How to shop online safely

We are practically halfway through November! Classic Christmas tunes have started to dominate the radio waves. All of the major high street retailers are releasing their highly anticipated Christmas TV commercials. We all have our opinions on them.

Some eager elves among us will have their Christmas shopping all done and dusted. Many will leave it to the last minute and have to battle the crowds. Some will be a happy medium. They may be looking to take advantage of deals that will be on offer on Black Friday and Cyber Monday.

Either way, ‘tis the season for shopping! The winter months — Black Friday and Cyber Monday in particular — are the biggest in the retail and e-commerce calendar year. Therefore, we felt it was an apt time to share our tips on how to shop online safely.

7 tips for safer online shopping

Stick to trusted companies

Where possible, stick to well-known, reputable brands when you’re shopping online. Even if you see an amazing deal from an unknown retailer, approach with caution! If it sounds too good to be true, then that’s probably the case. No deal is worth the aggravation and worry involved with being scammed. Moreover, reputable platforms like Amazon sell pretty much anything you can think of, at a range of prices.

Most of the major players on the retail scene will have online stores. However, you may be looking for a niche product where there isn’t an obvious market leader and need to turn to more unfamiliar brands. If so, do your due diligence.

• Get recommendations from friends and family. 
• Read reviews. Don't rely on the testimonials showcased on the seller’s own website. Go to third party review sites such as Google, TrustPilot and Yelp for genuine feedback. Some question the legitimacy of the reviews on these platforms. In response, Trustpilot introduced the "verified" mark. If a review has been verified, it means the Trustpilot team have confirmed the feedback is from an actual client, about a real job. 
• Check if a company is registered at Companies House.
• Send an email or give them a ring to confirm they are legit.
• Check their website is secure. How…?

Check websites are secure

Before making a purchase on — or in fact, browsing — any website, check it is secure. How do you know if a website is secure? Make sure it has fulfilled all the criteria on our secure website checklist below. Get savvy!

Secure Website Checklist:

To ascertain whether a website is secure, make sure:

• “S” is present — The URL of a secure website will always start with https://  HTTPS stands for “Hypertext Transfer Protocol Secure.” All that means is that the website you are on scrambles signals made to and from the site, in order to prevent unwanted visitors spying on any activity. Some websites don’t have the “s.” Before you cast your eye over any products, make sure the “s” is there. Worried you’ll forget? Google Chrome is here to help! If you visit a web page that is not using HTTPS encryption, it will automatically flag it. A "not secure" warning will appear at the beginning of the address bar. Your cue to leave and browse elsewhere.
• Address bar has a locked padlock — Before adding any items to your basket, make sure that the website you are on has a locked padlock symbol at the beginning of the address bar. The presence of a locked padlock indicates that the website you are visiting has SSL (Secure Sockets Layer) encryption installed. What that means is your data — personal and payment information — is transferred by more secure methods than an unencrypted site. Never make a purchase from a site that is not sporting a locked padlock icon at the start of the address bar. Some cybercriminals have tried to pass off scam websites as legit, by incorporating a locked padlock icon on the top left-hand corner of the web page’s design. That means nothing. It has to be in the address bar.
• Is Void of spelling mistakes — Before commencing your shopping spree, cast your eye over the web address and check there are no spelling mistakes or strange characters. Cybercriminals deliberately choose domain names that appear legit at a glance. Take a magnifying glass to them and all is not what it seems. For example: "googgle.com" is not the same as "google.com".
• Has Valid Certificate — Another way of finding out if the website you are browsing is secure, is checking whether it has a valid certificate registered to the correct address. You can do this by clicking the padlock icon at the beginning of the URL bar. If it does, it will say “Certificate is valid.”
• You can see .com or .co.uk — The end of a web address is called a top level domain (TLD). There are lots of top level domain options. However, when you are online shopping, you want to stick to “.com” or “.co.uk” websites. Top level domains such as “.net” or “.org” are not intended for ecommerce purposes.

Use a secure internet connection

When shopping online, always ensure you are using a secure wi-fi connection or mobile data. Cybercriminals have figured out ways to use public wi-fi to steal information. If you have no other option but to use a public wi-fi network, use a VPN (Virtual Private Network).

A VPN redirects your internet connection through a private internet server whereby your real IP address is hidden. It also hides your online activity, preventing hackers retrieving personal information such as email login, bank details, personal media and home address. We recommended using the likes of NordVPN, ExpressVPN or Surfshark.

Avoid links – Go direct

The general rule of thumb when online shopping is to visit a retailers website directly. Don’t access ecommerce stores via links contained in messages – be it text, email or even social media posts. By adopting this rule, you drastically reduce your chances of falling victim to a phishing crime.

