7 tips for safe holiday online shopping - RED - Relevant. Essential. Denver.
Person at a computer makes an online payment.

7 tips for safe holiday online shopping

'Tis the season to shop online. Here's what you need to know to make sure you don’t end up buying gifts for the bad guys.

November 20, 2018

By Mark Cox

Admit it: You weren’t too surprised when brick-and-mortar retailers Toys R Us and Sears went under earlier this year.

Americans are doing more of their shopping online, after all, and this holiday season alone, we’re projected to spend around $120 billion online — a 15.5 percent increase from last year.

But where money flows, crime usually follows. Here’s what you need to know to keep your money, credit and identity safe from cyber criminals this holiday online shopping season.

Use credit, not debit

The problem with debit cards is that they link directly your bank account. Credit cards, on the other hand, are backed by banks and offer customers more protections, according to Steven Beaty, a computer science professor at Metropolitan State University of Denver. “Plus, credit card companies have also become very good at detecting fraud,” he says. If you know at which company's website you'll be shopping, Beaty has an even better idea than using a credit card: Buy pre-loaded gift cards from your favorite retailers. “These are basically debit cards with a limited amount of money attached to them,” he says. “Even if the bad guys break through you won’t lose too much.”

Update everything

Imagine that a security expert told you that they could drastically improve your home’s security for free – installing security lights, sensor alarms and strong window locks – but it might take about 10 minutes. You’d think it was an awesome offer. Yet, we all groan whenever an “update” message pings on our devices and begrudge the short period of time it takes us to download and install security updates. Beaty is resolute: “Maintaining updates is job number one in computer security. And another thing: You should also manually update devices that don’t get automatic refreshes – such as printers, routers, modems and smart TVs – as they have been infected by a lot of malware recently.”

Passwords are really important

Like the security update, the password is another feature of our cyber culture that delivers huge benefits for very little effort. Just be sure to follow Beaty’s golden rule: Never use the same password for multiple websites. If you use the same password for multiple – or all of – the websites you frequent, then when one site is breached, you have to remember all the other sites at which you used that password and change it for those websites as well, he says. “Password Managers are great,” Beaty says. “You can also use a browser’s "autofill" password feature to create long, random, unique passwords for every website requiring one.” If you’re worried about your online security, Beaty recommends this handy website that checks if your accounts have been compromised in a data breach.

Beware email offers …

Is your email inbox full of incredible offers (“iPads for $100!”) that sound too good to be true? They are likely all scams. ‘Tis the season for scam emails promising gifts cards or special deals that are actually filled with viruses and malware. “Never click on links in emails,” Beaty advises. The hyperlinked text and the underlying link might not be the same at all, he says. And even though hovering over the hyperlinked text should expose the link details, bad URLs can easily be made to look like good URLs by using foreign characters or names that closely replicate those of legitimate websites. “It’s not worth the risk,” Beaty says.

… And phony text alerts and calls

Watch out for alerts supposedly from your bank – or sometimes a tech company or retailer – highlighting "problems" and asking for your account information. No legitimate business would ever do this, Beaty says. Most of all, beware of unsolicited phone calls from businesses. Keep in mind that most major companies would never just call you out of the blue, Beaty says. Treat such calls with extreme caution. “If (an alleged business) calls you, hang up immediately, then look up their number and call them back,” Beaty says. “Caller ID is great, but it can be faked.”

Avoid public Wi-Fi

Hackers love free Wi-Fi hotspots because you love free Wi-Fi hotspots. Public networks aren’t secured, which means all your browsing information is out there and easy to steal, Beaty says. Flip through news and entertainment sites all you like, he says, but don’t use online banking or retail sites while on public Wi-Fi. “If possible, use a virtual private network (VPN) at coffee shops and public places to further protect yourself and your browsing history,” Beaty says. “And never accept a 'certificate' from any source – these are used exclusively in public areas to eavesdrop on people.”

Look for the lock

You’ve finally found the perfect gift at an amazing price – but it’s on an unfamiliar shopping site. Is everything legit and secure? Here’s a quick way to tell: Look for the “https” at the beginning of the site address. That “s” stands for “secure.” If you can only see “http,” that means the site is not encrypted and it’s time for you and your data to exit. Fortunately, there's also another, more obvious way to check a website’s credentials. “Most browsers now feature a green ‘locked’ padlock symbol at the left-hand side of the URL bar,” Beaty says. “If you see that, it’s generally a good indicator that the website is okay.”