Online shopping safety risks and how to protect yourself
In recent years, there’s been a tremendous increase in online shopping. Major e-tailers now offer consumers more options and product selections, and brick and mortar stores offer their own online incentives to remain competitive and capture a share of the online market. Additionally, in the wake of the Covid-19 pandemic, many people have switched to shopping for items online that they used to obtain from neighborhood stores. Unfortunately, as consumer activity online has increased, so too has cybercrime – incurring financial losses for unfortunate victims.
But while internet scams and cybercrime exist, that doesn’t mean you need to avoid online shopping. Safe online shopping is possible, provided you are aware of the potential risks and take proper precautions.
Online shopping risks
Potential online shopping safety risks include:
Identity theft
This usually involves cybercriminals hacking into e-commerce websites and stealing users’ login or credit card details. It enables them to either impersonate users to make fraudulent purchases or sell personal details to other criminals online.
Fake online stores
Unfortunately, not all e-commerce sites are genuine. Scammers may set up fake websites designed to look like established, genuine retailers. They copy design and layouts and steal logos to trick unsuspecting users into thinking they are visiting a trusted website. They may offer popular clothing brands, jewelry, and electronics at low prices. Sometimes users receive the items they have paid for, but they are usually fake. Other times, users don’t receive anything at all.
Unencrypted data
Some websites don’t encrypt data. If they don’t have an up-to-date SSL certificate, they are more vulnerable to attacks. Websites whose URL starts with HTTP rather than HTTPS are not secure – which is a risk for shoppers sharing credit card details and other sensitive information with that site.
Data breaches
When you shop online, you share sensitive information with retailers, including your bank or credit card details, contact information, and address. If hackers gain unauthorized access to an e-commerce website, there is a risk that your information could be exposed in the event of a data breach.
Fake reviews
Many online shoppers read reviews before they buy. But be aware that not all online reviews are genuine. If a particular retailer has a pattern of reviews that seem too good to be true or lack detail, try to check the source and listen to your instincts.
Fake apps
Many genuine online retailers have dedicated apps. Cybercriminals sometimes try to mimic them by creating fake versions. They aim to harvest your personal information such as bank or credit card details, plus usernames and passwords.
Unsecured Wi-Fi
Unsecured Wi-Fi in public places can carry security risks. Among these is the risk of hackers positioning themselves between you and the connection point. If you carry out online shopping transactions on an unsecured Wi-Fi network, there is a risk that hackers could obtain the personal information you submit, such as your credit card details and contact information.
Adware
Adware refers to unsolicited ads that pop up on the screen when browsing the internet. Adware is a contraction of ‘advertising software’, and its purpose is to generate revenue for its owner. Adware can be legitimate but can also be used by cybercriminals for fraudulent purposes – for example, luring you to malicious websites which try to obtain your personal information. Sometimes, closing the pop-up ad by clicking on the ‘X’ symbol can itself cause an infection.
Phishing
This involves scammers sending fake emails which appear to be from a genuine retailer. The emails usually contain an attachment or a link designed to trick the receiver into clicking them – usually, doing so launches a malware infection.
Is online shopping safe?
Given these risks, it’s fair to ask the question: is it safe to shop online? For the most part, yes: online shopping is a safe activity. It can be individuals themselves and their internet and online shopping habits making it unsafe. And that is exactly what cybercriminals rely on.
They rely on you not knowing how to identify and avoid phishing emails. They rely on you to use weak passwords or the same username and password for every online account. They rely on you using public Wi-Fi to log into private accounts. Essentially, they depend on you, the consumer, not following cybersecurity best practices.
If you do fall victim to cybercriminals, it could potentially cost you much more than the cash in your bank account — it could cost you your identity, leading to a host of financial and personal problems.
There are regular stories of online fraudsters and hackers, but the truth is that cybercriminals are less likely to get hold of your credit card details over the internet than they are over the phone, through the mail, or in a restaurant. Even so, safe online shopping requires an extra measure of vigilance.
How to check if a website is safe to buy from
So, how do you tell the difference between safe online shopping sites and fraudulent ones? Here are some signs to look out for:
Check the SSL certificate
SSL stands for ‘Secure Sockets Layer’ and is an indication that a website is secure for shopping. Essentially, it’s an encryption method which websites that ask for sensitive or personal information – such as your credit card details – should have. To check that an online shopping website has an up-to-date SSL certificate, look for a padlock icon in the URL bar of your web browser, or check that the URL starts with HTTPS, not HTTP (the S stands for ‘secure’).
Look for a privacy statement
A privacy policy explains how the business collects, uses, and stores sensitive data from its customers. While laws and regulations vary worldwide, reputable online retailers should have a clear privacy statement. If they don’t, it could be a red flag.
