Back to the Blog

8 Tips for Safe Online Shopping

Patrick Sullivan

woman shopping online

You may be confident in your online shopping safety savvy, but hacking, phishing, identity theft, and other breaches of personal information have only become more common in recent years. 

More than half of all online consumers have fallen victim to a cybercrime at some point. In order to protect yourself and your business from malicious activity, it’s essential that you know the current best practices when online shopping, as well as green and red flags to look out for. Here’s what you need to know. 

Key Takeaways

  • Check to make sure each website you shop on is secure by looking for telltale signs (like an “https://” URL and a lock symbol in the browser bar).
  • Update your software regularly.
  • Use strong, unique passwords, and change them often.
  • Use multi-factor authentication (MFA) wherever possible.
  • Be cautious when connecting to public wi-fi.
  • Know the signs of phishing scams.
  • Use a credit card instead of a debit card when online shopping.
  • Monitor your accounts for suspicious activity regularly.

Use Secure Websites

The first and most important step to take when online shopping is to ensure that you are making your purchases from a secure website or online store. To determine if a website is secure, examine the URL—if it begins with “https://” (as opposed to “http://”), that means it’s operating using a Secure Sockets Layer (SSL) certificate. 

This guarantees that your data is encrypted as information is exchanged between your computer and the website’s server. 

Look for a “padlock” symbol in your browser’s address bar as well—this means that the connection between your computer and the website’s server is safely encrypted as well.

Look at the design of the shopping site (if it’s well-designed and lacks grammar and spelling errors, it’s more likely to be secure). Positive customer reviews are also a good sign, as is contact information or a “Contact Us” form. 

Double check for these green flags again after logging in—some websites only encrypt their login pages. Spam warnings, suspicious URLs, unsolicited pop-ups, and negative reviews are all signs that a website might not be trustworthy.

By shopping on unsecure sites, you’re at risk for fraud, data breaches, stolen card details, and malware. 

This may mean you’re scammed out of the money you paid for online purchases (online shoppers lost $246 million in 2020 alone, and the holiday season is particularly risky), other nearby devices are compromised, or your personal information is stolen. 

In order to avoid these worst case scenarios, do a quick scan for red flags before making a purchase from any website.

Keep Your Software Up to Date

You may not associate out-of-date software with security risks, but the connection is more prevalent than you think. 

Outdated software and operating systems are more likely to be vulnerable to hackers, as they lack important security updates. Buggy software also makes detection of suspicious activity more difficult. 

By ignoring software updates, you’re opening a door for hackers to enter and expose your computer to malware and other viruses.

To keep your software up to date, pay attention to software and operating system update notices on your computer. 

Check your App Store for updates regularly, and/or turn on automatic update downloads where possible. Ensuring your software is up to date is an investment of time (and, in some cases, money), but will be well worth it in the long run.

Use Strong Passwords

You’re likely familiar with seemingly extreme password requirements and frequent requests to update your password for each website you use regularly. 

While these requirements may seem like a nuisance, they’re there for a reason: Strong passwords are crucial in keeping your computer and personal data safe as you shop online. 

The more complex your password is, the safer your personal information will be from hackers and other cybersecurity threats.

To ensure your password is strong, use a variety of symbols, numbers, and uppercase and lowercase letters. Choose a long password (at least eight characters) and change it regularly (do not recycle old passwords where possible). 

It might help to incorporate a word or phrase you’ll remember, but to spell it with a variety of symbols (i.e., “3” instead of “E,” “!” instead of “i”).

Use Two-Factor Authentication

Two-factor authentication or multi-factor authentication (MFA) is a system that requires multiple pieces of evidence before granting you access to your account. 

This means that in addition to entering your password, you may need to respond to a push notification on another device, answer a phone call, or enter a code that’s been texted or emailed to you. (If you’ve ever forgotten your password and had to answer a security question, you’ve technically participated in multi-factor authentication.)

Certain websites automatically require multi-factor authentication, especially for access to business or school accounts as well as access to test results and health records. 

