Online shopping is undeniably convenient, but it also leads to billions of dollars in losses every year. Over 70% of consumers fall prey to online shopping scams across the globe. So, it's crucial to safeguard your identity and hard-earned money while buying online. 

In this handy guide to online shopping safety, you'll get to know:

  • How to spot malicious websites

  • Why it's better to avoid public Wi-Fi

  • Tips to protect your passwords

  • Ways to secure your email

  • Reasons to prefer credit cards over debit cards

  • And much more…

Let’s dive right in.

Risks of online shopping

So, how exactly are consumers put at risk while buying stuff on e-commerce platforms? Here are some of the main threats:

  • Identity theft — When buying stuff online, you inevitably expose yourself to identity theft due to sharing sensitive details like your name, address, credit card numbers, and CVV codes. If such info falls into the wrong hands through a data breach, cybercriminals can use it for fraudulent activities.

  • Fake websites and phishing scams — Scammers frequently set up phony versions of popular online stores to con unsuspecting victims into sharing their personal financial details. So, always double-check if the site you're about to buy from is legit before parting with your money.

  • Inferior products — It can be quite tricky to determine a product's quality and authenticity when shopping online, which often leads to disappointed customers.

  • Delivery issues — Sometimes, items don't turn up on time, get delivered to incorrect addresses, or even arrive damaged. These snafus can provoke frustration and require returning or exchanging the product.

  • Return and refund policies — The varying return and refund rules of different online stores can leave customers puzzled and annoyed.

To minimize these risks, follow the advice shared below.

Online shopping safety tips

Let's examine the essential safety tips for online shopping.

Use known shopping websites

The most reliable online stores are those you're familiar with and trust. If you're interested in a unique item sold only on a specific website, conduct thorough research before providing any financial information.

Increase in Amazon phishing sites

Source: The Daily Swig

Here’s how to tell if a website is secure:

  • Fake websites — Some websites impersonate real stores to trick you into sharing personal information or purchasing items. If a website’s text contains many spelling and grammar errors, it might be a scam. Poor image quality, absence of a refund policy, and missing contact information are all red flags. 

  • Secure connection — Shop only on websites that use "https" instead of "http" in the URL. The "s" signifies "secure," indicating that the website has an SSL (Secure Sockets Layer) certificate, a protocol that encrypts your connection to the site. Additionally, check for a padlock icon in the URL bar, confirming the connection is safe.

  • Privacy policy — A privacy policy informs you about the usage and protection of your personal information. Despite laws varying across countries, a trustworthy online store should have a clear privacy statement. Its absence may serve as a warning sign.

  • Return and refund policy — Understand the vendor's return and refund policy before making a purchase. This ensures you can return defective products or those not meeting your expectations.

  • Shipping fees — Outrageous shipping fees can turn a great deal into a financial setback. Verify if the seller covers your shipment and provides tracking. Also, if the delivery takes more than ten days, be cautious.

  • Counterfeit goods — Websites selling designer items at significantly reduced prices may be dealing in imitation goods. Be vigilant about such offerings.

  • Customer reviews — Check ratings and reviews on platforms like Google Places, Yelp, and BBB. Although reviews can be manipulated, identifying common themes can be informative.

  • Contact information — As the FBI states, some fraudsters use legitimate businesses' names and numbers to lend credibility to their scam websites. To verify a website's legitimacy, look for their contact information on the website's footer or contact us page.

  • Requests for sensitive information — Be wary of requests for your Social Security Number (SSN), driver's license number, or passport number. An online store doesn't need your SSN for a purchase.

  • Fake online shopping app — Shopping on your phone can be as safe as shopping online. However, only use official apps from companies like Amazon, Target, or McDonald's, and stick to recognized app stores like the App Store or Google Play.

Don’t type the website’s URL into your browser bar

Typically, avoid entering the website's address directly into your browser's address bar. A small typing mistake could lead you to a fake site. Some websites have names deliberately similar to their legitimate counterparts, intending to trick users into visiting and divulging their personal information.

What should you do when visiting a marketplace for the first time? Use Google to find the site and open it from there. To return to the site, type the initial letter or two of the site's name in the URL bar and select the correct address from the list. Bookmarking the website is another reliable option.

Don’t save payment info on e-commerce sites

Although it may expedite your purchases, storing payment information on shopping websites is risky. If an e-commerce site's security is breached, hackers could misuse your stored payment information, posing a risk to your finances and identity.

Don’t save payment info on e-commerce sites

Even with robust security measures, e-commerce sites can still fall victim to human error, such as a data breach caused by an employee's mistake or an insider threat.

