Online Shopping Safety Tips

The holiday season is upon us. While millions of Americans will be looking for the best deals the internet has to offer, cyber criminals will be hard at work looking to target online shoppers. The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get access to your personal and financial information to compromise your data, insert malicious software, steal your identity and take your money. 


As you shop online and create accounts, or log-in to existing accounts, use a different password for every account. That way if your password gets compromised on one account, the attacker will not be able to access all your other accounts. One way to generate strong, unique passwords for your online accounts is to use a password manager, such as LastPass, to help keep track of all your passwords and avoid password reuse. Once passwords are created, the software simplifies your online shopping by automatically filling in those long and complicated passwords for you.

Multi-factor Authentication (MFA)

Ensure that you use MFA, sometimes referred to as 2-step authentication, whenever that is available for your online shopping accounts.  Many online vendors now support this security feature.  MFA is an extremely effective way to ensure your accounts are not accessible to cyber criminals.  If you have not already done so, this holiday is a great time to also enable MFA for your bank and personal email accounts. 

Apply Software Updates

When shopping online, it is very important to keep your personal computer software up-to-date.  This reduces the risk that a cyber criminal could leverage a vulnerability on the system to access your online accounts.  Learn more about updating your personal computer software on SpiderTechNet

Charity Donations

Fraudulent charity requests are designed to fool you, so it can be hard to tell the difference between a legitimate one and a scam designed to steal your money, or your entire identity. To verify a charity, look to online reviews and consult sites like the Better Business Bureau,, Charity Navigator or Charity Watch to confirm their legitimacy.

Package Tracking Information Scams

These scams send emails or text messages that reference a fake shipment by FedEX, USPS, DHL, Amazon, or UPS. You are asked to click a link to update delivery preferences or to complete a satisfaction survey, and the link will take you to a location that will attempt to steal your personal information. If you are expecting a package, contact the company using a known website or phone number. Do not use the information information provided in the text message or email.

Package Theft

While not technically an online shopping scam, porch pirates are a year-round problem. It is estimated that nearly 25 million packages a year do not make it to their intended recipients because they are stolen from the doorstep after delivery. These thieves tend to be most active during the holiday season, when more packages than usual land on porches as a result of online orders. When placing online orders, at certain stores, consumers can ask that a signature be required upon package delivery. Alternatively, you can ship your package to an alternate location, or set a pickup location rather than your home using services such as Amazon Hub.

Additonal Tips

In addition to being on the lookout for the above-mentioned scams, make a regular practice of taking the below precautions to avoid becoming victims of fraud while shopping online:

  • Regularly check bank and credit card statements for unfamiliar activity.
  • Pay by a credit card. A debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills.
  • Stick with known and reputable sources when making purchases.
  • Check the address bar. Look for a closed or green padlock icon, and https:, in the web address bar before entering your credit card or pay account online. If the padlock is open or red, or you only see http:, the information is not secured.
  • Think before you click.  Most successful cyber attacks starts with a phishing email.  Learn to recognize spam emails and avoid responding to them or clicking links within them.
  • Be wary of providing personal information to people who call on the phone or make contact via email. Rather, directly call companies’ verified phone numbers to provide any needed info.
  • Beware of email attachments and always scan them for viruses before opening them.