There’s every reason in the world to shop online. The bargains are there. The selection is mind-boggling. The shopping is secure. Shipping is fast. Even returns are easy, with the right e-tailers. Shopping has never been easier or more convenient for consumers. And in the age of COVID, it’s safer than going out even if you’re fully masked and gloved.
But what about the bad guys? It happens. The FBI’s own Internet Crime Complaint Center (IC3) says the number one cybercrime of 2019 in half the 50 states was related to online shopping: non-payment for or non-deliver of goods purchased.
Stay calm. While somewhat alarming, these stats should not keep you from shopping online. You simply need to use some common sense and follow practical advice. Here are basic guidelines; use them and you can shop with confidence.
Start at a trusted site. Search results can be rigged to lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it’s less likely to be a rip-off. We all know Amazon.com carries everything under the sun; likewise, just about every major retail outlet has an online store, from Target to Best Buy to Home Depot. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example) — those are the oldest tricks in the book. Yes, sales on these sites might look enticing, but that’s how they trick you into giving up your info. (Photo by Quinn Rooney/Getty Images)
Never buy anything online using your credit card from a site that doesn’t have SSL (secure sockets layer) encryption installed — at the very least. You’ll know if the site has SSL because the URL for the site will start with HTTPS — instead of just HTTP. An icon of a locked padlock will appear, typically to the left of the URL in the address bar or the status bar down below; it depends on your browser. HTTPS is standard now even on non-shopping sites, enough that Google Chrome flags any page without the extra S as “not secure.” So a site without it should stand out even more.
No online shopping e-tailer needs your Social Security number or your birthday to do business. However, if crooks get them and your credit card number, they can do a lot of damage. The more scammers know, the easier it is to steal your identity. When possible, default to giving up as little personal data as possible. Major sites get breached all the time.
Abine’s Blur is a browser add-on that acts as a basic password manager and oh so much more. For $39 a year, it’ll let you shop without revealing anything about your actual self — no emails, phone numbers or even credit card numbers. It’s one of the most impressive online privacy solutions we’ve ever seen. Read our full review.
We once asked PCMag readers if they frequently changed their passwords. Eleven percent claimed they did it every day, but those people are either paranoid, liars, or paranoid liars. The vast majority only change a password to protect privacy a few times a year (27 percent) or more likely, never (35 percent).
If you’re going to be like the latter group, we will again beat this dead horse about making sure that you utilize uncrackable passwords. It’s never more important than when banking and shopping online. Our old tips for creating a unique password can come in handy during a time of year when shopping around probably means creating new accounts on e-commerce sites.
Even your perfect password isn’t perfect. The smarter move: use a password manager to create uncrackable passwords for you. It will keep track of them and enter them, so you don’t have to think about it.
Don’t wait for your bill to come at the end of the month. Go online regularly, especially during the holiday season, to view electronic statements for your credit card, debit card, and checking accounts. Look for any fraudulent charges, even originating from payment sites like PayPal and Venmo. (After all, there’s more than one way to get to your money.)
You should definitely only buy online with a credit card. If your debit card is compromised, scammers have direct access to your bank funds. Any seller that wants a different kind of payment, like wired money, is a big red flag. The Fair Credit Billing Act ensures that if you get scammed, you are only responsible for up to $50 of credit card charges you didn’t authorize. There are protections even if you’re not happy with a purchase you did make.
If you see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only when you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems, however; after that, you might be liable for the charges anyway.
Swindlers don’t sit around waiting for you to give them data; sometimes they give you a little something extra to help things along. You need to protect against malware with regular updates to your antivirus program. Better yet, pay for a full-blown security suite, which will have antivirus software, but also will fight spam, spear-phishing emails, and phishing attacks from websites (the latter two try and steal your personal info by mimicking a message or site that looks legit). Remember, it’s not enough to have it installed. Make sure your anti-malware tools are always up to date. Otherwise, they can let in any new threats — and there are always new threats.
If you’re shopping via a public hotspot, stick to known networks, even if they’re free, like those found at Starbucks or Barnes & Noble stores. Any of the providers in our roundup of the Fastest Free Nationwide Wi-Fi can generally be trusted, but you should probably also use a virtual private network (VPN) to be safe (here’s why).
For more, read our Tips for Public Wi-Fi Hotspot Security.
What about using your own laptop to shop while you’re out? It’s one thing to hand over a credit card to get swiped at the checkout, but when you have to enter the credit card number and expiration date and 3-digit code on the back into a shopping site while sitting in a public cafe, you’re giving an over-the-shoulder snooper plenty of time to see the goods. Think like a gangster: Sit in the back, facing the door. Use sites that you trust that already have your credit card stored, so you don’t have to pull it out for more than a latte. Better yet: stay home when online shopping.
There’s no real need to be any more nervous about shopping on a mobile device than online. Simply use apps provided directly by the retailers, like Amazon and Target, even McDonalds or Chipotle. Use the apps to find what you want and then make the purchase directly, without going to the store or the website.
Paying for items using your smartphone is pretty standard these days in brick-and-mortar stores, and is actually even more secure than using your credit card. Using a mobile payment app like Apple Pay generates a one-time-use authentication code for the purchase that no one else could ever steal and use. Plus, you’re avoiding card skimmers — hell, you don’t even need to take your credit card with you if you only go places that accept phone-based payments. How does that matter if you’re online shopping? Many a phone app will now accept payment using Apple Pay and Google Pay. You just need your fingerprint, face, or passcode to make it happen instantly.
When it comes to gift cards, stick to the source when you buy one; scammers like to auction off gift cards on sites like eBay with little or no funds on them. There are many gift card “exchanges” out there that are a great idea — letting you trade away cards you don’t want for the cards that you do — but you can’t trust everyone else using such a service. You might get a card and find it’s already been used. Make sure the site you’re using has a rock-solid guarantee policy. Better yet, simply go directly to a retail brick-and-mortar store to get the physical card.
If you’re wary of a site, perform your due diligence. The Better Business Bureau has an online directory and a scam tracker. Yelp and Google are full of retailer reviews. Put companies through the wringer before you plunk down your credit card number. There’s a reason that non-delivery/non-payment is the most common cybercrime complaint: it hurts when that happens, financially and emotionally.
That said — online reviews can be gamed. If you see nothing but positive feedback and can’t tell if the writers are legitimate customers, follow your instincts.
If nothing else, make absolutely sure you’ve got a concrete address and a working phone number for the seller. If things go bad, you have a place to take your complaint. In fact, call them before you order so you can clarify a return policy and where to go with any issues after the purchase.
Don’t be embarrassed if you get taken for a ride while online shopping. Instead, get very, very mad. Complain to the seller. If you don’t get satisfaction, report it to the Federal Trade Commission, your state’s attorney general, even the FBI. That’s probably going to work best if you buy in the US, rather than with foreign sites. If you’re going to get scammed, try to get scammed locally … or at least domestically.