bad Credit

4 smart practices to avoid online shopping scams

person laying in bed with laptop and credit card online shopping
Written by Publishing Team

For many retailers, the holiday season accounts for more than 30 percent of their annual profits. This isn’t surprising considering that, on average, Americans have spent more than $700 on gifts each year for the past decade. 2021 is expected to set a new record of $886 – the largest budget Santa has had in the past 20 years.

With all that money going around, the bad actors will definitely want to get their hands on some. Some are smart, and even the most careful shoppers can fall prey to their scams. But by following a few basic tips and good security practices, you can make yourself a more difficult target and hopefully avoid giving unintended gifts to cyber scammers.

These days, your inbox is likely overflowing with promotions, newsletters, and sales that you “can’t miss.” Some may offer amazing deals, says Camille Stewart, global head of product security at Google, but you should be careful rather than jump-start.

“People should look to see if the message was sent from a public email domain,” she says. “Most brands that send promotional emails have a website and send emails using their domain name. So you should be skeptical about promotional emails from a Yahoo or Hotmail address, for example.”

[Related: Scammers are targeting your calendar—here’s how to stop them]

If the return address or anything else in the email body is off – pixelated images, grammatical errors, or misspellings – report the message as spam and delete it immediately.

As a general rule, do not click on links in any email. Instead, open another tab in your browser, go directly to the official website of the store, and go to the deal or sale you are interested in. Scammers often find legitimate promotional emails, copy them, and replace links with ones that will steal your data or automatically install malware on your computer.

But we get it – sometimes we get lazy or retailers make it hard to find sales on their websites to entice you with non-discounted products instead. If you absolutely need to click that link, try hovering over it to make sure it matches where the ad or email claims to take you, Stewart says.

To do this, place your mouse pointer over the link. Some browsers will automatically display a small box containing the description or URL of the site the link will take you to. If it doesn’t, check the bottom left corner of your browser for the same information. When you see this web address, start by making sure that the URL begins with “https” – the latter is important and means the connection is secure.

Next, make sure that the domain of the site corresponds to the store that sent you the email. Domain is the keyword or phrase in the URL, and you’ll usually find it all the way to the left, right between www. and .com (or, .ca or any other top-level domain or country). It’s “amazon” on, or “popsci” on

It is also important here to make sure that the spelling is correct. Scammers will buy similarly typed domains to deceive and confuse shoppers, and sometimes the differences are so tiny, you won’t notice them unless you look closely. Keep an eye out for tricks like using 1 instead of i, or switching letters that will easily trick your brain. After all, popcsi Looks awfully like popsci.

Protect your credentials

One of the most annoying things about online shopping is the need to create an account on the seller’s website. It makes sense to do this because it protects your data, but it seems like a lot of effort – especially if you’re not planning to buy there again.

Sticking with websites and retailers you already have an account with might be the easiest way to go. But if you’re shopping at a new online store, your best bet is to check out as a guest. In theory, this will ensure that the site does not permanently store your information – from your name and address to your credit card number – and will spare you the trouble of coming up with another password.

If you’re shopping at a large retailer and checking in as a guest isn’t an option, you may be able to sign in with your Google, Apple, or Facebook account. Contrary to what you might think, as long as this account is properly secured (with a strong password and two-factor authentication) this is a secure way to access the site. The retailer never gets your credentials, just a nod of authentication saying you’re actually who you say you are. The best part is that if you decide that you don’t want to link to the shopping site anymore, you can go ahead and revoke it easily. (We wrote a whole story on how to do this if you need a little guidance.)

But there will come a time when you want to buy from a site where your only option will be to create an account. If so, take a deep breath and arm yourself with patience – and a password manager.

“During the holidays, the volume of sites creating new accounts for them and the tendency to create holiday-themed passwords makes us vulnerable to hacking,” Stewart says. “A good password manager can be a game changer.”

Whether you get a custom app or use your browser’s built-in app (Chrome and Firefox both have them), password managers are great at two things: creating highly secure credentials and remembering them for you. This way you won’t have to worry about future data leaks that might bring ghosts of the past Christmas.

If you have a low-risk disposable email address — one you only use for promotions and things you don’t actually care about — Stewart says now is the time to use it. If you don’t have one, this might be the perfect time to create one.

Use your credit card

You’ll probably apply this tip year-round, but it’s worth repeating: When it comes to online shopping, leave your debit card in your wallet and use your credit card instead.

Debit cards are a direct link to your checking account, and the purchase cost is deducted from your money almost instantly. If you are a victim of phishing, there is a chance that the scammers can repeat the transaction or use your card details to purchase elsewhere, withdrawing funds directly from your account.

If you fall into fraud while using your credit card, you will have more time to contact your bank and file a claim. Also, most major credit cards have some form of insurance or protection against online fraud. If so, you will most likely get the amount the scammers credited on your statement immediately upon notifying your bank.

A great way to stay on top of all the movements with your credit card is to check your balance frequently. This means not only waiting for it at the end of your period but making it a frequent habit throughout the week. If possible, you can make your life easier by setting up alerts for every transaction on your credit card.

Most banks will send you an email or text every time there is a move on a certain amount that you specify. By setting this minimum to $1 or 50 cents, you’ll even realize the seemingly harmless in-app purchases you keep making in your favorite virtual farm game.

Use only WiFi connections you know and trust

Listen, we know the holidays are a busy time, and mobile devices make it really easy to shop for gifts on the go. But if you’re doing a nice menu on the go or taking a break at your local coffee shop, be aware of your connection.

[Related: How to secure your apartment-provided WiFi]

In other words, never share sensitive information over public WiFi. This applies to everything you don’t want to fall into nefarious hands: sensitive business documents, sensational photos, and of course your financial information. Stewart points out that any form of public WiFi is known to be insecure and easily hackable, so you don’t know if someone can access your device or your data through that connection.

To be on the safe side, shop while using your mobile data, or at home, while connected to your WiFi. There are actually a lot of things you’ll probably be worried about this holiday season. Don’t let scammers be one of them.

About the author

Publishing Team

Leave a Comment