Shopping online this holiday season could leave you with your identity stolen, or at least an expensive surprise when a thief charges a ticket to Fiji on your credit card. Swearing off online shopping isn’t necessary, though. You just need some simple steps to protect yourself from online fraud, which ticks up this time of year as more people shop.
1. Strong passwords and phrases
Using a hack-free password may sound elementary. Many people, however, continue to use passwords that are too easy for attackers to figure out. To make a strong password, use some special characters, numbers or, better yet, a phrase. Phrases like “Iamthegr8est” are harder for a dictionary attack to break. Also, using different passwords for different sites is never a bad idea. So don’t leave all of your accounts open to a single password.
2. Beware of free Wi-Fi
Sometimes you’re sitting in the coffee shop, and you think, “Now would be a good time to get that gift for someone.” Don’t do it. Unsecured Wi-Fi networks are vulnerable to people listening in. A fraudster can just let his or her computer gather up all the data flying around the room, and sort out the usernames and passwords later. If you’re going to shop online, do it from a password-protected network. “A lot of people connect to Wi-Fi and don’t think anything of it,” Hanson said. “Every single thing that you type is vulnerable.”
3. Don’t be phish bait
Sometimes an email can look like it’s from a trusted company or bank. Many people don’t check before they click the links, or they send back whatever information the institution asks for without first requesting more detail, said Hanson. “Sometimes you get an email that says ‘we’d like to expedite something, click here.” Remember that emails from major retailers or banks never ask for personal information or passwords. And when in doubt, call.
4. False friends
Scammers often take advantage of the clumsy typing skills of the average person, or the fact that few people pay close attention to the Web address of a site they are shopping on. For example, Amazon’s Amazon Payments site is hosted only on certain domains — and no others. If you see an email or are directed to a website where the Web address looks close, but doesn’t match, then it’s likely a fraud, and your information could be at risk.
5. Look for the lock
On browsers such as Firefox and Safari, there’s a small lock icon next to the site address, and the “https” on the address bar. The lock shows whether the connection to the site is encrypted. If you don’t see the lock, it’s probably not a good idea to send any credit card information over that link.
6. Credit cards, not debit cards
Sometimes it may seem like a good idea to use a debit card, because the money comes right out of an account and keeps you honest —no running up huge debts. However, credit and debit cards have different rules. Generally, it’s easier to get your money back (called a charge-back) from a credit card if you get scammed and a thief uses the card. It tends to be harder to do the same on debit cards, if they offer such protection at all. Use gift cards. That way, you need not enter your personal information on a site, and you know that there’s a preset amount of money on the card. “Most of the time, we think of them as gifts for other people,” he said. “But they are really good for this.”
7. Check your statements
Checking your bank statements more often is never a bad idea, but doing so during the shopping season is even more important. That way, it’s easier to spot transactions that aren’t yours. Even better, sign up for the alerts that the credit card company will send, either by email or to your phone, whenever a purchase is made. This is a good way to guard against the fraud that happens when thieves buy blocks of credit card numbers online, because the only way to know if yours is among them is when it is used. This way you’d know when that happens and can call the credit card issuer right away.