News Ticker

Tips for Secure Online Holiday Shopping

by Larry Magid
This post fist appeared in the San Jose Mercury News

By all accounts, the online holiday sales season got off to a good start. Tracking companies reported big increases for this year’s Thanksgiving weekend and Cyber Monday, including a 70 percent increase in shopping from mobile devices.

Of course, Thanksgiving weekend and Cyber Monday are just the opening rounds of holiday online shopping. I got several pitches last week for “cyber week” sales. I’m fully expecting to see ads for “cyber month,” because the holiday shopping season doesn’t actually end on December 25th. Many online and offline stores offer after-Christmas sales. Clearly we have a lot of online shopping ahead of us.

One of the biggest obstacles to online shopping is the fear of fraud or a security scam. Although longtime Internet users may already know how to protect themselves, we’re seeing a lot of new people shopping online this year as Internet use become ubiquitous. And most of us are new to shopping from mobile devices. They too have security risks.

While security is an issue, it’s important not to overblow the fear. If you shop in physical stores you run the risk of getting into an accident on the way, having your car dinged in the parking lot or having your pocket or purse picked. There is even a risk of in-store credit card fraud, where a clerk copies down all your information. These risks are low, but so are the risks of online shopping. Most of us don’t encounter fraud, identity theft or merchandise that never shows up.

The most important thing you can do is to be sure you’re dealing with a reputable site. Even if it looks like a merchant you know, take a careful look at the site’s web address (URL). If it’s Sears, for example, make sure it’s really Sears.com and not something like Sears.somethingelse.com.

That’s especially important if you’re clicking on a link that comes by email. Phishing attacks that take you to fake look-alike sites are getting increasingly sophisticated. I try to avoid clicking on links in email and just type in the site’s URL. Also be careful about misspellings. It’s not uncommon for scammers to register a site with a slight variation of a legitimate site’s name.

Even if the site isn’t a fraud, it may still be somewhat unreputable. I once bought a camera online at a price that was “too good to be true.” The camera did arrive but without a battery, battery charger or manual. By the time I bought the required accessories, I wound up spending more than if I had bought it at Amazon.com.

If you’re not familiar with a site, look at it carefully. Read the “about us” section to look for a street address and phone number. Give them a call if you feel a need for a bit of human contact with them and by all means look them up on a search engine. Sometimes I’ll type in the merchant’s name in Google followed by “scam” to see what comes up. I don’t necessarily take all reports literally — even reputable merchants will get some complaints — but I look to see how many there are and where they are coming from.

You should always use a payment method that gives you some recourse. Credit cards are best because, if you have a complaint, you can ask the credit card company to investigate and it will remove the charge until it determines if it’s fraudulent. You also have protections with debit cards, but since they take the money out of your account immediately, you have to ask that it be put back. PayPal also offers some protections against fraud.

You might want to avoid shopping or banking from public Wi-Fi networks, especially ones that aren’t secured with a password. Even if it is password protected, there is the chance that someone could “sniff” what you’re doing on the public network.

Finally, make sure your device is secure. And notice that I said “device,” not PC. Many of us are using security or “anti-virus” software on our PCs and heeding advice to keep our operating systems and software up-to-date. But most people don’t pay much attention to smartphone security.

As smartphone shopping and banking increases, cyber criminals are turning their attention to mobile. Be very careful about the apps you download — some have been known to contain malware that can steal your information. Only download from trusted sources like the Apple App store or Google Play and read the reviews in those stores if you’re not familiar with the app. The major security software companies like Norton, Trend Micro and McAfee offer mobile software, as does Lookout.com, which has both a free and premium app to protect iPhone and Android phones.