Steer clear of deals that seem too good to be true
If a website appears to be selling designer clothes or jewelry or electronics for considerably less than the usual retail price, ask yourself if it’s too good to be true. You could be handing over money for fakes or replicas.
Look for an address and phone number
Legitimate retailers will usually have a contact number and physical address visible in either the header or footer. If you are not sure whether an online shop is genuine, one way to check is by copying and pasting their address details into a search engine to see if their location is verifiable. Fake sellers will either not provide an address or use a fake one.
Look out for spelling and grammar mistakes
Reputable brands usually try to ensure that the text and imagery on their websites are of good quality. If a website is poorly written and contains numerous spelling or grammatical mistakes, it could indicate that the seller is not genuine. Other red flags might include low-quality images, no returns policy, and the inability to leave reviews.
Check if the website accepts credit cards
Credit cards are considered one of the safest methods of making online transactions since it's easier for credit card issuers to refund money lost to fraud. Websites that don't accept credit card payments could be a cause for concern because it's more difficult for fraudulent websites to become certified by credit card companies.
Look at online reviews
While reviews can be faked, it's still helpful to look at the overall pattern of reviews from other customers when shopping online. Trusted review sites can give you a sense of how genuine a retailer is and what other customers think before you purchase.
Online shopping safety tips
Here are some tips for safe and secure online shopping:
Type the URL directly into the address bar
Scammers who send phishing emails rely on you to click the link in the email to be taken to a retailer’s ‘website’ – and the same with links on poisoned search results. Those links then lead you to cleverly designed copycat websites. So when you think you are putting your username and details into Amazon’s website, you are actually giving it to a cybercriminal.
To make sure you are visiting the actual, authentic retailer's website, it's much safer to type the retailer's URL into the address bar on your web browser. It may take a little more effort, but this simple action can help to prevent you from visiting a fake or malicious website.
Get a temporary credit card
Cybercriminals have developed sophisticated techniques and malware that can sometimes thwart your best efforts for safe online shopping. As another level of security, you can use a temporary credit card to make online purchases instead of your regular credit card. Ask your credit card company if you can be issued a temporary credit card number.
Many credit card companies will do this, enabling you to make a one-time purchase. This prevents scammers who manage to steal your credit card number from making any additional fraudulent purchases. However, avoid using these types of credit cards for purchases that require regular payments or auto-renewal.
Some banks also offer virtual credit cards. These are just like your regular card, but a random account number is generated for each purchase, preventing hackers from using the number again.
Dedicate a computer to online banking and shopping
If you have more than one computer, it may be a good idea to dedicate one for online banking and shopping only. By avoiding using the computer for any other internet browsing, downloading, checking email, social networking, and other online activities, you effectively create a ‘clean’ computer free from computer viruses and other infections.
Use a dedicated email address
Similar to creating a 'clean' computer, you can do the same with an email address. Create an email address that you will use only for online shopping. This will limit the number of spam messages you receive and reduce the risk of opening potentially malicious emails disguised as sales promotions or other notifications.
For example, if you use your dedicated online shopping email for Amazon but receive a message from Amazon in your primary email account notifying you of an issue with an order or your Amazon account, then you know it is probably a fake or malicious message sent by cybercriminals.
Manage and protect your online passwords
Using strong passwords and using a different password for each online account is one of the most important things you can do for safe online shopping. It can be challenging to remember many different passwords, especially when they comprise numerous letters, numbers, and special characters. But you can use a password manager to help. A good password manager will also encrypt passwords that would otherwise be in plain text. Some antivirus and internet security software products include password management and password security features.
Avoid using public Wi-Fi to log in to online accounts
Coffee shops, hotels, restaurants, and other public areas often provide free Wi-Fi. This can be useful for checking email, browsing the internet, and other online activities. But using public Wi-Fi to sign into a private account is a security risk. Savvy hackers could be hijacking the Wi-Fi signal or even setting up their own to trick you into using it. And they can see everything you do on your mobile device or laptop. That means if you sign in to an online banking account or retailer website, the hacker will acquire your username and password.
It’s also important to be careful when using public Wi-Fi in retail brick and mortar stores. For example, when you are in a shopping mall — about to make a purchase — understandably, you might want to check online e-tailer websites to see if they are offering better deals. But cybercriminals count on this and can intercept your data and capture your passwords, login details, and financial information. If you need to access the internet when shopping, it's safer to do so via your mobile phone network.