If your place of work or medical practice doesn’t provide MFA, it’s worth requesting they implement it in order to ensure your data is more secure in the future.

Be Cautious with Public Wi-Fi

Using public wi-fi can be more dangerous than you might think. Whereas home wi-fi networks are password protected, anyone can connect to a free, public wi-fi network, including hackers. This creates a window for those with malicious intent to hijack your network connection and steal your personal data. They can even encrypt your important files (so you lose access to them) or spy on your Internet activity.

In order to stay safe on public wi-fi, first double check to ensure you’re avoiding bogus wi-fi networks. Sometimes, cybercriminals deliberately set up wi-fi networks with similar names and passwords to that of a local business. 

Once you’ve safely connected to legitimate public wi-fi, avoid using websites that require credentials (i.e., email, social media) whenever possible, and avoid online shopping or entering your credit card information on any website. 

Don’t ever use a public wi-fi network to connect to your company’s network or server, as this could jeopardize the entire organization via exposure to hackers or malware. Do not enable Bluetooth file-sharing services (like Airdrop) in public—hackers might secretly download malicious files to your device. 

Do your best to only access secure sites (look for the aforementioned “https://” URL and lock symbol in the browser bar, before and after logging in). Don’t enable automatic connection to nearby wi-fi networks on any of your devices. 

Finally, if you’re connecting to a Virtual Private Network (VPN) and the connection drops, disconnect from public wi-fi immediately—as soon as the VPN encryption fails, your personal information will be exposed.

Watch Out for Phishing Scams

Phishing is a form of deception used by hackers and scammers to coerce consumers into offering sensitive information or downloading malware. 

This typically involves a fake email that appears to be from a reliable source, a fake invoice, a fake notice of suspicious login attempts to your accounts, or even an impersonation of a person you often correspond with online. 

Signs of phishing emails include suspicious attachments, urgent or threatening language or calls to action, offers that seem too good to be true (i.e., inheritance you didn’t know you’d receive or winnings from a contest you didn’t enter), generic greetings (i.e., “Dear Sir or Madam”), senders you’ve never heard of, false receipts or delivery notifications, unprofessional design (i.e., a blurry logo), and informational mismatches (like slightly off email addresses or URLs linked or spelling and grammar errors).

In order to avoid falling victim to a phishing scam, stay on the lookout for these signs. Validate the identity of the person you’re interacting with and only send money or personal information via secure websites. 

Invest in security or antivirus software for all of your devices, and update it regularly (especially if you suspect you’ve downloaded a virus). Report potential phishing scams by forwarding suspicious texts to SPAM (7726), forwarding suspicious emails to the Anti-Phishing Working Group (APWG) at, or visiting

Use a Credit Card Instead of a Debit Card

It’s far safer to shop online using a credit card rather than a debit card. Not only are credit card purchases easier to trace, credit cards are also not connected to your bank account, which means your account balance won’t be immediately affected by fraudulent purchases. 

Credit card companies often offer a certain amount of coverage for fraudulent charges, meaning you’ll only have to pay a small liability fee if your credit card number is compromised. 

Use your credit card safely online by only entering your financial information on trustworthy and secure websites. Storing your credit card information online increases its risk of being stolen, so while it’s more inconvenient, it’s a wiser idea to re-enter your information each time rather than saving it. 

Finally, using a third-party service like PayPal or Apple Pay when shopping with online retailers provides you with an extra layer of protection when online shopping on your computer or mobile device. 

Keep an Eye on Your Accounts

In order to stay safe when online shopping, it’s imperative that you regularly monitor your online accounts for any suspicious activity. 

Change your passwords regularly and check your email for any notifications of attempted logins. 

Store your updated passwords in a safe place (i.e., a reputable third-party password manager) and log out of accounts containing sensitive information when you’re not using them. 

Avoid connecting to websites requiring your credentials on public wi-fi, and avoid sharing your passwords or accounts with anyone. 

Even if you trust your loved ones with your password, they might not be as diligent as you are with your credentials—they may be storing your password in an unsafe location or keeping it on a compromised device.