10 Tips For Safe & Secure Shopping Online This Holiday Season

Mark O'Neill 08-12-2015

The Holidays are almost upon us once again. And that can only mean one thing – yep, its time to buy gifts at the last minute again!



But the evil underbelly of the web is lurking, waiting to take advantage of consumers’ generous spending binges. Criminals want your credit card What Are Smart Credit Cards, And How Do They Work? Are you tired of juggling half a dozen credit and debit cards in your wallet? I know I am. Read More details, your cash, your identity, your unborn child, your soul. And they will go to any lengths, including “smishing” you. Smishing is apparently sending a SMS version of a phishing scam, getting you to click on a fake link; even your phones are under attack.

Here are 10 ways to protect yourself and make sure you are the top dog when ordering online this holiday season.

Use a Familiar & Trusted Website


The first rule of ordering online is to try to confine yourself to trusted websites. This can be Amazon Secrets Of The Amazon: 7 Useful Amazon Tips & Tricks Amazon is, without a doubt, one of the best and most popular places to shop online. It’s got there due to awesome features like Amazon Prime, Super Saver Shipping, the Wish List browser extension, the... Read More , eBay 10 eBay Scams to Be Aware Of Being scammed sucks, especially on eBay. Here are the most common eBay scams you need to know about, and how to avoid them. Read More , Etsy Etsy - An Alternative To eBay For Handmade Products Read More , Target Target Is Replacing Human Workers With Robots Not long ago, Target announced plans to experiment with replacing human workers with automated robots. It sounds ominous, but is it something we should actually fear? Read More , Walmart, basically the big names online. The ones with big serious reputations to protect, and who would go out of their way to ensure a seamless online shopping experience for their customers.


I realize this does a huge disservice to the smaller sellers trying to make a living, which is why, if you choose to order from, you need to use the following protections.


It was not that long ago that I highlighted the benefits of using HTTPS. 10 Great Security Tools You Should Be Using You can never be too careful out there in the wild west that we like to call the Internet, so using free and low cost security tools is a good idea. The following are recommended. Read More This is a secure web protocol which, instead of, is

What does this mean? It means that HTTPS What Is HTTPS & How To Enable Secure Connections Per Default Security concerns are spreading far and wide and have reached the forefront of most everybody's mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by... Read More encrypts your visits to websites (ones that support the HTTPS protocol). And more importantly, it encrypts your payment details from your end to the seller’s end, ensuring that the details are not intercepted en route. This is hugely important for when you are handing over your credit card number to an unknown online merchant. You want to feel confident that there isn’t any way for those details to be stolen.



Just look for the padlock next to the web address. This means the site is secure and encrypted. No padlock? Then I would seriously rethink buying there. Or use PayPal. They have buyer protection in case of difficulties. More on that later in the article.

Don’t Go to Starbucks & Do All Your Ordering


The previous section blends nicely into this one. Unsecured hotspots How To Combat WiFi Security Risks When Connecting To A Public Network As many people now know, connecting to a public, unsecured wireless network can have serious risks. It’s known that doing this can provide an opening for all manner of data theft, particularly passwords and private... Read More are a big no-no if you are not using HTTPS. If you go to Starbucks for your tall half-skinny half-1 percent extra hot split quad shot (two shots decaf, two shots regular) latte with whip (that’s a real order by the way), then you may be tempted to whip out the ol’ smartphone and take advantage of the free Wi-Fi. This would be a really bad idea if you are just using HTTP.

If you are just browsing the sports scores while sipping your latte, then OK fine. But if you are entering email login details, customer account login details, online banking PIN’s, credit card numbers with the secret CVV number on the back What To Do If You’re A Victim Of Online Credit Card Fraud Read More , anything official and sensitive – don’t use Starbucks (or any unsecured hotspot for that matter). Use the network provided by your cellphone company or wait until you get home and use your own Internet. If you decide to use an unsecured hotspot, then HTTPS and a Virtual Private Network The Best VPN Services We've compiled a list of what we consider to be the best Virtual Private Network (VPN) service providers, grouped by premium, free, and torrent-friendly. Read More are essential.


