How to: Online Shopping With Confidence

These days, online shopping is becoming more often than not the go-to method for shopping for virtually anything.

Not only is it convenient that you can shop right from the comfort of your couch, but you can look up the best options around the world for whatever you’re interested in, just to make sure you’re getting the best price.

Of course, you also get to skip the crowds and long lines if you’re shopping during the holiday season.

Even though shopping online is getting much more common-place, it’s important not to get too comfortable.

There is a lot more personal and financial information involved when you’re shopping as opposed to when you’re only browsing the news, for example.

So, what should you do when shopping to ensure you’re doing it safely?

Don’t shop on public WiFi

I know it’s tempting to get a bit of shopping done while you have a few minutes of free WiFi while you’re sipping on your morning coffee at the coffee shop, however, this could put you at risk.

It’s easy for others to snoop on your traffic, capture your credit card number and even your passwords. Even if you think you’re using a secure connection.

Don’t shop on insecure websites

Any time you’re entering a credit card number or any other sensitive information, it’s always good to ensure you’re sending it over a secure connection. That way, anyone who is snooping on you can’t actually see the information you’re sending.

How do you do that? By first checking in the address bar (that’s the box you enter the website address you want to go to) that https:// comes before the address of the site you’re visiting.

Second check if there is a green lock to the left of the address bar or near the bottom of your browser (the actual placement depends on your browser).

Thirdly – and this is an important step – ensure that the whole website URL after the https:// is exactly what you are expecting, and it isn’t misspelled. It’s become much easier for people to register dubious domain names that look like the original but are in fact fake website and have them be legitimately secure.

Keep an eye out for scams

if the deal seems too good to be true, it probably is.

There are always a large number of scam sites out there, and they seem to always intensify around major shopping holidays around the world.

Don’t “save your info for later”

If the website you are shopping on gives you the option to save your credit card number or other personal information for later, it might be best to decline.

Why? Because this means the website has your information on file. If they happen to be breached for whatever reason, there is a good chance your credit card number or other information could be compromised as well.

This can become quite an inconvenient. Especially if you don’t find out about the breach for a while.

Watch your email

During all of the big shopping seasons, spammers like to take advantage and send malicious emails and texts that appear to be coming from somewhere you may have made a purchase in order to steal your information or infect your machine.

Be smart and if there is any doubt about the email or text, don’t trust it and go directly to the real website instead.

Also, if the email you received is from a website you normally buy things from, consider whether this is a normal email you’d expect from them. If not, it might be a scam.

For more tips on detecting phishing, click here

Stick to the familiar spots

Just like other industries, the online retailing industry isn’t immune to phishing websites being set up to lure you into providing your personal information. Stick to shopping on websites you know are reputable and can trust.

This trust also goes farther than just being confident that they’ll deliver you the product you purchased.
Check their terms of service and privacy policy to see if they are also selling or aggregating your personal information after your purchase.

If you want to branch out, check them out

If you must use a new shopping website before you make a purchase or hand over any information be sure to check out the website and company.

Find ratings and reviews that you know you can trust. Do other people like them? Are there any reputable reviews who did receive what they ordered? How was their experience?

Do they have terms of service, privacy and return policies? Check if these raise any red flags.

All in all, online shopping can save you tons of time and even provide more selection and variety. However, there are those out there who would like nothing more than to take advantage of your comfort with shopping online to con you into handing over your hard earned money or your personal information.

That shouldn’t cause any stress, though. With a little due diligence and by being careful with how and where you shop, you can shop with the confidence that not only did you get a great deal, but you did it while protecting your information and your wallet.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!

Email Looking a Little Phishy? 7 Things To Look For..

You might be wondering,

“Where the heck did this guy learn English?! He can’t even spell fish right! And what does that have to do with online security?”

It has a lot to do with it, actually.

No, I didn’t mis-spell “Fishing” in the title.

