (the longer, the better). However, even with a long password, it’s still a good idea to use a combination of uppercase and lowercase letters, numbers, and special characters. If you’re using a good password manager, you can often have them generate a pseudorandom password for you.

5. Avoid public Wi-Fi networks (or use a trusted VPN)

Always assume that public Wi-Fi networks are not secure, even if they seem to be. Public networks—such as you might find at a restaurant, coffee shop, hotel, library, or your dentist’s office—may not have any security at all, or may have very weak security. Either way, they could leave you vulnerable to various attacks from hackers connected to that network. Also, some companies log or monitor customers’ or users’ usage of their network.

Thus, you may want to avoid shopping or entering sensitive data (bank account information, credit or debit card details, etc.) when using the Web on a public Wi-Fi network.

The exception to this rule is if you tunnel all your network traffic through a trusted virtual private network—a VPN. Be sure to check out our featured article about VPNs to learn more about how they can protect you, and Intego’s recommended VPN providers.

Related:

Why you should use a VPN on Mac and iOS — and How To

6. Use good protection software

Invest in a computer security suite that offers anti-virus, a two-way firewall, and other essential tools, like Intego’s Mac Premium Bundle X9, to protect your data and your computer from online threats. Intego also offers Windows antivirus protection. (See below for special links to our Cyber Week 2020 deals!)

If you shop or read reviews on Amazon, Best Buy, Sephora, Steam, TripAdvisor, Walmart, or Yelp, you may also want to check out Fakespot. They have an iOS app and a Chrome browser add-on, and it’s very handy for analyzing reviews to get another opinion about whether they might be legitimate or disreputable. Just because an item on Amazon has positive reviews doesn’t necessarily mean it’s a good product; it might be padded with spam reviews to make it look better than it really is.

7. Monitor account statements for fraudulent activity

After making online transactions at sites you haven’t visited before, be sure to double-check for any accidental or potentially fraudulent charges. Take a close look at your account and billing statements. Unauthorized credit card usage should be reported immediately in order to have the best chance of getting the charges reversed, and to prevent further unauthorized activity.

You should never give your social security number to simply make a purchase from a site! Unlike credit fraud, identity theft including a compromised social security number is much harder to detect and properly address.

Shopping online should be secure and enjoyable, and with these cybersecurity tips you can stay safe while you shop.

Intego’s Cyber Week deals for 2020

Intego X9 software boxesIf you happen to read this by December 5, 2020, first-time buyers (and past customers with expired subscriptions) can get a very special discount on Intego’s Mac software: up to 65% off Mac Premium Bundle X9—the ultimate Mac protection and utility suite.

You can also get a discount on Intego Antivirus for Windows. Remember to use these links to maximize your savings, and be sure to tell your Mac and PC using friends about these great deals!

How can I learn more?

For tips about safely buying consumer electronics—and how to avoid getting stuck with outdated and insecure tech—see our related article:

Caution! These Black Friday “deals” may be bad for your security

On the latest episode of the Intego Mac Podcast (episode 163), we discussed how to make good choices about buying on-sale electronic devices. Be sure to subscribe to make sure you never miss the latest episode!

Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.

And make sure you’re following Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos).

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher, writer, and public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 20 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on Twitter. View all posts by Joshua Long →