6 Online Holiday Shopping Safety Tips

Introduction

The holiday season brings a feeling of excitement. For many people, it’s about the joy of celebration and the opportunity to connect with loved ones. For criminals, it’s about the opportunity to scam.

Yes, there are real-life Grinches and Scrooges who aren’t concerned about your happiness … or your finances. They double down at this time of year because more people are pulling out their wallets to buy gifts. So it’s important to be extremely cautious and vigilant about safety when doing your holiday shopping online.

1. Think Before Clicking

Cybercriminals are almost as busy as the elves in Santa’s workshop when the holidays roll around. And many successful online crimes start with a phishing email, trying to hook you in with a single click.

Phishing attempts may appear to come from a legitimate source, like a well-known online retailer or financial institution. The goal is to get unsuspecting consumers to click on a malicious link, enter their credentials into a fake website, donate money to a fake charity, or purchase a deal for a product that doesn’t exist. They might be after your personal information to steal your identity, or they could be simply trying to take your money.

Luckily there are red flags you can look for.

• Check for requests that cross normal boundaries. Financial institutions and government organizations will never ask for personal details in an email.
• Look for spelling mistakes or awkward phrases that you wouldn’t expect from a professional business.
• Hover over any links to see where they lead. If the destination looks off, don’t click.
• Double-check the sender’s email. These can be spoofed, so you might need to choose “view headers” or “show original” to see the actual source.
• Avoid entering your login credentials or personal info after clicking a link. If you think the message might be legitimate, go to the website you know to be real by typing in the URL directly.

Phishing scams usually prey on emotions, so the message will present an emergency situation, say you’ve won a prize, or offer a deal that seems too good to be true. The fraudster is using a sense of urgency to create panic. Stop, take a breath, and think it through logically before reacting to these kinds of high-pressure messages.

2. Be On Alert

How do you search online for deals? Do you go to trusted vendor sites, respond to website banner ads, or click on email links? The latter two aren’t always malicious, but you should only follow email links if you signed up for those newsletters and they’re from reputable e-commerce brands. Never click on anything unsolicited, and take online ads with a grain of salt.

Research how much products normally cost so you know if a price you see advertised is reasonable. Sales are common during the holiday season, but if something sounds too good to be true, it probably is. In this case, the offer might be fake, and you’ll end up with an item that doesn’t match the description — or no item at all.

3. Strengthen Account Security

Some online holiday fraud involves breaking into your accounts rather than getting you to click something. Now, sometimes that break-in attempt does occur after you click a malicious link or enter your info into a fake login page. But even if that happens, you can still be protected.

Here’s a list you can check twice to make sure your security is as strong as possible.

• Install software updates or turn on automatic updates for your phone, computer, smart appliances, and any other connected devices. This ensures you have the latest security features and critical patches.
• Use strong passwords that are complex and unique. Don’t use the same password for multiple accounts, and always use a combination of uppercase and lowercase letters, numbers and symbols — preferably at least 12 characters long. A password manager can help you keep track of these.
• Activate multifactor authentication (MFA) or two-factor authentication (2FA) on any accounts that offer it. Then even if someone gets your username and password, you’ll receive the confirmation code, whether by email, text message, push notification, or authenticator app. Nobody will be able to log in without doing that second verification step. For MFA, sometimes there’s even a third step involving biometrics or security questions.
• Set up notifications to tip you off about unusual activity with your credit card or bank account. You generally have a range of options that you can select and customize to receive real-time alerts. That could include all online purchases, transactions over a certain dollar amount, suspicious login attempts, and more.

4. Keep Information Safe

Even when you’re vigilant about not clicking links and you have all your accounts locked down, your personal information can still be stolen. This can happen if your connection or the website itself is not secure.

• Avoid public Wi-Fi for online shopping or accessing important accounts. It might be safe … but it might not. Many people have had their data stolen when trusting public connections.
• Use a VPN (virtual private network) if you must connect to the internet in public places. This encrypts your IP address and gives you a secure connection. You can also use a personal mobile hotspot instead of public Wi-Fi.
• Look for security clues that let you know your information is being encrypted. That includes an https in the URL (“s” stands for secure) and a lock icon in the browser bar. If the website doesn’t show these things, don’t buy anything.
• Read the privacy policy (which must be published on every website that collects personal data) to see how the company uses your information. If you’re not comfortable with it, steer clear of that site.
• Avoid optional fields in online forms and only enter the required info. If you don’t need to give your phone number and address, leave it off.

5. Use Credit Over Debit

Many credit cards come with fraud protection, and laws are in place to limit your liability if your card is lost or stolen, or you’ve been scammed. For example, Credit One Bank credit cards all have Zero Fraud Liability included.

Unfortunately, debit cards don’t always have the same level of protection. You might only be responsible for up to $50 of the price for unauthorized transactions if you report it within two days. After that, it increases to $500, and you could be out the whole amount if you wait longer than 60 days. None of those scenarios are very appealing, especially when you’re in the process of buying presents.

Since the money comes straight from your bank account, a purchase dispute or unauthorized charge could also leave you without enough funds to pay your bills.

6. Monitor Bank Statements

You can’t usually catch discrepancies or fraudulent transactions as they’re happening, so the next best thing is to check your bank statements. Make sure you recognize all the listed purchases, and report any suspicious activity if you don’t.

If you’d rather not wait for your statement, make it a habit to regularly look at the transactions in your bank or credit card account. Your online banking records are updated in close to real time, so you can see any suspicious activity and contact your financial institution right away.

Bottom Line

Cybercriminals don’t care about you having happy holidays … they care about lining their own pockets. They will try to phish you, defraud you, hack you, or otherwise scam you in their pursuit to steal your money, your identity, or both.

But you can give yourself the gift of having peace of mind. Following these tips will empower you to stay safe, avoid holiday scams, and just say no to all the online Grinches and Scrooges.