Blog :: Security Operations

How to Shop Online Safely

In just a few short weeks, Black Friday and Cyber Monday will usher in a mad rush of holiday shopping.  I’m happy to see both shoppers and retailers taking care to prevent injuries caused by overlarge crowds, but what steps are you taking to ensure your cyber safety and to shop online safely?


shop online safely

First, to understand how to shop online safely, I want to outline the risks of shopping online:

  • You can be tricked into buying non-existent products from fake websites
  • You can fall victim to fraud by paying through an unsecured website or
  • By paying over an unsecured Wi-Fi connection
  • Your information can be stolen from the retailer if they’re hacked


Steps You Can Take to Shop Online Safely

The first and most basic thing you can do to shop online safely is research.  Make sure you’re already familiar with the company you’re buying from (in my opinion, you can never go wrong with Amazon).  If you’re a first-time buyer from a certain retailer, perform a quick Google search to see how other people’s experiences were with that company.  You’ll be able to find out quickly whether you’re dealing with a scam website.  Other details to look for are a telephone number and a physical address–these can at least establish that the company is real.  Good privacy and returns policies are also important for them to have.  To make sure the site is secure, look for the small green padlock in the address bar and see whether the URL begins with “https.”  I discussed why these indicators establish security in my previous blog.

Before you actually make your purchases, ensure that your system is up to date; this way, you’ll have all the latest security patches.  Double-check that your firewall and antivirus are up to date as well, and that they’re actually enabled!  It seems obvious, but even I’ve had to temporarily shut them off because they were getting in the way of other tasks–it’s easy to forget to turn them back on.

Less obvious is using a VPN, or Virtual Private Network, to shop online safely.  Essentially, a VPN encrypts your data and helps maintain your privacy.  Secure Thoughts has a good article on what VPNs are and the best ones to use for online shopping; PCWorld has a step-by-step guide on how to set up a VPN.

Naturally, you should also ensure that your Wi-Fi is as secure as possible; this will go a long way in letting you shop online safely.  OnGuardOnline has a detailed guide on securing wireless networks, but here are the basic steps:

  • Turn your router’s Person with laptop using a credit for online banking and shopping - concept for e-commerce and online bankingencryption on (WPA2 is better than WEP)
  • Change your router’s name if you haven’t already
  • Don’t use the default password–make your own
  • Only allow certain computers to access your Wi-Fi

I’ve talked a lot about securing your personal network in order to shop online safely, but what about using public Wi-Fi?  The short answer is: don’t.  Even if you need a password, it’s not safe when you don’t know exactly who is using the network.  It doesn’t take a lot of hacking knowledge to be able to access your information this way.

Now you’re ready to actually make your purchases!  But there are many things you can do even at this stage to make sure you shop online safely.  First, if you’re signing up for an account on the retailer’s website, use a strong password that you don’t use anywhere else.  I understand that it’s a pain to remember multiple, complicated passwords; if that’s the case, you may consider using a password manager such as LastPass.  You’ll only need to remember one password in order to access all your other passwords.

When you make your payment, it’s wise to use a payment method that offers buyer protection, such as a credit card or PayPal.  Avoid using a debit card; while they’re more convenient, they’re not as safe.  If your bank offers it, you can also pay with a single-use credit card.  This is probably the best method–even if a hacker gets ahold of the number, it will be quickly become invalid.

You’ll have to give more information than your credit card number, but take care not to give more than necessary.  If a field isn’t required (marked with *), don’t fill it out–why bother? Be aware of the information a retailer actually needs; obviously they don’t need your social security number to complete the transaction, so don’t do business with any retailer who asks for it.  Afterward, the retailer may ask if you want to store your information for future purchases.  This is a convenient option, but less secure, so opt out.  Lastly, log out of your account immediately after completing the transaction.

Now you know how to shop online safely, but there are a couple more things I’d like to cover.

Shop Online Safely on MobileShopping cart on the screen.

It’s harder to shop online safely on your mobile device than on your computer at home, but if you have to do it, you can mitigate the risk.  First, set up a password, pattern, or PIN (whichever your device uses) and change the settings so that it will auto-lock after a specified time period.  Essentially, you’ll make it harder for people to access your device.

Turn off Bluetooth and Wi-Fi when you’re not using them, and before you install any apps, double-check what permissions they ask for.  There are some of you out there who jailbreak your phone; just know, however, that this leaves it more vulnerable.  When you’re making a purchase, use cellular data as opposed to Wi-Fi.

The biggest problem with mobile devices is that they can be lost easily.  Make sure you can remotely disable your device or wipe all of its data, and know how to do it.  For example, here is Apple’s page on how to wipe an iPhone.

What to Do in Case of Fraud

In the worst case scenario, you’ll fall victim to fraud.  You can talk to your bank and they may reimburse you for the money you lost.  You can also report the fraud to the United States Department of Justice (if you live in the US).  You may also consider freezing your credit file–this will prevent others from applying for credit in your name.  Brian Krebs wrote an excellent article with all the details on security freezes.

We love to hear how people are protecting themselves online.  Tell us what you’ve done to protect your data (but don’t go into too much detail–remember, stay secure!) by tweeting @Plixer.