Shopping online can be a convenient way to get through your holiday shopping list, but just as in the physical world, there are precautions every online shopper should take to protect personal and financial information.
For the most part, online shopping is safe—that is, if you use familiar, reputable websites. But sometimes in order to find that perfect gift you may need to stray from your usual vendors, and that may especially be the case this year, thanks to supply chain issues around the world. Because of this, you must take extra precautions to make sure that you don’t end up handing your credit card data to online fraudsters.
There are a number of threats to online shoppers on Black Friday week, Cyber Monday week, and any other time of the year, including:
So what can you do to ensure your holiday shopping experience is safe and enjoyable? Here are seven essential cybersecurity tips to help you stay out of trouble when shopping online.
Well-established businesses tend to face more scrutiny from legislators and consumers alike. This often means they are more likely to have higher standards for site security, and are more likely to comply with consumer privacy laws—such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR)—than some very small or lesser-known online stores.
It’s also important to be aware that some popular sites allow third parties to sell items. Scammers sometimes pose as third-party sellers to try to exploit a popular site’s reputation.
Again, if a deal seems too good to be true, or if it’s a high value item and the seller has little or no experience selling on that site (or worse yet, negative feedback), avoid buying from that seller. That said, Amazon and eBay have relatively good buyer protection measures in case you do have problems with purchases from third parties.
Related:
Sometimes you may not be able to find a particular item at the most popular online retailers, and you might be tempted to buy an item elsewhere.
If you’re unsure about the legitimacy of an online shopping site that you’ve never heard of before, try checking their ratings on sites like Trustpilot or the Better Business Bureau. If you still can’t verify that a site is legitimate, it’s safest to just avoid making the purchase, no matter how tempting the deal may be.
However, what if you’re fairly certain that a site is safe, but you still want to take an extra level of precaution? You can use a virtual credit card number (or virtual debit card number) for a one-time use transaction, or for exclusive use with a single site. Check with your credit card company or bank to find out if they offer virtual card numbers. If not, you can try a third-party service like Privacy or Revolut, where free or paid accounts allow you to use virtual credit cards.
You should also considering using Apple Pay, if you have set this up on your device. When you pay on a site with Apple Pay, that site never gets your credit or debit card number, but rather a token for that specific transaction, which protects you from subsequent malicious use of your card number.
If you know you’re shopping on a reputable site, you may not need to be quite as concerned about security and privacy. But if you’re shopping on a site you’ve never visited before, how can you know if it’s safe enough? Two basic tests it must pass include whether it uses HTTPS security, and whether it has a privacy policy.
Nearly all sites use HTTPS, meaning that the connection between you and the web server is encrypted. Most web browsers will warn you if you visit a non-secure page, especially if you try to fill out a form (which is necessary to create an account or make a purchase on a new site). Generally, if you’re connected to a secure site, you should see a small, closed-padlock icon (similar to
Historically, you might notice that the site address would begin with “https://”, which would indicate at least a basic level of protection (the “s” stands for secure). However, some browsers like Safari no longer display the protocol portion of the address unless you click inside the address bar. If you don’t see a padlock icon, and you don’t see https:// after clicking in the address bar, then your connection to the site may not be secure.
Also, ensure that the store site contains a privacy policy. You’ll often find a link to it near the bottom of the site (in the footer), or in a menu on the site’s homepage. Consider reading or skimming the site’s privacy policy to verify that nothing looks out of the ordinary, and that they appear to take your privacy seriously.
While some shopping sites may allow you to check out as a guest, others require you to create an account before making a purchase. You might be tempted to reuse the same password for multiple sites. However, using a unique password for every site is critically important to protecting your other accounts. Password breaches happen all the time, and if your password leaks from one site and you use it on multiple sites, your security at those other sites is also compromised.
To help you keep track of all your unique passwords, consider using a widely trusted password manager, such as 1Password, Bitwarden, Dashlane, Apple Passwords, or Keeper.
Related:
4 Best Password Managers in 2024: How to choose the right one for you
Your passwords should also be sufficiently long and complex. Length is generally considered to be more important than complexity, so consider using passwords of at least 10–16 characters in length, or longer if you prefer (the longer, the better). However, even with a long password, it’s still a good idea to use a combination of uppercase and lowercase letters, numbers, and special characters. If you’re using a good password manager, you can often have them generate a pseudorandom password for you.
Always assume that public Wi-Fi networks are not secure, even if they seem to be. Public networks—such as you might find at a restaurant, coffee shop, hotel, library, or your dentist’s office—may not have any security at all, or may have very weak security. Either way, they could leave you vulnerable to various attacks from hackers connected to that network. Also, some companies log or monitor customers’ or users’ usage of their network.
Thus, you may want to avoid shopping or entering sensitive data (bank account information, credit or debit card details, etc.) when using the Web on a public Wi-Fi network.
The exception to this rule is if you tunnel all your network traffic through a trusted virtual private network—a VPN. Intego offers the Intego Privacy Protection VPN for Mac and Windows. Be sure to check out our featured article about VPNs to learn more about how they can protect you, and Intego’s recommended VPN providers if you want to use a VPN on iOS or Android devices, too.
Related:
Even if you follow all the tips above, you still need to beware of fraudulent sites that serve malware disguised as legitimate software (i.e. Trojan horse malware). You should also beware of threats that might already be lurking on your computer, unbeknownst to you. Malware such as RATs, which often include a keystroke logger, could potentially record your passwords and credit card information as you type them, and send them to a remote attacker.
If you’ve recently made any online transactions at sites you’d never visited before, be sure to double-check for any accidental or potentially fraudulent charges. Take a close look at your account and billing statements. Unauthorized credit card usage should be reported immediately in order to have the best chance of getting the charges reversed, and to prevent further unauthorized activity.
One more tip: you should never give your social security number to simply make a purchase from a site! Unlike credit fraud, identity theft—including a compromised social security number—is much harder to detect and properly address.
Shopping online should be secure and enjoyable, and with these cybersecurity tips you can stay safe while you shop online.
Here are all of our Black Friday deal links for this year—valid from Monday, November 25 through Sunday, December 1, 2024:
Remember to use these links to maximize your savings, and be sure to share these deals with your friends and family so they can save big as well!
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: