Safer cyber shopping

Statistics show that shoppers are purchasing online at least once a month and surfing weekly for deals. It’s clear many of us are comfortable shopping online, but maybe we’re a little too comfortable.

Cybercriminals are more sophisticated than ever, tricking consumers into shopping at fake stores or opening phishing emails that unleash viruses or worse – capture personal and financial information. Here’s how to stay safe and keep your information secure while enjoying your online shopping experience.

Trust your instincts

If the deal seems too good to be true, it probably is. If your checkout experience gives you a bad feeling, that feeling is probably warranted.

If at any time during the shopping or checkout process you feel like the site is asking for too much personal information, simply quit the transaction and leave the site. You may hate to leave behind a really good deal, but having your credit card information stolen is much worse.

Some things to watch out for:

  • Does the site look old and outdated?
  • Is the URL a different/weird address?
  • Do pop-ups fill your screen or do you get a warning message?

If you see any of these signs, just leave the deal and move on to the next site.

Be careful when shopping/ purchasing on a mobile device

Smartphones can do almost everything a computer can, but that doesn’t mean they are as secure and protected. Most phones aren’t equipped with the anti-virus software that you have on your computer, so it’s easier for criminals to get malware onto your device to help them steal your information.

Shortened URLs are often used because they are more mobile-friendly. But they can also trick you into visiting a risky site since it’s harder to tell whether they are secure or trusted. Make sure your mobile device is protected by a password so that any information you may have stored on it isn’t easily accessed.

Don’t shop when using public Wi-Fi unless you use a VPN

Anytime you enter personal information using a public network, you’re setting yourself up for identity theft. If you shop using a Wi-Fi hotspot, use a secure Virtual Private Network (VPN) service that will encrypt your session.

If you don’t use a VPN, be aware when you’re using a hotspot that any information you send could be picked up by strangers. If it’s information that could make you vulnerable, wait until you get home to your protected network. It may be less convenient, but it’s much safer.

Check your credit card statement frequently

Using a credit card is really the only smart way to shop online. If you buy something from a scam site using a debit card or check it can take longer to get your money back. If you use a credit card, the card companies have to reimburse you for fraudulent charges under the Fair Credit Billing Act.

A good rule for online shopping is to use a credit card with a low credit limit—$500 or less—and to check your statements every month. If you see something strange appearing on your statement, contact your credit card company to dispute the charge and obtain a new credit card so that fraudulent charges are stopped.

Use a virtual (temporary) credit card number

Banks now offer a virtual credit card number that allows you to shop online without exposing your real account number. Several banks offer temporary credit card numbers that allow you to set the amount and time frame for a purchase and then send you a card number to use online. Since the number expires relatively quickly and has a lower maximum spending amount, you minimize the potential damage – and your real credit card number remains secret.

Don’t use the same passwords for all your accounts

Make sure you don’t use the same password for all your accounts. This will make it harder for a hacker to break into your accounts.

Check URL – Look for HTTPS in the URL not HTTP

The Internet has a thousand different acronyms and it’s impossible for those who aren’t tech savvy to keep track of them all. The one you really need to know if you’re going to make online purchases, though, is HTTPS. The added “S” means that the way your information is being sent is secure.

HTTPS using SSL, or Secure Socket Layer, encrypts the information traveling through the networks so only the intended recipient can read it. If you’re considering buying from a site whose URL starts with HTTP, be careful with the information you share. Other signs of a secure site are a closed lock or unbroken key at the bottom of the screen.

Don’t click on links in emails

Instead of clicking on a link in an email, type out the address in your browser to make sure you’re going to the site you want to go to. Many phishing scams involve emails from what seem like legitimate sites, like banks or online stores – and then send you to a phony site where they can gather your information to steal your identity.

If you get an email from a site where you’ve shopped before, make sure you don’t follow the links and don’t provide any financial or personal information the email requests. Real sites won’t ask for important information over email. If you have any doubts about an email’s authenticity, go to the company’s website and obtain their number and call them directly.


© 2017 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is for informational purposes only and does not modify or invalidate any of the provisions, exclusions, terms or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable coverage form.

Monique Ferraro

Monique is counsel in Munich Re’s US Cyber Practice at HSB. Previously, she was principal at a digital forensics, e-discovery and information security consulting firm and owner of a law firm. Ms. Ferraro is a Certified Information Systems Security Professional.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.