Over the last two decades ecommerce has transformed the world of retail, developing from a niche sector into a five trillion-dollar industry. And with so much money involved, safe online shopping has become more difficult, as cyber criminals are constantly looking for new ways to exploit those of us buying goods and services on the web.
In the US alone, consumers spent a record $9.12bn online during Black Friday in 2022, with Cyber Monday sales even higher, at $11.3bn according to Adobe, which tracks sales on retailers’ websites based on Adobe Analytics data).
This amount of money changing hands is bound to attract cyber criminals, who employ online shopping scams in a variety of ways, such as a way to install malware or steal personal details via phishing. (You can read our malware tips and details on the latest phishing scams to keep up to date on the latest cyber threats.)
However, by following our list of safe online shopping tips, you can buy online with confidence, and ensure that you stay one step ahead of the cyber scammers.
One the most prevalent types of shopping scam is phishing via email. These scams will usually masquerade as a well-known brand — Amazon being a favorite — and will contain a fraudulent link to an action such as confirming a delivery address, verifying your account, or updating your payment details. Click on the link and you are taken to a phishing page, where you will be asked for your details via an almost identical version of the official website.
If you receive a message like this, do not click the link in the email. And if you think it is genuine, go directly to the official website by typing the URL directly into your browser of choice.
Safe online shopping isn’t just about avoiding scammers. Legitimate retailers can also become victims of cyber criminals, especially via a data breach, where user details are stolen. This makes it important to use a strong, unique password when creating your online identities.
Thankfully, you can create complex and unique passwords using free tools such as F‑Secure’s strong password generator. And if you want to go a step further, we also recommend using a password manager. (F‑Secure’s highly-rated ID Protection enables you to create and manage strong passwords, while also monitoring data breaches and the dark web.)
To ensure the highest level of security available via a legitimate, online retailer you should enable two‑factor authentication (2FA) where available. Two‑factor authentication works by adding extra security to online accounts (beyond your username and password) requiring an extra credential, such as a one‑time passcode. By applying two kinds of identification 99.9% of automated attacks are prevented (according to 2019 research from Microsoft).
One of the key benefits many credit providers offer is insured payments against fraud. For example, most credit card providers have fraud protection, where they provide refunds for fraudulent transactions (which often isn’t the case for debit cards).
Also, consider using an online provider such as PayPal, which offers some support for safe online shopping. PayPal states that:
If an item that you’ve bought online doesn’t arrive, or doesn’t match the seller’s description, PayPal’s Buyer Protection may reimburse you for the full amount of the item plus postage.
A quick WHOIS search will provide you with details such as when a shop’s domain name was registered, how long it was registered for, which country it was registered in and to whom. If these details don’t reassure you, then go a step further, and look at the site’s contact information. If they don’t have a phone number, that’s a red flag. And if they do have a number, give it a call, to check that it’s genuine.
Comparison engines have essentially removed the need for retailers to provide large discounts, because these tools enable them to see what their competitors are selling the same items for in seconds (and subsequently choose to undercut them by a few percent, should they wish). So, you should look out for huge offers that seem too good to be true, because they probably are.
This may seem a little tough on any new online store trying to drum up business, but with so many fake shops appearing online, we would advise you to stick with the brands that you know and trust if you want to guarantee a safe online shopping experience. But also remember that the brands you trust the most are often the ones being mimicked in the fake offers distributed via social media and email. So be vigilant.
Free Wi‑Fi can be convenient if you’re stuck somewhere without connectivity, such as an airport or conference. But you should avoid using any public Wi‑Fi for online shopping unless you have a VPN enabled, as they often lack proper encryption, making it easier for cyber criminals to intercept your data. To encrypt all your traffic and keep you safe on public Wi‑Fi, use a personal VPN such as F‑Secure VPN.
Look out for social media offers that have overwhelmingly positive reviews, as this is a traditional red flag for an inauthentic offer, as genuine products tend to have a mix of reviews. As a rule of thumb, it’s better to avoid these offers entirely. But if you feel an offer is genuine, do some extra checks, such as clicking on reviewer profiles to check that they are legitimate accounts. Also, remember to check legitimate reviews for any new shop you decide to buy from, using a respected platform such as Trustpilot (which currently features over 200m reviews).
The best way to stay safe online is by using a trusted internet security product. With F‑Secure Total — which contains F‑Secure’s highly-rated ID Protection and Browsing Protection — your passwords are monitored, you will be alerted of breaches should they occur, and access to potentially harmful shopping sites will be automatically blocked.
F‑Secure’s Browsing protection (included in F‑Secure Total) enables you to evaluate the safety of shopping sites and prevents you from unintentionally accessing harmful URLs.