Your IP: Unknown · Your Status: Unprotected Protected

Blog How-To

How to shop safely online

Aug 07, 2019 · 6 min read

How to shop safely online

Online shopping fraud and identity theft cases are rising every year. While hackers and fraudsters are polishing new techniques, many online shoppers are still unaware of simple safe online shopping rules. You don’t need to be one of them. Read on and take precautionary measures to protect your hard-earned cash and shop safe.

How online shopping puts you at risk

Online shopping might feel safe, but that’s far from the truth. It needs two things to be safe – an online store that cares about customer security and smart consumers who know how to keep their personal information secure.

Hacking and identity theft aren’t as visible as traditional theft, and hackers are harder to catch. Incidents of online theft, however, target millions of people every year.

According to cybersecurity report by Symantec in 2018, “across 16 countries, more than a billion adults have been the victims of cyber crime, 800 million in the last year alone.” Here are just a few insights:

“Across 16 countries, more than a billion adults have been the victims of cyber crime, 800 million in the last year alone, and nearly 2 in 3 (64%) believe they are likely to experience cyber crime in the next year. Of those who did experience cyber crime in the past year, 38% had a financial loss and spent 6 hours on average resolving the crime.”

You don't have to be one of the victims. With a few simple rules and tricks, you’ll be able to shop online safely.

Key rules to avoid online fraud

1. Only shop on HTTPS websites

Make sure the online store you’re visiting uses HTTPS. This means that your details are covered by basic TLS encryption all the way from your browser to the site you’re shopping on. HTTPS sites aren’t necessarily super-secure, but if the admin went through the trouble of implementing HTTPS to secure your data, you know they’ve taken at least one important step.

Checking this is easy – simply look at the URL bar to see if it begins with “https://” the way it does on our website.

Only shop on HTTPS websites

2. Make sure you’re visiting a legitimate online store

Before entering any personal informaion to complete your purchase, check to make sure you’re on the right online store. There are a lot of opportunities for hackers and scammers to redirect you to the wrong website, or in other words, spoof the URL.

You might think that you are buying your new sneakers straight from Nike but you find yourself on “n1ke.com” (a hypothetical example). If so, it’s time to delete everything you just entered and back away!

3. Be careful around URL shorteners

Marketers love URL shorteners because they make long URLs full of tracking codes less unsightly. However, scammers can also use URL shorteners to hide the URL you’re being sent to.

When you see an ad with a URL shortener for a great deal, consider navigating to the brand’s website yourself simply by using your address bar. Chances are you’ll find the same deal on their site. If not, it could be that the URL shortener you saw was being used by a scammer.

Be careful around URL shorteners

There’s nothing wrong with clicking on a shortener, but if you do, make sure that the URL you wind up on looks legitimate (see URL spoofing techniques post!).

4. Avoid email links

Another technique scammers might use to get your credit card information is phishing. It’s a very popular and effective way to hack someone by using carefully crafted emails. They will usually offer you discounts or offers that are too hard to resist. They can also include a spoofed URL, which will lead you to an order page and make their fraud even more convincing.

Whenever you receive such an email – especially on Black Friday, Cyber Monday or just before Christmas – ask yourself these questions:

  1. What are they asking for? Most legitimate websites won’t ask you for any additional information after you have completed your purchase. If the email is asking you for your password or for any information the site should already have, that’s a dead giveaway.
  2. Where do these links lead? You’re better off not clicking on any email links before you check the URL they sent you. Does it use the same domain name (the “Paypal” in www.paypal.com) and top-level domain (the “.com” in www.paypal.com)? You can hover over the link or right-click on it before following it to see where it leads.
  3. Who is the sender? Paypal and eBay are two of the most commonly impersonated sites in phishing emails, but there are plenty of others. Anyone can set their visible name to be “Paypal.com” or “eBay,” but only an employee of these companies can use an email address ending in @paypal.com or @ebay.com that your email provider won’t flag. Make sure you closely inspect their email address before trusting them.

5. Never shop on public Wi-Fi

If at all possible, never shop online on public Wi-Fi networks. Public Wi-Fi is the perfect place for scammers and hackers to do their work. These networks feature poor security and can be scanned by hackers looking for weak connections. Public computers are also highly insecure, but there are ways to improve your security.

If you absolutely HAVE TO use public Wi-Fi, then it’s essential to use a VPN. The encrypted connection will make sure that your online banking or credit card credentials will be safe when you hit “Buy.”

6. Monitor your debit card and credit card statements

Monitor your credit card

It might sound obvious but you should always keep track of your purchases and their prices. This can help you spot potential hacks or dishonest business practices so you can respond ASAP. Legitimate businesses might overstate their discounts or add hidden fees that you will be charged once your purchase is complete.

If you use a banking app, turn on push notifications to track the payments you make. You can even call your bank to see what other notification options they might have or just order debit card or credit card statements. Look out for fraudulent charges. When you see one, contact your bank to contest the charge and shut down the card. That will make the leaked information useless in the hacker’s hands.

7. Consider using a virtual credit card

Using a virtual credit card

A virtual credit card is exactly what it sounds like – a purely digital credit card that you can only use online. By linking it to a real credit card or debit card you own, you can shop online without ever revealing your actual credit card information. You can also set your virtual credit card to only allow purchases up to a certain amount or to expire after a certain day.

8. Keep your browser updated

Your browser is what takes you from one online shop to another. Therefore it’s important to keep it updated and upgraded with the best security and privacy extensions. It will protect your personal information from leaking.

There are many hacking methods that target vulnerabilities in outdated browser versions or unsecured online stores. After all, updates are usually released in order to address known vulnerabilities. Don’t give hackers a chance and stay updated.

9. Practice good password security

Good password security is always important, but it’s easy to forget this when you’re making new shopping accounts for different online shops. Creating unique and secure passwords for every site (and remembering them) can be a tall order if you plan on doing a lot of shopping, but there are tools that will help you – password managers.

10. The less information you give, the better

After completing a few purchases on trusted websites, you start to get an idea of what sort of data they legitimately require:

  • Your billing information;
  • The address where you want them to ship your product;
  • Your name and contact info.

If a website asks you for additional personal information that ISN’T OPTIONAL, turn around and leave. Some websites will ask for additional information for marketing purposes, but it won’t be mandatory. No website should ask for your personal ID number or your password to another site or service to sell you something. If they ask, turn around and run – you were probably about to get scammed.

And one last piece of advice – always stay vigilant. If something sounds too good to be true, it’s probably a scam.

Stay safe while shopping online. It's easy with NordVPN's 30-day money-back guarantee.


Daniel Markuson
Daniel Markuson successVerified author

Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.


Subscribe to NordVPN blog