Use a VPN
If you absolutely must shop online while using public Wi-Fi, first install a VPN (a virtual private network). A VPN will encrypt all data transferred between your computer or mobile device and the VPN server. This means that hackers can’t intercept it, even if they have the password for the Wi-Fi network you are using. A VPN can help provide you with a safe way to shop online while on public Wi-Fi.
Stick to familiar brands you know or have heard of
Where possible, try to buy from retailers you have heard of, especially those with a good reputation. But even then, it's essential to take care – criminals often deliberately misspell the name of their fake websites to sound like a familiar brand company. If you are looking for a specialist item that is only available on an independent website, do your research before disclosing any financial information.
If you do buy from a new vendor, research it carefully
A good test is to see if you can contact the seller if the order goes wrong – look for an email, a phone number, or an address plus a returns policy. A vendor's feedback history is another indication of reliability and integrity. Online reviews can give a sense of how genuine a retailer may be.
Be alert to the kinds of information being requested
Don’t disclose any more information than is necessary to complete your purchase. Never share personal information over the phone unless you made the call, and never reply to any unsolicited request for personal information (especially passwords, credit card, or bank account numbers).
Only make payments online using safe, trusted payments methods
Whenever possible, use credit cards – your purchases will usually be insured. If you accidentally enter your credit or debit card information into a malicious website or reply to a suspicious email with that information, immediately contact your credit card company to alert them. Never send cash through the mail.
Use extra caution when using your mobile device for online purchases
Shortened URLs, often used because they are phone-friendly, can also trick you into visiting risky sites.
Always log off after online shopping
When you complete an online shopping session, always log off, especially if you share a computer with someone or if you have used a public computer (such as in an internet café) or Wi-Fi network.
Read your credit card statements
When you receive your credit card statements, go through them and check for unauthorized charges. If there is anything unusual, report it immediately. Ensure that your children do not have access to your online accounts and limit their access to your credit card and bank information.
Install antivirus or anti-malware software
Using a comprehensive antivirus will help protect you from online shopping safety threats.
Recommended products
Further reading
Here are seven things to keep in mind before scanning a QR code:
1. Fraudsters have used QR codes for years. The codes came on the scene 27 years ago when Japanese automakers used them to track parts and inventory. “Whenever a new technology or a new offering comes out, cybercriminals look for ways to manipulate it,” says Angel Grant, vice president of security for Seattle-based F5 and a certified information-systems security professional. “So we've seen criminals targeting QR codes pretty much from when they were originally put out.”
View Details See All Benefits2. When eyeballing a QR code, remember those lessons from Cybersecurity 101. Just as you should never click on suspicious hyperlinks or download fishy attachments — especially anything sent by strangers — you should avoid suspicious QR codes, which can take you to weird websites or sites that are created to look safe but are nothing but trouble.
At worst, a crook can download malware or direct you to a fraudulent website to try to steal your money, grab your personal and financial data or log-in credentials, and wreak havoc. Your online financial accounts, peer-to-peer payment apps, contacts, social media accounts and photos are among the things that could be compromised.
3. Criminals have been known to distribute fliers with malicious QR codes or to attach stickers with fraudulent codes over existing, legitimate ones in public places such as bus stops. Consider the criminal who slapped fake parking tickets on windshields and offered the supposed scofflaws the option of paying their fines by scanning QR codes, says Tracy C. Kitten, director of fraud & security for Javelin Strategy & Research. “And when you scan it, malware [malicious software] gets installed on your device to access your personal info and a whole host of other info,” Kitten says.
4. Do not trust a QR code that was supposedly emailed by a friend (whose account may have been hacked) or that appeared in a text, online post or mail piece. Instead, use a browser and visit a website using a domain name you know is legit.
QR code abuse closely aligns with phishing attacks...which within the last two to three years have gotten more sophisticated.
Tracy C. Kitten, director, fraud & security, Javelin Strategy & Research
5. Avoid using a QR code to pay a bill. There are many other payment methods that are less susceptible to fraud.
6. QR codes may seem harmless, not least because the naked eye can't detect what the codes are programmed to do. So trust your gut, Kitten advises. “If the code is stuck to the side of a napkin dispenser and looks suspect, don't use it. Ask for a menu."
7. Consider adding protection that checks for malicious or inappropriate content, advises Grant, who says many firms, including Sophos Mobile Security and Kaspersky, offer mobile products.
QR codes can come in handy
The bottom line: QR codes can be created quickly and easily, but like other tech tools highjacked by fraudsters, they also serve a legitimate purpose in commerce and everyday life.
A couple of her friends, Grant says, use QR code generators to share their Wi-Fi passwords with guests, “because when their kids’ friends come over, they're always like, ‘Hey, what's your Wi-Fi?'
Comments