(Credit: René Ramos; Getty Images/South_agency)
There's every reason in the world to shop online. It's a great place to find the best bargains, compare prices, and get gifts shipped straight to your front door. Even returns are easy with the right e-tailers. Anything that can make Black Friday, Cyber Monday, and holiday shopping in general less stressful is undeniably attractive.
But what about the bad guys? They're out there. According to the FBI, in 2022, the Internet Crime Complaint Center received reports from almost 12,000 victims reporting non-payment or non-delivery scams. The losses added up to over $73 million.
While somewhat alarming, these stats should not keep you from shopping online. You simply need to use some common sense and follow practical advice.
How to Avoid Scammers on Black Friday, Cyber Monday
From spotting shady websites to turning down deals that are too good to be true, it’s important to stay vigilant during the busy holiday season. Below are basic guidelines for safer online shopping. Use them and buy with confidence.
1. Only Shop on Popular or Familiar Websites
Search results can be rigged to lead you astray or even infect your device with malware. A good deal just isn't worth the risk when we all know Amazon.com carries everything under the sun. Likewise, almost every major retail outlet, from Target to Best Buy to Home Depot, has an online store.
Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example)—those are the oldest tricks in the book. Yes, sales on these sites might look enticing, but that's how they trick you into giving up your info.
2. When in Doubt, Look for the Lock
If you're unsure if the site you're buying from is legit, look at your browser's address bar. Never buy anything online from a site that doesn't display a lock icon near the URL. The lock icon indicates that the site has SSL (secure sockets layer) encryption installed. This means your data transfers are more secure than they on an unencrypted site.
Another way to tell if a site has SSL is to look for a URL that starts with https://, which is standard, even on non-shopping sites. Google Chrome even flags any page without the extra S as "not secure." So a site without it should stand out even more.
3. Research the Seller Before Buying
If you're wary of a site, perform your due diligence. The Better Business Bureau has an online directory and a scam tracker. Yelp and Google are packed with retailer reviews. Put companies through the wringer before you plunk down your credit card number. There's a reason that non-delivery/non-payment is the most common cybercrime complaint: it hurts when that happens, financially and emotionally.
That said—online reviews can be gamed. If you see nothing but positive feedback and can't tell if the writers are legitimate customers, follow your instincts.
If nothing else, make sure you've got a concrete address and a working phone number for the seller. If things go bad, you have a place to take your complaint. In fact, call them before you order so you can clarify a return policy and where to go with any issues after the purchase.
4. Lie or Omit Personal Information on Shopping Forms
There is no reason why an online shopping e-tailer needs to know your birthday, middle name, Social Security number, or any other personal information beyond your payment method and mailing address. Feel free to lie if a retailer requires you to fill in that kind of data to complete your transaction. What are they going to do? Tell on you?
The more scammers know about you, the easier it is to steal your identity. When possible, default to giving up as little personal data as possible. Major sites get breached all the time, so it's important to keep your information private.
5. Don't Use Your Debit Card to Shop Online
If your debit card is compromised, scammers have direct access to your bank funds. It's wise to use a credit card or mobile payment app when shopping online. Some banks offer disposable credit card numbers to make online shopping even safer, as do some security services like IronVest. The Fair Credit Billing Act ensures that you are only responsible for up to $50 of credit card charges you didn't authorize if you get scammed.
Regularly review the electronic statements for your credit card, debit card, and checking accounts. If you see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only when you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems; however, you might be liable for the charges anyway.
6. Pay With Your Phone in Stores
Paying for items using your smartphone has become pretty standard in brick-and-mortar stores and is more secure than using your credit card. Using a mobile payment app like Apple Pay or Google Pay means you've authenticated your identity using your device, so no one else can claim to be you and steal your data or money. Plus, you're avoiding card skimmers.
7. Watch Out for Fraudulent Gift Card Exchanges
When it comes to gift cards, stick to the source when you buy one; scammers like to auction off gift cards on sites like eBay with little or no funds on them. There are many gift card "exchanges" out there that are a great idea—letting you trade away cards you don't want for the cards that you do—but you can't trust everyone else using such a service. You might get a card and find it's already been used. Make sure the site you're using has a rock-solid guarantee policy. Better yet, go directly to a retail brick-and-mortar store to get the physical card.
8. Stay Private While Using Public Wi-Fi
If you're shopping via a public hotspot, stick to known networks, even if they're free, like those found at Starbucks or Barnes & Noble. You should probably also use a virtual private network (VPN) to be safe (here's why). For more, see our Tips for Public Wi-Fi Hotspot Security.
9. Install and Use Security Apps
Use a password manager to create uncrackable passwords and passkeys. It will keep track of them and fill them in as you shop. You can also save time filling out mailing address forms by storing that info in your password manager and letting it enter the data for you at checkout.
It's also a good idea to protect against malware with regular updates to your antivirus program. Better yet, pay for a full-blown security suite, which will have antivirus software and will also fight spam, spear-phishing emails, and phishing attacks from websites (the latter two try and steal your info by mimicking a message or site that looks legit).
Remember, it's not enough to have this stuff installed. Make sure your anti-malware tools are always up to date. Otherwise, any new threats can get to your devices—and there are always new threats.
10. If You Do Get Scammed, Don't Get Mad, Get Revenge
Don't be embarrassed if you get taken for a ride while online shopping. Instead, make a bit of scene—online, of course. Complain to the seller. If you don't get satisfaction, report the incident to the Federal Trade Commission, your state's attorney general, or even the FBI. That's probably going to work best if you buy in the US, rather than with foreign sites. If you're going to get scammed, try to get scammed locally...or at least domestically.
Hacked for the Holidays?
If you still find yourself a victim of identity theft or if your accounts are compromised after your online shopping spree, check out our guide for what to do when you've been hacked. After taking the steps to secure your accounts, bookmark and visit PCMag's online safety checklist to keep yourself and your family safer online all year.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