To keep your financial data safe, manually enter it every time you make a purchase on a new e-commerce site or use a trusted payment service like PayPal. If you choose to store your payment information on an e-commerce site, use strong, unique passwords and two-factor authentication.

Avoid making online purchases on a shared computer or device. The reason is that they could be infected with malware like spyware, trojans, or ransomware or contain keyloggers that steal your personal information. To shop online safely, use your personal computer or mobile device protected with a VPN and strong antivirus app (more on this later). 

If you do shop on a public computer or shared device, take precautions. Log out of all accounts and clear your browsing history and cookies after use. Avoid storing personal information like credit card numbers on shared devices.

Don't use public Wi-Fi

Unsecured public Wi-Fi can easily be intercepted by hackers. Hence, resist the urge to shop online while enjoying a coffee at your local cafe. A hacker could be present in the cafe, attempting to intercept your online connection.

If you must use public Wi-Fi, encrypt your data with a VPN.

Use a VPN

VPNs safeguard data on public Wi-Fi. They make online shopping safer when using public Wi-Fi at airports, cafes, and other public places.

A VPN establishes a secure connection between your computer and the online store’s server. Nearby cybercriminals won't be able to observe what you're doing or intercept the information you send to the server. 

Use a VPN for shopping

Select a VPN service known for its strong encryption methods, no-logs policy, and global server access. ExpressVPN, PrivateInternetAccess, and CyberGhost are examples of reputable VPN service providers.

Although a VPN can deter public Wi-Fi users from monitoring your online activity, it can't guarantee absolute security. It's crucial to use strong, unique passwords.

Protect your passwords

If you frequently shop online without taking precautions, your account passwords could be stolen or guessed. However, this risk can be mitigated. Here are some tips:

  • Create strong and unique passwords. Passwords should be at least 12 characters long and include letters, numbers, and special characters. Avoid common words and personal information such as your school name or nickname.

  • Use different passwords for different accounts. Reusing passwords enables hackers to access multiple accounts. After gaining access to one account, they're able to access other accounts with the same password.

  • Use a password manager. This tool aids in creating and managing secure, unique passwords for each online store you use. It can also save time by storing and inputting passwords with a single click. Consider a password manager like Abine Blur, Bitwarden, or 1Password that can also obscure your emails, credit card information, and phone number.

  • Use multi-factor authentication. This security method requires you to enter both your password and a code sent to your phone or email. Biometrics like face or fingerprint recognition are also commonly used.

  • Provide unique answers to security questions. When setting up account recovery questions and answers, choose answers that can't be easily guessed or found online. Consider providing false answers to these security questions for added security.

Install a reliable antivirus program

Consider using a recognized antivirus program, such as Bitdefender or Norton. These tools protect your devices from malware, phishing attempts, cyberattacks, and other potential dangers. If you buy a subscription for multiple devices, it's crucial to install the antivirus on your mobile devices as well.

Many antivirus suites also provide additional features for safer online shopping, including browser extensions. These tools can protect you from fraudulent online stores and unwanted communications.

Use an antivirus when shopping online

Antivirus software can intercept and halt infections in real time when you interact with harmful links from questionable sources. Despite real-time protection, it's essential to routinely scan your devices for potential malware infections. Setting up automatic scans once a week is advisable.

We have compiled a list of antivirus software ranked from most effective to least effective to help you choose the right option for your needs.

Follow email security best practices

We receive many promotional emails advertising various products. While most go into your spam folder, several reach your inbox. Some of these emails are fraudulent and may contain harmful attachments. Here are some steps to protect yourself from suspicious email offers:

  • Set up separate email addresses for your shopping accounts. This strategy can help protect your main email account from spam and phishing attempts disguised as special offers or deals.

  • Be skeptical about unexpected emails from shopping websites. Emails that claim to be from popular stores with which you have no account are often phishing attempts. Learn more about how to protect yourself from phishing.

  • Avoid clicking on suspicious links in emails. Opening attachments or following links in suspicious emails can expose your computer to malware. Types of malware such as keyloggers or ransomware can damage your data or restrict your access to it.

  • Be cautious with emails claiming to be from delivery services. Scammers may send emails pretending to be shipping companies to trick you into entering your personal information on their counterfeit websites. Examine the email carefully and look for warning signs, such as poor grammar, poor design, and unusual-looking links.

Credit card safety tips

While banks strive to prevent as many instances of credit card fraud as possible, cybercriminals continue to find ways to steal credit card details and money. Here are some tips on how to keep your credit card information secure:

  • Use a credit card instead of a debit card. If someone steals your credit card information, they can't access your bank account. However, they can do that with a debit card.

  • Opt for a low-limit card. A low credit limit minimizes the potential damage from fraud. To dispute and recover fraudulent charges, ensure the card includes fraud protection.

