Steve Weisman is a lawyer, college professor, author and one of the country’s leading experts in cybersecurity, identity theft and scams. See Steve’s other Con Watch articles.
Online shopping is expected to be bigger than ever during this upcoming holiday season. RetailMeNot predicted a 47 percent increase in consumer spending from last year for the Black Friday weekend. Unfortunately, online shopping is also popular with scammers and cybercriminals who set traps for unwary shoppers.
Here are 7 tips for avoiding online shopping scams and lowering your risk of identity theft.
1. Be on the lookout for fake websites. Scammers are adept at constructing phony websites to sell shoddy or even nonexistent items. Often, in an effort to trick you into trusting them, these websites appear to be from legitimate retailers. Here are some tips to help you avoid the fakes:
- Be wary if the price for a high-demand product looks too good to be true. As always, if it looks too good to be true, it probably is.
- Watch for spelling and grammar mistakes on the website. Many of these phony websites are set up by scammers whose primary language is not English.
- Go to www.resellerratings.com to investigate whether a retail website is legitimate. The site offers reviews about particular merchants. If the retailer’s website is not listed or has bad reviews, you should avoid it.
- Confirm that a website is really that of a major retailer by visiting www.whois.com/whois/, which shows the actual owner of the website. If it doesn’t match who it should be, you know not to trust the website.
2. Look for https. Never provide credit card or other sensitive information on a website unless the domain name begins with https. The extra s at the end of http stands for secure and means that your data is being encrypted when it is being transmitted.
3. Use a credit card — not a debit card — for online shopping. The laws pertaining to fraudulent use of your credit card limit your personal liability to no more than $50, and most credit card companies won’t charge you anything for fraudulent use. However, if your debit card has been compromised by an identity thief, you can lose the entire bank account tied to the card if you do not report the crime promptly. Even If you do report the theft of your debit card promptly, your access to your bank account will be frozen while the bank investigates the crime. Note that while the newer EMV chip credit cards have reduced much retail credit card fraud, the chip doesn’t provide any additional benefit when shopping online.
4. Don’t leave your credit card on file with an online retailer. Although it may be convenient to leave your credit card number on file where you regularly shop, doing so puts you in danger of credit card fraud and identity theft if there is a data breach. If you do not choose to keep your credit card number on file with the online retailer, they are not allowed to store it.
5. Consider using a temporary credit card number for online shopping. Purchases will be charged to your regular credit card number, but even if the temporary number falls into the hands of an identity thief, it cannot be used to access your credit card. You can get a temporary card number from your credit card issuer. A potential drawback to using a temporary credit card number is that using one can make returning goods or getting a refund on a purchase more difficult later when you may have to confirm your credit card number.
6. Don’t use public Wi-Fi to shop. The ease with which public Wi-Fi may be hacked was shown in 2015 when, as part of an experiment, a 7-year-old girl needed only 10 minutes and 54 seconds to hack into a public Wi-Fi system. If you do use public Wi-Fi, be sure to take the following precautions:
- Equip your computer, laptop, tablet, or smartphone with security software.
- Keep your security software updated with the latest security patches.
- Turn off sharing in your device settings.
- Consider using encryption software so that your communications are encoded.
- Consider using a Virtual Private Network (VPN), which enables you to send communications through a separate private network while you are on a public network.
7. Don’t click on links in unsolicited emails. The links in these emails or text messages may be tainted with malware that will steal the personal information from your computer or phone and use it to make you a victim of identity theft. The best course of action if you receive such an email or text message that interests you is to go directly to the retailer’s website. If the offer is legitimate, you will find it there.