These messages are designed to lure you in. They will contain an unbelievably great offer along with a link to claim said offer. Click on the link and you will be taken to a fake online store. Cybercriminals have become very adept at mimicking the designs of legitimate websites. They will reproduce the logos, trademarks and products found on a genuine store’s website with incredible accuracy.

On the face of it, all seems well and consumers are lulled into a false sense of security. They believe they are making a brilliant purchase, but in reality they have been tricked into divulging their bank details, passwords and personal information.

This is where the Secure Website Checklist above becomes really handy. The first place to check if a website is fake or not, is the domain name. For example, at a quick glance, www.bankoffamerica.com looks legit, but it is not www.bankofamerica.com. The cybercriminals slipped in an extra “f.”

It is a shame, as honest retailers do use email marketing campaigns and messaging to let their customers know about the latest offers. They will include links straight to the offers to make their customers experience as swift as possible. If you think you have received one such email but have a seed of doubt in your mind about the link, you could use a link checker — such as this one from NordVPN. Simply paste the link into the field provided, hit analyse and find out whether the link contains “malware, fake websites, and phishing attacks.” Then you know whether to continue shopping or not.

If you think a message you have received — via text, email, website or social media post — isn’t all what it seems, join the fight against cybercrime! Here is some guidance from the National Cyber Security Centre on how to spot and report scam emails, texts, websites and calls.

Choose a secure payment method

With all the advances within fintech software development, there are so many ways you can make online payments. However, there are definitely preferable ones when it comes to security.

One way to make online payments safely is via digital wallets. Think PayPal, Apple Pay or Google Pay. These fintech platforms have various layers of security built in such as biometric security, encryption technology, passcodes and tokenization. The latter is a particularly effective security feature.

Tokenization basically removes all the sensitive card information from a transaction. It does this by replacing it with a one-time use “token.” If a hacker manages to intercept a token, they will be disappointed. Tokens expire quickly and contain no personal information. So all they get is a useless token.

Another option is making payments with credit cards. Credit cards offer better fraud protection. Some have EMV chip technology. Whenever a transaction occurs, the EMV chip will generate a unique code for that specific transaction. This makes it a lot harder for cybercriminals to clone cards or steal data.

Credit cards tend to come with more comprehensive protections. Zero liability protection  means you don’t have to cough up for any charges made to your card by fraudulent means or without your consent. Consumer protections safeguard you from any underhand or unfair practices in the marketplace. So if you don’t own a credit card, consider getting one.

Enter mandatory details only*

Whenever you “go to checkout,” only fill out the mandatory fields i.e. those marked with an asterisk. Retailers only need to know your email address and home address to fulfil an order. They really don’t need to know your birthday to get your grocery shop to you! If the birthday field is a mandatory one, make one up. Just make a record of it, in case you need it in the future.

If you intend to become a regular customer of an online store, it may be worthwhile creating an account. Otherwise, if the option is available, it is always preferable to “check out as a guest.” Referring back to the previous point, by opting to use a digital wallet such as PayPal, Apple or Google Pay, you may avoid having to create an account.

Some online retailers force you to create an account, in order to make a purchase. If unavoidable and you trust the site, create the account, BUT enter your personal details sparingly. NEVER allow the retailer to store your bank details for future purchases. NEVER agree to the browser remembering your payment details.

Strengthen Account Security

As we mentioned above, some online retailers require you to make an account with them. If so, make sure your account is protected with a unique, complex password. Never use the same password for another account. If one gets hacked, all of them do.

“But I have so many accounts!” we hear you say. “I can’t remember one strong and complex password, let alone multiple!” Do not fear! It just so happens that we have written a couple of tech tips on the matter. Read up on how to make a strong password you can remember and consider using a password manager as a way of remembering all your passwords.

Another measure you can take to strengthen your account security, is to opt into two-step verification. As it says in the name, two-step verification — also known as two-factor authentication –  adds an extra layer of protection to your accounts. It is a step designed to ensure it is in fact you who is logging into your account. It usually involves you entering a confirmation code sent to you by alternative means: phone, authenticator app or prompts.

Think of it like a medieval castle. A moat makes it trickier for attacking enemies to storm the castle. Two step verification makes it trickier for cybercriminals to access your account. Even if they work out your password, they still cannot get to your account without completing the second step.

There you go — 7 tips that will make your online shopping experiences safer. If you found this blog useful, there is more where that came from, check out our tech tips. Let tech do the hard work for you!