  • Utilize single-use virtual cards. These are suitable for online purchases without revealing credit card data. Thieves can't use the card because it expires after one use. Some virtual cards can be locked to a particular retailer to prevent misuse in case of a breach.

  • Choose an online payment app. Use a third-party payment service such as PayPal or Apple Pay to reduce the risk of credit card fraud and protect your financial information.

  • Monitor your bank statements. Review your bank and credit card statements weekly for unauthorized purchases.

  • Don't share credit card information with children. To ensure your children can't access your online accounts, don't share your credit card and banking details with them.

Keep a record of your purchases

After making a purchase, store the relevant information safely. This includes the receipt, the order confirmation number, and the tracking number provided by the seller. Keeping this data handy can be helpful if there's an issue with the order.

Be wary of amazing discounts 

According to the U.S. Federal Trade Commission (FTC), losses from social media fraud involving investment scams, romance scams, and online shopping fraud amounted to $770 million in 2021.

Online discount scams

Discounts that appear too good to be true should be approached with caution, whether found in emails, social media posts, or websites. Scammers often use alluring but bogus discounts and gift cards to entice victims into sending money or personal information.

Similarly, if you receive a notification claiming you've won a prize or are eligible for a gift, be skeptical. It's potentially a phishing attempt.

Be cautious of pop-up ads on shopping websites

Pop-up ads featuring product deals could be a trap to lead you to phishing websites or to extract your personal information. These ads may sometimes contain harmful adware, so it's best not to click on them.

To mitigate this risk, consider using a pop-up blocker. Alternatively, use a web browser that includes an integrated pop-up blocker. All major browsers have a built-in option to block pop-ups.

For instance, to activate this feature in Google Chrome, navigate to Settings > Security > Site Settings > Pop-ups and redirects.

Chrome pop-ups and redirects

Be alert to brushing scams

A brushing scam occurs when a seller sends unrequested goods to an individual's address. The items are usually inexpensive, such as cheap phone cases, jewelry, or electronics.

The seller then fabricates reviews of these items under the recipient's name, making it appear as if the person who didn't request the items purchased them. The scammers' objective is to improve their ranking and sales on the targeted marketplace, such as Amazon.

If you receive an item you didn't order in the mail, do not pay for it, and do not fall for a scam if the sender contacts you. Remember, unsolicited merchandise is legally yours to keep.

How to report scammers

If you fall victim to a scam while shopping, it's essential to alert the relevant authorities promptly. Swift action increases your chances of recovering any lost money and prevents further harm.

Here are some steps to report shopping scammers:

  • Contact the seller or website. If you've been scammed, inform the seller or the website where you made the purchase and request a refund. Document all your emails and phone calls.

  • Reach out to your bank or credit card company. If the retailer doesn't refund you, contact your bank or credit card company to report the scam and request a chargeback.

  • File a complaint with the FTC. The Federal Trade Commission (FTC) is the principal U.S. organization that safeguards consumers from scams and deceptive business practices. Visit the FTC's website to lodge a formal complaint.

  • Report the scam to other agencies. It may also be necessary to report the scam to the Better Business Bureau (BBB) or the Internet Crime Complaint Center (IC3).

  • Warn others. You can help prevent others from falling for the same scam by alerting them, sharing information on social media, or leaving a review on the website where the scam occurred.

Key takeaways for safe online shopping

In conclusion, here's a list of practical steps to ensure a safe online shopping experience:

  • Shop on known and trustworthy websites and learn how to verify a website's safety.

  • Don't save payment information on e-commerce websites to avoid theft.

  • Avoid using public computers to protect your data from being stolen.

  • Don't use public Wi-Fi to protect your connection from being intercepted by hackers.

  • Use a Virtual Private Network (VPN) to encrypt your internet connection.

  • Secure your passwords to protect against password and identity theft.

  • Install antivirus software to protect your computer from malware.

  • Safeguard your email from shopping scams and learn how to spot phishing attempts.

  • Adhere to credit card safety measures to prevent fraud and theft.

  • Keep a record of purchases, which is necessary in the event of credit card fraud.

  • Approach amazing deals that seem too good to be true with caution — they could be scams.

  • Be careful with pop-up ads — they often lead to harmful sites and adware.

  • Be alert to brushing scams, and don't pay for unsolicited packages.

  • Learn how to report scammers if you suspect you've been a victim of a shopping scam.

Octav Fedor (Cybersecurity Editor)

Octav is a cybersecurity researcher and writer at AntivirusGuide. When he’s not publishing his honest opinions about security software online, he likes to learn about programming, watch astronomy documentaries, and participate in general knowledge competitions.