“Phishing” starting with the P-H instead of an “F” is when a spammer, impersonating another person or an organization sends emails to people maliciously, in an attempt to trick them into doing things like:

  • Hand over usernames, passwords, banking details, or other information
  • download malicious files or viruses,
  • pay or transfer money through fake invoices, fake ransom requests, etc.

 

If the name sounds funny, thats because it is! It’s meant to be a play on the fact that spammers are trying to lure you in just like a fish so you’ll give them what they want.

Just like how you’d lure a fish into biting down on the hook you’re dangling in the water, a phishing email is meant to get you on a spammers hook.

To convince you that you really do have to give them your bank information, or enter your username and password.

But these types of attacks are really nothing to joke about.

They try to not only look as legitimate as they can, but also instill fear, curiosity and play on our desire to do the right thing.

The scary part is, these types of emails aren’t always that easy to detect! Spammers like to craft their emails to impersonate popular online services and brands to get you to enter in your usernames or passwords and banking details.

So, how do you detect a phishing email? Here are 7 characteristics you can check for. These aren’t exhaustive, as spammers are always trying to change up their methods, but they are a good starting point.

 

Fact Check

Is this a company you actually do business with? Is this someone who you normally receive this type of email from? Did you actually order something for which you are expecting a confirmation?

If the email seems like its completely out of the blue, it very well might be.

 

The “From:” address

Check the from address carefully. Spammers often try to register domain names that look very similar to the organization they’re impersonating. Others will make the name look credible, but the email address its coming from will be something different.

Ask yourself: does it make sense that I’d receive an email from this address? Have I received email from this address before?

 

Bad grammar and spelling

If the email is full of bad grammar and spelling, then this should be a red flag. Any email that comes from a corporate business will sound professional, and will have been checked for grammar and spelling multiple times before being sent out.

Also, now many corporations have either removed salutations altogether, or will greet you in a manner consistent with your region and with your proper name.

If your email starts with “Salutations user” and you don’t know anyone who would say that or “hello first [email protected]” or “Dear Member” this should be a red flag.

 

A weird link

Phishing emails commonly include a link of some kind. They want to get you to go to another page and enter your details, such as usernames and passwords.

If there is such a link in the email, hover your cursor over it but don’t click it!

This will show you the actual URL. If the URL displayed in the email is different than the URL that pops up when you hover your cursor over the link, its probably a phishing email.

In addition, if the URL that pops up doesn’t look quite right, like its a misspelling of the legitimate domain name, it is completely unrecognizable, or the real domain name looks like part of another domain name such as: realDomain.com.someOtherDomain.com, then its probably a phishing email.

 

A sense of immediate urgency

Spammers don’t want to wait around. Part of their game is the sense of urgency. They want you to act without thinking and feel like there is no time to do anything but to do as they ask.

Sometimes they’ll build this sense of urgency by saying that “Your account is going to be suspended” or “your free gift is going to expire” or “the authorities will be contacted”, or other threatening language.

Don’t fall for this game. Take a moment to think if the threat is practical.

In addition, most government agencies don’t use email as their first means of contacting you.

 

It sounds too good to be true

Did you win the lottery, but didn’t buy a ticket? How about a long-lost relative that you’ve never heard of wants to give you millions of dollars? Maybe that new smartphone you wanted is now 99% off?

If it sounds like it might be too good to be true, it probably is.

 

Trust your gut

If all else fails, and you’re not too sure, or if it just feels “off”, Don’t open the email, click on any links or open any attachments.

What do I do if I get an email that doesn’t seem right?

Check with the person or company who supposedly sent it if they actually did send it.

If its a company, call their customer service line or get to their website the way you normally do, and ask if the email you received was legitimate.

If its a person, call them on the phone or in another manner that you can verify you’re actually talking to them and not someone attempting to impersonate them.

But, don’t try to verify the email via a reply email.

If the attacker already has access to their inbox, it’s really easy for them to reply with “yes, of course it’s me!”.

 

This Week’s Challenge

This week’s challenge is to think about these characteristics and the emails you’ve received lately and see if these characteristics apply. Can you find any that stand out as phishing emails?

 

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!