A Security Awareness Nerd’s Safe Online Shopping Checklist

The online shopping season will be on us before you know it, and so will the scams. Here’s a checklist for shopping with cybersecurity in mind.

I’m not a betting man, but here’s a bet I’d be willing to take: even if you’ve never shopped online, you will this holiday season.

But that’s an easy bet, isn’t it?

For reasons that scarcely merit mention, we will likely see the biggest online shopping season EVER this holiday season (not in size, perhaps, but in percent of shopping done online). Not only will more people shop online than ever before, but many more of them (the ones who used to rush the stores at midnight, I’m guessing) will be shopping online for the first time.

If you think it’s holiday season for you, think of the joy this season will bring to cybercriminals!

A Holiday for Scammers

After all, they get to prey on all manner of human vulnerabilities that come to the fore during the holiday season: guilt, urgency, excitement, a frenzy for deals (what’s the German word: Bargenfrenziefreude?), FOMO, all mixed up with the weirdness of family gatherings in a time when gathering has become a dirty word.

Add to this a bunch of new online shoppers who don’t know the basics about avoiding scams, and it’s going to be wild.

But you’re not looking for wild, are you? You want nice gifts, at good prices, delivered to your home, and no messy untangling of scams after the fact. If that’s what you’re after, here’s my simple checklist of best practices for holiday shopping—each with a very brief description. At the end, I’ve listed some good resources to learn more.

Holiday Shopping Scam Prevention Checklist

Update Your Software

Most software updates improve the security of your browser, your apps, and your operating system, so update regularly to let your software work for you.

Beware of the Special Offer

Email or social media messages offering “deals” or “special pricing” may seem tempting, but beware if these take you anywhere but the main access point for the retailer. After all, if you saw a guy standing outside a store offering a special price, you wouldn’t take it—you’d walk in the front door.

Watch Out for Fake Order Confirmations and Shipping Notices

If the shipper doesn’t announce who they are, you can be sure they’re fake. You might consider creating accounts at the major shippers (FedEx, UPS, USPS) so that you control your shipping notifications.

Use Unique Passwords or “Guest Access” for Every Site

Using the same password from site to site is a recipe for turning a single instance of fraud into a major problem, so create a unique password for places you shop regularly and use “guest access” for single-use visits.

Use Your Credit Card (or Other Payment Method with Fraud Protection)

Take advantage of the fraud protection provided by credit card issuers, and never enter your banking account information directly, or comply with requests for non-recoverable payments like money transfers, pre-paid gifts cards, or bank-to-bank transfers. Debit cards are also protected from fraud, but the process to recover your money may take longer.

Monitor Your Accounts and Statements

If there’s a fraudulent charge on one of your accounts, it’s likely the first place you’ll know of it is on your account statement, so make a habit of checking it regularly and resolving any issues you find.

Use Secure Sites

If the website you’re buying from doesn’t begin with https:// and show a padlock in the URL, they are not encrypting your information: shop somewhere else.

Be Careful with Gift Cards

Gift cards are a fine solution for the person you just can’t please—but be sure you’re buying the gift card from a reputable source.

Be Cautious with Shopping Apps

Just like websites, apps can be spoofed or copied, so if you want to use a shopping app, get it from a legit source and limit the information you share with it.

Beware Bogus Charities or Appeals to Holiday Distress

This one isn’t about shopping, but it is about not getting suckered! People’s hearts open during the holidays—and cybercriminals are happy to take advantage by pulling on your heartstrings to get you to give money to fake charities or to fund made-up calls for help. As always, do your research to check for legitimacy.

Not That Scary

You may see a long list of cautions and conclude that online shopping is scary. It’s really not. If you were preparing to drive your car in icy conditions or to ride a bike in a new city, you might prep with a similar list of precautions—and then enjoy the experience.

The truth is that online shopping—just like every experience of the digital world—requires a level of skepticism and awareness. If you keep your wits about you, this could be your most stress-free and pleasant holiday shopping season ever.

Selected Safe Shopping Resources:

Government Agencies:

FBI (Federal Bureau of Investigations):

Avoid Holiday Shopping Scams

You Better Look Out for Holiday Scams!

Cybersecurity & Infrastructure Service Agency (part of the Department of Homeland Security):

Holiday Online Shopping

Shopping Safely Online (updated annually)

Black Friday Shopping: Protect Your Identity

Credit Cards:

VISA: https://usa.visa.com/support/consumer/security.html

Mastercard: https://www.mastercard.us/en-us/personal/get-support/zero-liability-terms-conditions.html

American Express: https://www.americanexpress.com/us/security-center/

You can also expect that trusted major newspapers, organizations, and other companies involved in retail will soon release this year’s version of advice that is, in some ways, evergreen. Here are some examples, but it’s just a start:

The New York Times: https://www.nytimes.com/wirecutter/blog/safe-online-shopping/

AARP: https://www.aarp.org/home-family/personal-technology/info-2019/safer-online-holiday-shopping.html

Wired Magazine: https://www.wired.com/story/how-to-avoid-black-friday-scams-online/

IDWatchDog: https://www.idwatchdog.com/holiday-shopping-scams/


Like What You Read?

Check out more content from Tom Pendergast on his blog Confessions of an Awareness Nerd.

Explore the Blog

Share this Post