Security

8 tips for avoiding phishing, malware, scams, and hacks while holiday shopping online

The holiday season isn't just busy for shoppers--it's busy for cybercriminals, too. Here's a holiday shopping safety guide with advice on how to stay safe online.

Shopify predicts that online holiday sales in 2018 will be $23 billion greater than in 2017. As the number of online shoppers increases, the appeal for cybercriminals to target them grows as well, leading to the development of new tactics to circumvent antivirus software, beat web filters, and confuse targets into giving up secrets.

It's easier than ever to fall prey to cyber scams—even the most well-trained can fall for a perfectly executed attack. Hackers move fast—potential victims need to be faster. Here are eight security tips for online shoppers.

SEE: Identity theft protection policy (Tech Pro Research)

1. Don't trust your holiday shopping to mobile apps

Fake shopping apps pop up regularly, but this is the time of year to be especially aware of the risks they bring. If you want to be extra safe don't even try to download a company's online shopping app—just go straight to its website and do your shopping there.

An app might be simpler, especially one downloaded from a reputable source, but you're better off not downloading one at all.

SEE: Man-in-the-disk attacks: A cheat sheet (TechRepublic)

2. Dig up hard-to-find items on well-known sites

I can't count the number of times I've bought a cheap computer component from a downright unknown company. Did I order direct? No way—I went to Amazon and looked for a cheap version of say, a Bluetooth adapter, so I knew I was buying from a reputable place that wasn't likely to scam me.

If you're looking for something tricky to find, or a generic item like an adapter, go with a reputable vendor—it's better to pay a buck more than to wind up with a bunch of extra charges on your account.

3. Protect your web browser with extensions, updates

Advertisements, said Menlo Security CTO Kowsik Guruswamy, are one of the major malware risks to internet users. He says you should install an adblocker and use it on unfamiliar or questionable sites to ensure your holiday shopping is safe. He also recommends a transparency extension like Lightbeam, which keeps an eye on who (and what) is tracking you online.

Also be sure to keep your web browser up to date: A security patch may be all that stands between you and disaster.

SEE: Cross-site scripting attacks: A cheat sheet (TechRepublic)

4. Don't sign up for any new loyalty programs, even for a discount

Guruswamy also said that loyalty programs, or sites that want any data outside of what's necessary for a purchase, should be looked at with skepticism. "In many cases they might be selling consumer information to 3rd parties," he said, so be sure you're looking at the site's privacy policy before giving it anything.

If a site has an indemnity policy against things like the theft or selling of personal data—even your credit card number—you're better off shopping elsewhere.

5. Put a web filter between you and the internet

DNS provider Quad9 uses databases of disreputable websites from nearly 20 security vendors to put a filter between your computer and those who want to harm you. If you click a bad link or otherwise try to open a bad webpage, it stops the traffic and tells you what's going on.

It's free, and it's easy to set up. There's no reason not to add this extra layer of security to your holiday shopping.

SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)

6. Get a password manager

Changing your passwords after holiday shopping is a good idea, but what's even better is having a password manager that can make your browsing experience more secure. We've recommended a few good ones here at TechRepublic before: Pick one out and get used to using it.

7. Don't shop on public Wi-Fi

If "avoid unsecured Wi-Fi" is something you hear so often that it's obnoxious, that's because it's an essential tip: Public Wi-Fi is dangerous, especially if you're doing secure business like shopping online.

Unsecured Wi-Fi makes it easy for an attacker to perform a man-in-the-middle attack on you, leading to theft of login credentials, credit card details, and other personal information. If you have to use public Wi-Fi to shop online, make sure it's a network you have to sign in to—that still won't make it as safe as shopping at home, but it will add a bit of security.

8. Always look for HTTPS before shopping online

HTTP is a prefix that all internet users are familiar with, and if you see an "S" on the end of HTTP it means you're securely connected to a website. If the URL of the site you plan to shop on doesn't have an HTTPS prefix, don't shop there.

Google Chrome and other web browsers now flag HTTP websites as insecure, so noticing a lack of HTTPS on sites should be easy to spot.

A lack of HTTPS can indicate that the site you're on is outdated and insecure, or it could indicate that you're on a phishing site that is impersonating a legitimate online store. No matter the possible cause, the solution is to avoid unsecured HTTP connections.

Note: This article was first published in 2017 and updated in 2018.

istock-502524168.jpg
Image: iStock/Makidotvn

Also see

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox