The usually frenzied end-of-year shopping season is mostly online this year thanks to coronavirus restrictions. We've got some tips to help you stay safe as you shop for loved ones
We shop online all year round, but the arrival of Black Friday and the peak of the Christmas shopping season plus the COVID-19 restrictions that have been in place for most of 2020 mean that we are keeping delivery drivers busy. Here are some pitfalls to avoid and tips for staying safe online.
Know who you're buying from
Stay with the big names when buying online if you possibly can. Big, familiar brands such as Marks & Spencer or John Lewis are much safer for you to shop from than a vendor you’ve never heard of.
If you're thinking of buying a tech gift, be wary of brands you've never heard of - stick to trusted names. When we test smart tech we also test for security - and we don't always like what we find with cheap devices with brand names we haven't heard of before.
If something you want to buy is only available from a business you don’t know, do some research. Look for reviews of the seller to see what experience other people have had with them. See how long the website has been registered by going to whois.icann.org and typing in the website URL. This will tell you who owns the domain name and when it was first registered, as well as giving you contact details for the website managers. A domain that was only bought very recently suggests that the business is, at best, very new.
Use a separate email address for online shopping
It’s worth having a separate email address for setting up and managing online accounts.
Not only does that keep your personal or work inbox clear of notifications and potential spam, but it also means you keep important information such as work documents and family emails separate from newsletters and emails telling you that a delivery is on its way.
Also, should the email address associated with your online shopping accounts be compromised, then your sensitive data remains safe in your private inbox.
Check that the website is secure
You’ll see a lot of advice to only use a website that displays a padlock in the address bar, and that remains advisable.
However, there are two things to be aware of here: first, the padlock only tells you that the website is encrypted and that it’s securely sending your details, such as your password and card details from your device, to its servers. It doesn’t tell you anything about the authenticity or trustworthiness of the people behind the website; hackers can create secure websites too.
Second, the notification has been changing: some browsers such as Google's Chrome towards warning you if a website is not secure rather than telling you when it is secure. So before you type in your details, look for either the padlock or a warning that the site isn’t secure.
Keep your passwords safe
Make sure that you have a separate, strong password for every single account you use across different retailers.
Don’t reuse any of your passwords on different websites, and also avoid relying on using a system to differentiate them (such as adding a number or a code to a common password for different sites) as these are easy for a hacker to figure out.
We have more detailed advice on how to create secure passwords here.
And of course, this advice is important all year round, but it’s doubly important at this time of year. And the best thing you can do to keep scammers away from your passwords is to start using a password manager: check out our advice on password managers here.
Too much information
Be careful about how much information you give away when you create an account with an online retailer.
Look out for the asterisk (*) on web forms that tell you when you must fill in the that field: obviously a website needs your name, address, email address and payment details, but many sites also try to collect additional information, such as your clothing size or an additional phone number. It helps retailers understand their customers, but there’s no need to give that information if you don’t want to.
Many websites ask you to provide answers for security questions that you can use if you forget your password and need to reset it. Giving the right answer to that question can verify that you are who you say you are, and not a scammer trying to hack your account.
Want some more help with online security? Our friendly tech team can help you with one-to-one support on a range of tech issues. Find out more here.
However, you don’t need to give the real answer to the question. It can be quite easy to find out someone’s mother’s maiden name, for example, or the name of their first pet or their favourite cricket team, especially as people often unwittingly share that kind of information via quizzes on Facebook where it can easily be discovered.
Provided you can remember what information you gave – you could say your mother’s maiden name is ‘GreenOnions’, or example – it doesn’t matter what answer you give. Some password managers will store the information you give each website, which is a useful way to manage your secret answers.
Be careful on a mobile device
It’s tempting to use a smartphone or tablet to do your online shopping. It’s quicker and more convenient than firing up a laptop or a desktop.
But be particularly careful with checking the URL of a website. Mobile versions of browsers don’t always display the full web address in the address bar, which makes it harder to know for sure that you’re at the right website rather than, say, on a phishing site designed to trick you into revealing your passwords.
Download a retailer’s app from your phone’s relevant store - Apple's App Store or Google Play if you're using Android - rather than go to a mobile website, where possible, to protect yourself from the risk of going to a fake shopping site.
Make sure software is up to date
You are much more at risk from hackers if your software isn’t up to date. The latest versions of software bring security updates to fix potential loopholes that hackers use to get into your device.
Before you embark on your online shopping spree, make sure you’ve updated your operating system (Android, iOS, macOS, Windows), your antivirus software and your browser, or the app you’re planning to use.
Use a credit card where possible
It's a good idea to use a credit card rather than a debit card when you’re shopping online, and ideally use one with a low credit limit so that if the details of your card are compromised, the damage that can be done by a high-spending thief before you can block the card is limited. Using a credit card gives you more protection if a retailer goes bust, the goods don’t arrive or they’re faulty.
Buying on marketplaces
If you do want to use a small or independent seller, stick to buying via established marketplaces. Notonthehighstreet.com showcases small businesses, while Etsy.com is a good place to look for handcrafted gifts or vintage items. Amazon hosts thousands of small shops, and of course there’s always eBay.
Most importantly, all of these established sites offer secure payment services and dispute resolution processes that protect both the retailer and the buyer. If a small seller on a big marketplace wants to bypass the platform’s payment services by asking you to pay for a product via direct bank transfer, say, that’s a big red flag. Don’t use them. If you bypass the marketplace’s process, you can’t be helped if a problem arises with the seller.
Sign out when you're finished
If you use a computer or mobile device that's not your own, make sure you sign out when you've finished shopping and clear your cookies so that someone using it after you won't find themselves signed in to your account - and possibly with access to your payment details.
If you take your laptop to the library or a coffee shop to do your online shopping, use your mobile phone’s data connection to get online rather than public wi-fi. Using public wi-fi puts you at risk from ‘evil twin’ websites that intercept passwords and credit card details.
If you must use public wi-fi, consider using a VPN (virtual private network). VPNs create private, encrypted and secure link between your device and the website, stopping hackers from intercepting your data and also protecting your privacy. And it’s best to use a paid-for VPN as free ones can be slow or insecure.
We've got more information on VPNs here.
Think twice before buying from abroad: you could face long delivery times, and might also have to pay import duties. Buying from a retailer outside of the UK could also make it more difficult to return or exchange goods that are faulty or not what you wanted – check carefully for details of a returns and exchanges policy.
And if it’s an electrical item, you almost certainly won’t get a UK plug with the product, which could cause disappointment on Christmas morning.
If it sounds too good to be true ...
Be wary of special offers arriving by email or SMS that contain links that you are encouraged to click on. They could be phishing attempts, designed to send you to a fake website to steal your login details.
We all want to save money where possible, and it’s tempting to click through from a link offering a fantastic price on something. But the old adage ‘if it sounds too good to be true, it probably is’ is particularly important to remember at this time of year.
Check, check, check again
Before you click the final ‘Buy’ button, go over each part of the order. If you’ve got more than one card’s details stored on a site make sure you’ve selected the right one. Double-check the address you’re sending something to. And don’t forget to check delivery options and charges, too. Some sites will default to
a cheap and cheerful option that could mean you’ll be waiting for weeks.
If something goes wrong, buying something online means in certain cases you’ve got more rights than if you’d gone to the high street and bought it. For more information on the Consumer Credit Act and how it protects you, click here.
If you fall foul of fraudsters and you’ve been the victim of a scam, you can report it to Action Fraud via actionfraud.police.uk.
For up-to-date alerts about scams and advice on how to stay safe, sign up for our Scam Alerts newsletter here.