Online shopping has revolutionized the way we purchase goods, offering convenience and accessibility like never before. However, with these benefits come risks, primarily in the form of cybercriminals who exploit unsuspecting shoppers. Practicing good cyber hygiene is essential to ensure a safe online shopping experience. Here, we’ll discuss the best practices for safe online shopping and highlight examples of bad actors to avoid.

safe practices for online shopping

Understanding the Threats

In the realm of online shopping, cybercriminals employ a variety of strategies to compromise sensitive information:

  • Phishing Emails: Deceptive emails designed to mislead a person into revealing sensitive information.
  • SMiShing Texts: Similar to phishing but conducted via SMS, these messages may direct a person to malicious websites or prompt them to download malware.
  • Fake Websites: Often used in conjunction with the 2 previously mentioned attacks, bad actors may create a website that mimics legitimate retailers to steal money and personal data.

These threats are not just limited to the direct interactions mentioned above. Cybercriminals are continuously developing new tactics to infiltrate one’s security, such as using compromised ads on legitimate sites or directing them to fraudulent payment gateways.

Why They Work

The success of online shopping scams is largely due to their exploitation of human psychology and trust. For example:

The Too-Good-To-Be-True Flash Sale: Scammers use this tactic to create a sense of urgency, pushing you to make impulsive decisions spurred by the fear of missing out (FOMO) on a great deal. They may claim to offer a high-end product at an extremely low price.

The Holiday Phishing Scam: These scams increase during festive periods when shoppers are more active online. Emails that appear to come from well-known delivery companies or online retailers ask for personal details or advance payments, playing on the trust shoppers have in these familiar entities.

The Gift Card Scam: An unsuspecting individual may receive a message claiming they have won a gift card. This may even happen while browsing on known retail sites, an advertisement may pop-up congratulating the individual on their “fortune”. Here, the promise of freebies is used to lure shoppers into providing personal information to “claim their gift” or making purchases on fraudulent sites.

These tactics are particularly effective because they mirror the look and feel of legitimate promotional activities, making them harder to distinguish from real offers.

Safe Practices

To defend yourself while engaging in online shopping, adopt the following practices:

  • Verify Website URLs: Always check the URL or address of websites. Secure websites start with “https://” and often include a padlock icon in the address bar. However, this should not be the only indicator…always be skeptical of URLs that contain slight spelling errors or unusual domains, as these are common indicators of fraudulent sites. If you are still unsure, you can use online link checkers like urlscan.io or urlvoid.com. These sites can scan and verify the link for you to protect you from malicious and illegitimate websites.
  • Scrutinize Deals: If an offer seems too good to be true, it likely is. Verify such deals by visiting the retailer’s official website directly rather than clicking on a potentially dangerous link.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized charges. Quick detection can limit damage and facilitate the resolution process.
  • Be Wary of Public Wi-Fi: Avoid making purchases or accessing sensitive accounts over public Wi-Fi networks. If necessary, use a VPN to secure your connection.
  • Strengthen Your Security: Utilize strong, unique passwords for each online account and enable multi-factor authentication (MFA). MFA will make it much more difficult for cybercriminals to gain access even if they manage to obtain your password. If possible, the use of a Passkey may provide an even stronger layer of security.
  • Lock Your Accounts: In the USA you can lock down all 3 credit bureaus by freezing your accounts for free. This is a good practice to stop any thieves from using your identity for purchases or opening new lines of credit.

Conclusion

By understanding the strategies employed by cybercriminals and adhering to best practices in online security, you can significantly reduce the risks associated with online shopping. Stay informed about the latest scam tactics, remain vigilant about your online activities, and prioritize your cybersecurity. With these measures in place, you can enjoy the benefits of online shopping without falling prey to pitfalls.

Written by
Josten Peña
Human Risk Analyst
Social-Engineer, LLC