Use a Difficult Password

I know, I know. I keep banging on about using difficult passwords The Paranoid Conspiracy-Theorist's Guide To Online Privacy & Security Can you stay anonymous online? With not too much and the use of easy to use web-based encryption, security and privacy tools, we believe you can. Let us show you how. Read More , but it bears repeating. When buying this holiday season, you are going to be making lots of customer accounts, to put in your orders. Those accounts need a password to protect all of the sensitive information you will be putting in there. Information that an identity thief can use.

Your address. Your cellphone number. Your credit card number, the card’s CVV number (the three digits on the back of the card that authenticates it), card expiry date, card’s billing address….you see what I am driving at? This stuff must be protected at all costs, otherwise someone impersonating you will be calling up your credit card company, and your bank to change the address, the password, the PIN number…..


We have previously shown you How to Generate Strong Passwords That Match Your Personality Without a strong password you could quickly find yourself on the receiving end of a cyber-crime. One way to create a memorable password could be to match it to your personality. Read More lots of ways The 5 Best Online Password Generators for Strong Random Passwords Looking for a way to quickly create an unbreakable password? Try one of these online password generators. Read More to generate 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More strong passwords. Personally, I use KeePass 10 Great Security Tools You Should Be Using You can never be too careful out there in the wild west that we like to call the Internet, so using free and low cost security tools is a good idea. The following are recommended. Read More to store all of my passwords, and that includes a password generator. Just specify the length of the password, which characters you want in it, and click the Generate button. You’ll get the password, as well as an indicator of its strength, displayed in “bits”.



Wolfram Alpha also generates passwords on the fly. Simply tell it what you want. So “generate a 25 character password” (for example). You will then get the password, and even an extra 6, in case you don’t like the first one.

Use 2 Factor Authentication


For those who are still resisting switching on 2 Factor Authentication Lock Down These Services Now With Two-Factor Authentication Two-factor authentication is the smart way to protect your online accounts. Let's take a look at few of the services you can lock-down with better security. Read More (hereafter referred to as 2FA), my question would be “in God’s name, why?”. Yes it’s a pain in the ass having to log in twice, but it makes it extremely difficult, perhaps even impossible, for intruders to break into an online account if 2FA is enabled.

Not all sites support it though. This enormously helpful site tells you if your preferred sites use 2FA or not.

For those of you not in the know, what is 2FA? Consider this analogy. A burglar is trying to break into a house, and after much effort at picking the lock (the account password), he succeeds. But his triumph is short-lived when he opens the door and sees a keypad on the wall in front of him. The keypad demands a code, in order for the person to pass, otherwise forget it buster. That keypad demanding a code is 2FA.

After putting in your password, your temporary 2FA code (it’s generally only available for approximately 30 seconds) comes via either a SMS message on your phone, or via a smartphone authenticator app. The most widely used one is one made by Google, called Authenticator, as well as another called Authy. Type in the 6 digits it gives you, and you are in.

Many banks and big shop chains have 2FA for their online customer accounts. When shopping this holidays, PLEASE switch on 2FA. Otherwise you run the risk of your account being hacked, and your credit card details out there “in the wild” Target Confirms Up To 40 Million US Customers Credit Cards Potentially Hacked Target has just confirmed that a hack could have compromised the credit card information for up to 40 million customers that have shopped in its US stores between November 27th and December 15th of 2013. Read More .

Choose Your Payment Information Wisely


When it comes time to go to the checkout to pay, you need to give serious thought as to how you want to pay. If it is a big name merchant – Amazon, Barnes & Noble, Walmart, etc – then you can quite safely give them your card details. But the smaller sites….I would recommend going with Paypal.

A couple of months back, I had a HUGE dispute with a company in China who sent my wife a sub-standard knockoff of a product. They refused to refund the money, but then I filed a payment dispute with PayPal through their Buyer Protection Program. I had paid with PayPal, so I was automatically covered. PayPal diligently took my side of the story, took the company’s side of the story, and rapidly came to the conclusion that I was in the right. They immediately initiated a refund, and I got my money back within 2 business days.

So the moral of this story is – if you see a PayPal logo on the checkout page, USE IT! I know some people hate PayPal with a passion, but it has never let me down personally. Until it does, I will continue recommending it.

Credit card companies themselves obviously investigate clear cases of fraud, and will initiate chargebacks if necessary. But I have been through the PayPal process, and the credit card process in the past. To me, PayPal has seemed much faster and much more efficient.

