You're reading this article online, so it's a safe bet that you also shop online. More than three-quarters of U.S. adults have shopped online, and nearly half do so at least once a month, according to a 2018 NPR/Marist survey of the digital economy.
It's clear that consumers feel comfortable shopping online. However, that comfort is often accompanied by complacency. Cybercriminals are more sophisticated than ever, and that means they are using tricks to easily fool consumers into visiting fake stores or opening phishing emails. Here are 11 tips to help you beat the crooks and stay secure while shopping online.
Your most valuable asset online isn't your credit-card number, but your personal information. The more you reveal about yourself online, the greater the risk of identity theft. An online store will request your name, address, phone number, email address and billing information. If it asks for anything else, such as a Social Security number or a driver's license number, take your business elsewhere. No legitimate business needs that information for a simple purchase.
As the personal-finance blog NerdWallet explained it, "With a credit card, the card issuer must fight to get its money back. With a debit card, you must fight to get your money back."
If a cybercriminal lifts your debit-card information, he has a direct connection to your bank account. If you don't monitor your account closely (which, of course, you should be doing), you risk being wiped out completely.
It is also much easier to report and reconcile compromised credit-card information than debit-card info. Credit-card customers have up to 60 days to report fraud before they're on the hook for stolen funds; debit-card customers have as little as two business days.
One exception to the "never debit" mantra is the prepaid debit card, the kind that you can buy in drugstores. You control the amount of money connected to the card, so there won't be an entire bank account for a criminal to tap into.
More importantly, a prepaid card isn't connected to any personal information beyond what you need to provide for purchase and delivery. That differs from credit and debit cards, which are linked to bank accounts or large lines of credit.
Any time you are asked to remember security questions based on personal information, fudge the truth. Sure, your mother's maiden name might be Pebble, but no one is going to know or care if you say it's Slaghoople instead. What's important is that you remember it.
Social media has made it easy for cybercriminals to gather all kinds of personal information that is used in answers to security questions. This is one time when it is OK to lie.
What does your personal email account hold? Chances are, it includes plenty of personal information, lists of contacts and archived correspondence that you don't want hackers to get access to. Your work email account may have even more sensitive information, including something that could compromise corporate data.
Avoid these risks by setting up a separate email account to be used only for online shopping. Doing so will make the information in your regularly used email accounts less vulnerable if there is a data breach involving the shopping site.
The other benefit of having a separate email address for shopping only is that any special offers, marketing blasts and other emails from these retailers will go to that account. That will make it easier for you to tell if similar emails coming to other accounts are spam. Just make sure that the shopping email account's username and password are different from those used by any of your regular email accounts.
We all get email messages from online retailers, but be very careful in how you handle them.
Even if a message shows up in your dedicated shopping email inbox, it isn't necessarily legitimate. Rather than clicking on the link in the message, go directly to the store's official website and search for the item on sale, or type in the codes for special offers.
At the very least, you should verify the link embedded in the email message. When you hover your mouse cursor over the link, the actual link will be displayed at the bottom of your browser's window. If the link doesn't go to the store's legitimate site — make sure to read the link all the way to the end, as sometimes, an .exe file is buried in a legitimate-looking link — then delete the email message.
Remember, if an offer in an email message or on social media sounds too good to be true, it almost always is.
Many data breaches you hear about involve unencrypted or poorly encrypted passwords. Once a cybercriminal has the password for one online account, the chances are very good that he'll be able to access other accounts with that same password. Why? Because many people use one or two basic passwords for everything.
That's why it is important to use a different password for every important account -- any account that involves money or personal information. It's OK to write the passwords down, as long as they are stored in a secure location, such as a locked desk drawer or in the "vault" of an encrypted password manager. Storing passwords in an email account or on a computer file puts them at risk of being stolen if your system is compromised.