This blog was originally published in 2018. It has been updated to reflect current guidance.
It’s no secret that cybercriminals look for easy targets. With Black Friday, Cyber Monday and the e-commerce-heavy holiday season in general, there is no shortage of opportunities for criminals to benefit when not-so-safe online shoppers let their guard down. The COVID-19 pandemic had experts predicting huge numbers of people shopping online this year – and they were right. According to Adobe, Cyber Monday of 2020 broke records and took the title of being the biggest e-commerce shopping day EVER in the United States.
This time of year can be stressful – especially in 2020. Retailers create high-pressure situations and prey on emotions to drive holiday sales. We all know this, and so do cybercriminals. Attackers bank on it, because they know that the fast-paced holiday sales and limited-time offers can persuade even the savviest shopper to be less cautious than normal about the information they’re revealing. The lure of avoiding the crowds and snagging unprecedented deals is just too good to pass up.
Don’t worry, you don’t need to stop shopping. Read on for a list of ways you can enjoy the wonders of the Internet while adopting safe online shopping habits this holiday season.
Top 5 tips for safe online shopping
- Beware of phishing scams
- Avoid unknown retailers
- Protect your information
- Monitor your credit and bank accounts
- Ship to a secure location
1. Beware of phishing
Phishing is a hugely popular tactic used by hackers and other cybercriminals to steal sensitive information, make fraudulent transactions, and hack accounts using stolen credentials. Over the past few years there has been an increase in shopping related phishing attacks.
These types of attacks will most likely appear to be from a recognizable retailer or one of your financial institutions. They can include anything from a fake issue with a recent order to a billing problem that requires you to re-enter your financial information or shipping address.
Take a critical look at every email you receive. Look for issues with the address, such as numbers or letters that shouldn’t be there. Compare suspicious messages to emails you KNOW are legitimate that you have received from that company previously. Hover over links to make sure they’re directing you to the real website, and when in doubt, manually access the website by typing the main URL into your browser. Pause to ask yourself if you’ve actually made a recent purchase with that retailer, or whether it’s just a popular company that many people are likely to have shopped at in the past – hackers use that trick to get people to click on the email without thinking.
The bottom line, is you can’t be too careful. It’s a lot easier to prevent disaster before you click than after.
2. Avoid unknown retailers
This isn’t to say every new store is bad, but there are a lot of pop-up sites designed to steal money over the holiday season. These sites try to trick shoppers by offering the latest technology, gadget or toy. Whether it’s a purchase of $5 or $500, don’t be misled.
Look for authorized retailers for the items you want to purchase by visiting the brand’s website. Make sure that any site you’ll be shopping from is secure. Search the Better Business Bureau or other online reviews when in doubt.
Most of all, if it seems too good to be true, it probably is.
3. Protect your information
This is a big one – but it’s also a broad topic. There are several different things you can do to protect your information for safe online shopping, but here are a few that make a big difference.
- Passwords: We’re always talking about the importance of good passwords – and online shopping is no exception. The best thing you can do is make sure you don’t reuse passwords. Each site or app should have a unique password. Make sure your credentials are complex and you have changed any passwords that could have been involved in any breaches. Use longer passwords, passphrases and complex characters to ensure your password is difficult to crack.
- MFA: Enable multi-factor authentication (MFA) on any shopping or financial sites that allow it. Requiring an attacker to take an extra step to authenticate can make the difference between a hacking attempt and a successful attack. Many credit cards, financial websites, social media, apps and shopping sites (thank you, Amazon!) have this option now.
- WiFi: Don’t complete any transactions over public or free Wi-Fi. The deal can wait, trust me! It’s not worth exposing your information over an unsecured network. Use a VPN or wait until you’re on a secured network.
- Financial Information: If you get calls or emails purporting to be from your bank or credit card, don’t automatically trust them. Call the number on the back of your card and ask to speak to the Fraud Department if you suspect a notification you received isn’t legitimate. P.S. I’ve done this before and the representatives almost never get upset. If someone starts getting angry with you for wanting to verify a request, that’s a huge red flag that it might be fraud.
4. Monitor your credit, bank and shopping accounts
Many transactions are completed electronically these days, so it’s easy to get a real-time view of your financial accounts. During the holidays, keep a close eye on any connected payment accounts, credit cards or apps used to make purchases. Even if you still receive paper statements in the mail, do you really want to wait until the end of the billing statement to catch fraudulent activity?
Another thing you can do is enable Multi-Factor Authentication (MFA) on your financial accounts, shopping accounts and even shipping accounts such as UPS and FedEx, requiring you to use more than just a password to log in. For more on MFA, check out this blog.
Most financial institutions will encourage you to set alerting thresholds, generating a notification if someone attempts to authorize a charge over a certain pre-determined amount.
Being vigilant and catching issues quickly is the best way to stop damage in its tracks.
5. Ship to a secure location
Ah yes, “porch pirate” season is back. Remember the stories from the last few years of criminals stealing packages off of people’s porches, out of their driveways and even mailboxes? Tis the season, unfortunately.
There are a few ways to combat this, and your local law enforcement community may be able to help. Some police departments allow residents to safely ship packages to their building and pick them up there. Check with your local police department to see if this option is available to you. Alternately, services such as Amazon Locker allow you to choose and designate your pickup location. Another great option is using the “Ship to Store” or Curbside Pickup features that many retailers have.
Sure, it’s not quite as convenient, but neither is a stolen package!
Happy Safe Online Shopping!
This isn’t a comprehensive list of all the things you can do for safe online shopping (although we do have that). However, following these tips will help you safely shop this holiday, wherever you are. From all of us at ADNET, we wish you a safe and healthy holiday season!
Original publish date: November 22, 2018
Updated publish date: December 11, 2020