A Security Awareness Nerd’s Safe Online Shopping Checklist
I’m not a betting man, but here’s a bet I’d be willing to take: even if you’ve never shopped online, you will this holiday season.
But that’s an easy bet, isn’t it?
For reasons that scarcely merit mention, we will likely see the biggest online shopping season EVER this holiday season (not in size, perhaps, but in percent of shopping done online). Not only will more people shop online than ever before, but many more of them (the ones who used to rush the stores at midnight, I’m guessing) will be shopping online for the first time.
If you think it’s holiday season for you, think of the joy this season will bring to cybercriminals!
A Holiday for Scammers
After all, they get to prey on all manner of human vulnerabilities that come to the fore during the holiday season: guilt, urgency, excitement, a frenzy for deals (what’s the German word: Bargenfrenziefreude?), FOMO, all mixed up with the weirdness of family gatherings in a time when gathering has become a dirty word.
Add to this a bunch of new online shoppers who don’t know the basics about avoiding scams, and it’s going to be wild.
But you’re not looking for wild, are you? You want nice gifts, at good prices, delivered to your home, and no messy untangling of scams after the fact. If that’s what you’re after, here’s my simple checklist of best practices for holiday shopping—each with a very brief description. At the end, I’ve listed some good resources to learn more.
Holiday Shopping Scam Prevention Checklist
Update Your Software
Most software updates improve the security of your browser, your apps, and your operating system, so update regularly to let your software work for you.
Beware of the Special Offer
Email or social media messages offering “deals” or “special pricing” may seem tempting, but beware if these take you anywhere but the main access point for the retailer. After all, if you saw a guy standing outside a store offering a special price, you wouldn’t take it—you’d walk in the front door.
Watch Out for Fake Order Confirmations and Shipping Notices
If the shipper doesn’t announce who they are, you can be sure they’re fake. You might consider creating accounts at the major shippers (FedEx, UPS, USPS) so that you control your shipping notifications.
Use Unique Passwords or “Guest Access” for Every Site
Using the same password from site to site is a recipe for turning a single instance of fraud into a major problem, so create a unique password for places you shop regularly and use “guest access” for single-use visits.
Use Your Credit Card (or Other Payment Method with Fraud Protection)
Take advantage of the fraud protection provided by credit card issuers, and never enter your banking account information directly, or comply with requests for non-recoverable payments like money transfers, pre-paid gifts cards, or bank-to-bank transfers. Debit cards are also protected from fraud, but the process to recover your money may take longer.
Monitor Your Accounts and Statements
If there’s a fraudulent charge on one of your accounts, it’s likely the first place you’ll know of it is on your account statement, so make a habit of checking it regularly and resolving any issues you find.
Use Secure Sites
If the website you’re buying from doesn’t begin with https:// and show a padlock in the URL, they are not encrypting your information: shop somewhere else.
Be Careful with Gift Cards
Gift cards are a fine solution for the person you just can’t please—but be sure you’re buying the gift card from a reputable source.
Be Cautious with Shopping Apps
Just like websites, apps can be spoofed or copied, so if you want to use a shopping app, get it from a legit source and limit the information you share with it.
Beware Bogus Charities or Appeals to Holiday Distress
This one isn’t about shopping, but it is about not getting suckered! People’s hearts open during the holidays—and cybercriminals are happy to take advantage by pulling on your heartstrings to get you to give money to fake charities or to fund made-up calls for help. As always, do your research to check for legitimacy.
Not That Scary
You may see a long list of cautions and conclude that online shopping is scary. It’s really not. If you were preparing to drive your car in icy conditions or to ride a bike in a new city, you might prep with a similar list of precautions—and then enjoy the experience.
The truth is that online shopping—just like every experience of the digital world—requires a level of skepticism and awareness. If you keep your wits about you, this could be your most stress-free and pleasant holiday shopping season ever.
Selected Safe Shopping Resources:
FBI (Federal Bureau of Investigations):
Cybersecurity & Infrastructure Service Agency (part of the Department of Homeland Security):
Shopping Safely Online (updated annually)
American Express: https://www.americanexpress.com/us/security-center/
You can also expect that trusted major newspapers, organizations, and other companies involved in retail will soon release this year’s version of advice that is, in some ways, evergreen. Here are some examples, but it’s just a start:
The New York Times: https://www.nytimes.com/wirecutter/blog/safe-online-shopping/