Online shopping has made holiday gift buying almost stupidly easy, but as convenient as it is, it’s also a lot easier for hackers and scammers to phish your financial data if you aren’t being careful.
Phishing scams have been around since the earliest days of the internet, but a recent report published by data security firm Venafi notes that fake websites are on the rise. These sites, pretending to be popular retailers like Amazon, Walmart, even outnumber the real ones (go figure). Venafi’s figures get even more alarming if you factor in pages masquerading as social media sites, banks, email services, and other web apps.
Since we’re a few weeks from Black Friday and Cyber Monday sales, it’s important to take a few moments to review a few preventative measures that can keep keep you, your money, and your personal data safe while shopping online:
Make sure the URL is safe
For example, URLs in most browsers display a locked padlock, or say “Safe” or “secure,” in your address bar when a website is encrypted and your connection hasn’t been intercepted. Some browsers will also give a warning and prevent you from accessing unsafe websites in the first place.
Check URL accuracy
Even if a website looks like the real thing and your browser loads it without any warnings and says it’s secure, there’s still a chance it’s not the real thing. Read the URL carefully to spot any tricks, such as misspelled words, extra numbers or letters, or unusual domains. For example, Amazon should simply be “amazon.com,” with no extra numbers or anything added in. If it’s “amazon.com.xyz,” it’s not Amazon.com.
Use a browser with DNS over HTTPS (DoH)
… such as Chrome or Firefox, and enable it if necessary. DoH is a more secure and anonymized way to access websites. You can also use a third-party DoH service like Cloudflare.
Don’t click on suspicious email links or attachments
Better yet, just ignore suspicious emails altogether.
Bookmark the real website and/or login pages
Make sure you only access these pages via your bookmark links and never login using unknown links.
Use a password manager
This will not only protect your login data, but it will also make it easy to spot fake login pages since your password manager, if set up correctly, will only recognize the real thing. We have plenty of recommendations if you need one, many of which work on mobile as well as desktop browsers.
Use the official mobile apps for online stores/services
If you’re on mobile, find the company’s app instead of accessing them from a mobile browser. (In instances where a website doesn’t have an app, be sure to check for fake URL bars on a browser like Chrome).