10 Black Friday tips to shop safely online

Identity theft, parcel fraud, chargeback fraud, account takeovers and phishing scams are major threats for online shoppers and merchants, but because hacking theft isn’t as visible as traditional theft, scammers are a lot harder to trace and catch.

In fact, your safety largely depends on you. Not only does an online store need to prioritize customer security, and as a consumer you’re also responsible for keeping your personal information secure.

The FTC (US Federal Trade Commission) received 2.2 million fraud reports in 2020, with consumers reporting losses of $3.3 billion. That’s $1.8 billion more than in 2019.

In recent years, even huge companies like eBay, Amazon, and easyJet have leaked information for billions of customers. Shoppers face huge financial losses, so it’s essential that we all learn to take our safety into our own hands.

Make sure the online store you’re visiting uses HTTPS. The ‘S’ stands for ‘secure’, which means that your details are covered by basic TLS encryption all the way from your browser to the site you’re shopping on. HTTPS sites aren’t necessarily super-secure, but if the admin went through the trouble of implementing HTTPS to secure your data, you know they’ve taken at least one security step.

Checking this is easy – simply look at the URL bar to see if it begins with “https://” the way it does on our website.

Before entering any personal information to complete your purchase, check to make sure you’re on the right online store. There are a lot of opportunities for hackers and scammers to redirect you to the wrong website, or in other words, spoof the URL.

You might think that you are buying your new sneakers straight from Nike but you find yourself on “n1ke.com” (a hypothetical example). If so, it’s time to delete everything you just entered and back away!

Marketers love URL shorteners because they make long URLs full of tracking codes less unsightly. However, scammers can also use URL shorteners to hide the URL you’re being sent to.

When you see an ad with a URL shortener for a great deal, consider navigating to the brand’s website yourself simply by using your address bar. Chances are you’ll find the same deal on their site. If not, it could be that the URL shortener you saw was being used by a scammer.

There’s nothing wrong with clicking on a shortener, but if you do, make sure that the URL you visit looks legitimate (see our URL spoofing techniques post).

Another technique scammers might use to get your credit card information is phishing. It’s a very popular and effective way to hack someone by using carefully crafted emails. They will usually offer you discounts or offers that are too hard to resist. They can also include a spoofed URL, which will lead you to an order page and make their fraud even more convincing.

Whenever you receive such an email – especially on Black Friday, Cyber Monday or just before Christmas – ask yourself these questions:

1. What are they asking for? Most legitimate websites won’t ask you for any additional information after you have completed your purchase. If the email is asking you for your password or for any information the site should already have, that’s a dead giveaway.
2. Where do these links lead? You’re better off not clicking on any email links before you check the URL they sent you. Does it use the same domain name (the “PayPal” in www.paypal.com) and top-level domain (the “.com” in www.paypal.com)? You can hover over the link or right-click on it before following it to see where it leads.
3. Who is the sender? PayPal and eBay are two of the most commonly impersonated sites in phishing emails, but there are plenty of others. Anyone can set their visible name to be “Paypal.com” or “eBay,” but only an employee of these companies can use an email address ending in @paypal.com or @ebay.com that your email provider won’t flag. Make sure you closely inspect their email address before trusting them.

We also recommend using NordVPN’s Threat Protection feature. It helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.

If at all possible, never shop online on public Wi-Fi networks. Public Wi-Fi is the perfect place for scammers and hackers to do their work. These networks feature poor security and can be scanned by hackers looking for weak connections. Public computers are also highly insecure, but there are ways to improve your security.

If you absolutely HAVE TO use public Wi-Fi, then it’s essential to use a VPN. The encrypted connection will protect your data even if someone is snooping through the unsecured connection.

It might sound obvious but you should always keep track of your purchases and their prices. This can help you spot potential hacks or dishonest business practices so you can respond ASAP. Legitimate businesses might overstate their discounts or add hidden fees that you will be charged once your purchase is complete.

If you use a banking app, turn on push notifications to track the payments you make. You can even call your bank to see what other notification options they might have or just order debit card or credit card statements. Look out for fraudulent charges. When you see one, contact your bank to contest the charge and shut down the card. That will make the leaked information useless in the hacker’s hands.

A virtual credit card is exactly what it sounds like – a purely digital credit card that you can only use online. By linking it to a real credit card or debit card you own, you can shop online without ever revealing your actual credit card information. You can also set your virtual credit card to only allow purchases up to a certain amount or to expire after a certain day.

Your browser is what takes you from one online shop to another. Therefore it’s important to keep it updated and upgraded with the best security and privacy extensions. It will protect your personal information from leaking.

There are many hacking methods that target vulnerabilities in outdated browser versions or unsecured online stores. After all, updates are usually released in order to address known vulnerabilities. Don’t give hackers a chance and stay updated.

Good password security is always important, but it’s easy to forget this when you’re making new shopping accounts for different online shops. Creating unique and secure passwords for every site (and remembering them) can be a tall order if you plan on doing a lot of shopping, but there are tools that will help you – password managers.

After completing a few purchases on trusted websites, you start to get an idea of what sort of data they legitimately require:

• Your billing information;
• The address where you want them to ship your product;
• Your name and contact info.

If a website asks you for additional personal information that ISN’T OPTIONAL, turn around and leave. Some websites will ask for additional information for marketing purposes, but it won’t be mandatory. No website should ask for your personal ID number or your password to another site or service to sell you something. If they ask, turn around and run – you were probably about to get scammed.

And one last piece of advice – always stay vigilant. If something sounds too good to be true, it’s probably a scam.