shopping onlineAmazon Prime Day has long passed, but a lot of consumers are still shopping online for deals, especially now that the back-to-school season is in full-swing and the holidays are right around the corner. Last year, 79% of Americans — that’s eight-in-ten people — made at least one online purchase, according to a survey by the Pew Research Center. The appeal of online shopping definitely makes sense – with the click of a button, a whole universe of items can be delivered to your doorstep, and smartphones make things even easier because you can shop online right from the palm of your hand. But there lies a danger behind this convenience, as scammers and hackers lurk the Internet, waiting for the perfect opportunity to dupe victims. With so many shoppers online, there are lots of opportunities for fraudsters to try their luck. Thankfully, practicing good online habits can keep us safe from scammers. Continue reading below to learn about the steps you should take in order to protect yourself while shopping online.

Safety starts with good cybersecurity

Good cybersecurity habits are the cornerstone of staying safe on the Internet; this is especially true when shopping online. Here are just a few of the things you should keep in mind before clicking checkout:

1. Only conduct transactions on HTTPS encrypted sites. Using HTTPS is probably one of the most common pieces of advice we give, and for good reason – activity over HTTPS is encrypted while in transit between a website’s servers and your computer. This makes it unreadable to anyone who isn’t already looking over your shoulder. As you can imagine, something like this is indispensable for protecting yourself on websites where you have to manage money, make payments or share important pieces of personal information (like your mailing address or phone number). If the site you’re on has HTTPS enabled, you should not only notice HTTPS at the beginning of the URL, but also see a padlock in the left corner of your address bar or some sort of green coloring — or both. For additional peace of mind, you should know that some sites use what’s known as EV SSL. Unlike HTTPS – which uses plain old SSL – EV, or Extended Validation, includes additional assurance that the website you’re visiting belongs to whomever is claiming the site. EV is usually present whenever the address bar contains the name of the organization, bank or company which owns the site. Not all online stores and financial institutions use EV, but you should note the ones that do, so you’ll be aware of any scammers who try to impersonate these brands and send you to a phony version of the site.

2. Use two-factor authentication and account alerts. Two-factor authentication (2FA) is a feature that prohibits access to your account without both your password and a security code, which acts as a second login factor. The security code is usually sent to an account or device that only you have access to, like your email address or phone. It’s usually best to only use 2FA with your phone, as it’s less likely that your entire phone will be compromised – at least when compared to the hackabilty of a single email account. If your preferred shopping site does not offer 2FA, you’ll want to at least set up some kind of account alerts that will let you know when something is changed on your account (e.g., your payment information or shipping address changes). Most online shops, especially big-name stores, have such features, but if you’re unsure, you can always contact customer service or the site owner to see what your options are.

3. Shop on dedicated devices and avoid public Wi-Fi. The Internet is dangerous, partly because of scammers and harassers, but silent and passive threats such as malware also exist. For this reason, you should consider having dedicated devices for certain types of activities. For example, activities involving your credit card and personal information, like banking or shopping, should be done on a separate computer or device, such as a phone or tablet, that only you or other responsible individuals, such as your family members, have access to. It doesn’t need to be the latest and greatest system, just something that can handle these basic tasks. Equally as important is the network you’re using. Shopping at home using a password-protected Wi-Fi network is always your best bet, but if you’re ever out on the town and wanting to make an online purchase, make sure you’re not connecting to public Wi-Fi, as you never be sure the network is completely secure.

4. Don’t store payment data. These days, it seems like we hear about a new data breach every week. With that in mind, storing your credit or debit card number might not be worth the convenience of a quick and easy checkout. Although these systems are likely safe, since consumers can’t see the back end of any sites they visit, it might just be safer to assume that all payment-storage systems can be compromised. Additionally, storing credit card information makes it too easy for other family members, kids especially, to rack up accidental charges or commit familiar fraud.

5. Beware of fake emails. Scammers often use phishing emails as a way to lure users into falling for their scheme. Generally, these emails target users who have made purchases recently, claiming to be from the website or seller they made the purchase from. The email text often has strange demands, like requests to wire missing payment, requests to log in from a link or others requiring users to provide personal information or money. If you see emails making such requests, it’s better to just contact the customer service for the company that the email claims to be from by phone rather than respond to the email directly.

6. Entire websites can be faked too. Scammers know that humans make mistakes. That’s why they typosquat or buy domains that are misspellings of popular sites (like Wikapedia vs Wikipedia). Often, these misspelled sites are designed to look like their real counterparts, down to the background color and footer. While some of these sites are simply novelty sites or rip-offs, more often than not, they’re designed to fool users into giving up personal or payment information. As such, you’ll want to be sure that you always type in the URL of an address you want to go to, and if you ever find yourself confused about the legitimacy of a website, use a service like WHOIS to verify who owns the website you’re using.

How you pay is also important

Do you have a preferred payment option when you shop online? Not all payment options are created equal, so you should have some understanding of how your payment choice will affect you in the instance of a breach or fraud. For example, credit cards allow you to reverse charges if there’s a dispute with a vendor, and they also provide you with protection against misuse of your card. Debit cards, on the other hand, provide consumers with very little protection in comparison. Third-party payment services like PayPal are becoming a more favorable option for many consumers because they allow them to fund digital accounts with their banking or credit card information. Paying with a third-party service will shield your credit card, bank account or debit card information from being seen, but you should know that connecting your information isn’t always the best idea. Additionally, these services have their own rules regarding refunds and payment cancellations, so it’s important to understand what these might be before committing to anything.

Pay attention to the site’s privacy and refund policies

Every website has a terms of service, where it indicates how it uses consumer data and how it processes refunds. While you don’t expect anything to go poorly, knowing what recourse you have should something go wrong is important. This is especially true of sites like Amazon and eBay. While both are reputable sites, they allow third-party sellers who might provide things cheaply but skimp on quality or fail to provide the product at all. Ultimately, understanding the site’s policies and should serve you well if you wish to shop safely and securely online.

For more information about keeping safe while online, keep reading our technology blog, which discusses all the ways scammers target consumers and how consumers can combat such scams.