Over the last decade, online shopping has evolved from a novelty to an everyday practice.
From the convenience of being able to shop anywhere to the opportunity of discovering exclusive deals and products from other countries, it’s little wonder we enjoy shopping over the internet.
However, as more consumers are opening their wallets online, fraudsters are also using increasingly devious ways to part consumers with their cash.
Here are four ways to secure and protect your online shopping experiences.
1. Verify the authenticity of the sites you visit
If you’re going to spend money on a website, you’ll definitely want to make sure the website is really who they claim to be.
Start by typing the website or company’s name into a search engine and checking the top results (ignoring ads).
As search engines like Google prioritize sites that have high domain authority (an indication of authenticity), link to and from other legitimate sites, and other factors like domain age, fake sites (which are often quickly set up and not well-optimized) will likely not be listed.
Also, don’t directly type in a URL you saw from an ad or open a link from an email you don’t trust.
Fraudsters often create sites that resemble the real thing but with minor changes to the URL.
If you are even slightly unsure if a link is trustworthy, do a search engine check. You can also check a site’s social media presence or use platforms like Trustpilot to corroborate whether the site is trustworthy.
Next, check the connection type of the website. Most legitimate sites, especially eCommerce ones, will use HTTPS – a secured version of the web’s Hypertext Transfer Protocol.
Although counterfeit sites can also use HTTPS (creating a secured connection between you and the fraudster), most fake sites don’t go to these lengths in the first place.
Finally, review the site’s security status. By clicking on the green padlock icon in the URL bar, you can see whether your connection is secure, what permissions are granted to the site, and who issued the certificate for the site.
2. Manage your cookies
In a nutshell, cookies are key-value pairs used by websites to identify you online. They are sent by web servers and stored on your device, and are used by the server to identify you when you visit a site. While cookies can make account sign-ins simpler and provide a more seamless shopping experience across devices, they can also pose a threat to your online security.
Cookie thefts can occur when an attacker uses a packet sniffer to intercept your communications with a site.
If your cookies are being sent over unsecured HTTP, any sensitive information contained within the cookie can be read or copied.
Worse still, attackers can use cross-site scripting to send cookies to servers that should not be receiving that data.
In these cases, even an HTTPS-encrypted connection would not protect a user from being spoofed of their own cookie.
To defend against these attacks, make sure you do not store any personal or financial-related information in your cookies.
3. Use a VPN
To secure and anonymize your internet connection, consider using a VPN when shopping online.
A virtual private network redirects all of your internet traffic through an encrypted tunnel, so even if a third party tried to read the communications between you and a website, it would see nothing but encrypted text.
When choosing a VPN provider, be sure to look for a trustworthy, premium service. Using a free service would be a big mistake.
Firstly, it’s expensive to maintain top-quality VPN servers. A free VPN may therefore offer unstable connections, weak encryption, or both. Worse, free VPNs may inject ads into your browser or sell your bandwidth for botnets. They might even sell your data (including connection logs and browser history) to third parties, compromising your online privacy.
To meet these problems, consider using a premium, paid VPN. VPN providers like ExpressVPN charge an affordable monthly subscription and invest these funds to maintaining and improving their servers.
In addition to fast connections, these VPN providers also offer a wide range of server locations, allowing you to enjoy price discounts as if you were located in a different country.
Other useful tools include internet kill switches that block internet access if your VPN connection gets interrupted (ensuring your connections are always encrypted) and DNS leak test tools to ensure your DNS queries and web searches remain private to you.
4. Choose a strong password
Last but not least, make sure you’re using a password that can’t be easily hacked or guessed.
By using a longer password comprised of upper and lowercase letters, numbers, and special symbols, you will make it harder for programs to “brute-force” hack your password.
Similarly, by selecting passwords that aren’t overly generic and have nothing to do with your personal information, you’ll prevent human intruders from guessing your password and unlocking your online shopping accounts.
Even if an attacker was to obtain one of your passwords, you can minimize the damage by simply not re-using passwords across different accounts and by using techniques like two-factor authentication, which recommended for protecting email accounts used for online shopping.
Two-factor authentication typically involves sending a verification code or token to another device you own after you try to sign into your account from one device.
To successfully sign into your account, you’ll need to supply the account password and the verification code that was sent to your other device. This way, even if an attacker obtains your password, they wouldn’t be able to sign into your online account without access to the verification code.
You’ll also be notified (by receiving a verification code) if an intruder tried to access your account.
For those who want to take their password security to the next level, use a password manager (like LastPass).
These applications not only help you generate strong, hard-to-crack passwords, but they also help you store all your passwords and only require you to remember one master password.
Once you have a password manager, you will only ever need to remember one password. To come up with a good and memorable password, you might consider using diceware.
To use this method for creating passwords, you will need a physical dice and a diceware list. Roll the dice five times and combine the results into a five-digit number, for example, 61241.
Take your number and look up the corresponding result in the diceware list (e.g. 61241 corresponds to tied). Now, repeat the process 4 more times. You’ll end up with five five-digit numbers (e.g. 61241, 34152, 11634, 26555, and 12643) which combine into one super-password (e.g. tiedinvokeallowgameaura).
Make sure you don’t forget or lose this password!
Summing up –
While it’s important to verify the sites you visit, use a strong password, and omit sensitive information from cookies, they are all applications of one common theme – exercising common sense and not sharing your account information where it’s not needed.
Online shopping will continue to grow in popularity, and as we enjoy its benefits, it’s our responsibility to stay safe and shop smart.