Don’t Be So Forthcoming With Your Information


The other day, I bought a Christmas item online and it asked me the following question :

“How old are you? Letting us know your age helps us personalize your online experience”.

I’m sure you’ve seen this chestnut before. They want to know everything there is to know about you, including age, occupation, race, and what color of underpants you have on today. When I go to my local computer store, the checkout operator asks me for my zip code. When I refuse to give it to her, she throws a tizz. So I give her a zip code from hundreds of miles away, and she wonders why I came all the way from Hamburg for a USB stick.

Companies are obviously doing this to make profiles of their customers. Profiles that they can then sell on to marketing companies, who’ll sell it on to others…..suddenly that embarrassing purchase that you thought was private, comes back to bite you in the ass when you start receiving “targeted ads”

The Golden Rule here is to give companies the minimal amount of information necessary. If they ask for a phone number, give them your cellphone number. If they ask for that underwear color, tell them you’re not wearing any today.

Be Careful With The Mobile Device!

According to countless studies, mobile devices are taking over the world. People are eschewing the traditional desktop computer, and instead gravitating towards mobile devices, including phones and tablets.

Everyone can see this trend, including criminals. This means they are rapidly modifying their scams to adapt to the mobile device landscape. I mentioned at the start of the article about smishing. Well, there are others you need to worry about, apart from a dodgy looking text message. That phone knows everything about you, which makes it a target-rich environment.

Malicious apps are on the increase, which take more permissions than are needed, when you install them. Do you honestly look and think about it when the app tells you what information it’s taking?


Obviously Google is vastly different than your average underworld thief making his own malware app. I just used the Gmail example as this was the first one which came to hand. But as you can see, each app lays out exactly what they will be looking at – and the vast majority of people click the “Accept” button without even thinking about it.

Another example are QR codes What Are QR Codes? Digitize Your World & Back Again Read More . I like QR codes. I have one on my business cards. They are easy to make and you can fit a lot of information inside one. But therein lies the problem. Unsavoury individuals are inserting malware links into QR codes, and when people scan them with their phones, suddenly they have got the malware. So be very wary about what QR codes you scan when out shopping.

Run Regular Anti-Virus & Anti-Malware Scans

Viruses from crooks can come in a variety of forms. Email phishing What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More is a highly popular one, getting the customer to click on an infected link, so that their computer can become a botnet and join the Borg Collective.


On a regular basis (say, every couple of days), run an anti-virus and anti-malware scan. I looked at some good security tools recently, and people started emailing me, scolding me for not including Avira. I’ve since tried it out and I have to admit it has me thinking about ditching AVG finally AVG Free Is Selling User Data, Moot Sells 4Chan...[Tech News Digest] AVG's free version is funded by selling user data, 4chan is sold to 2chan's founder, a crippling Chrome bug is turned into a game, Apple updates WatchOS, and watching every show. Read More . Plus Avira is German, so I have to support the locals.

Also, run MalwareBytes AND Spybot Search & Destroy. Each one tends to overlook at least one thing that the other manages to find. Don’t ask me why that happens.

Be Extra Cautious When Going To Collect In Person From Private Sellers


Finally, be extremely careful when going to pick up something from a seller in person. You might think you are smart saving those shipping fees from that Craigslist poster. But what if the “seller” happens to be an uncontrollable psychopath off his meds?

Just practise some common sense. Don’t get into a stranger’s vehicle. Don’t meet at their home or any dark alleyways. Instead, meet in a very public place, such as a shopping mall. Or a Burger King. Always tell a friend where you are going and when you are going. And ask them to check later to see if you got back OK.

To paraphrase Donald Trump, some sellers are criminals, but I’m sure the rest are good people. But you never know if you will be unlucky enough to draw the short straw and get the loonie.

What Do YOU Do To Stay Safe Online While Shopping?

I know what is going to happen now. You are all going to march to the comments section and accuse me of being paranoid. But seriously, what’s better? Being on hold to your credit card company on Christmas Day, or eating cake? I know which one I would prefer.

Image Credits:Internet Theft by David Evison via Shutterstock

Related topics: Christmas, Online Security, Online Shopping.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Matus
    December 9, 2015 at 4:14 pm

    As KeePass is mentioned for creating complicated passwords, its also useful to combine it with other tools and automate the login process. Or just to use the built in autotype function. (Default CTRL + ALT + A)