Not exactly. That doesn’t mean you’re likely to become the victim of a cyber attack the moment you buy something on Amazon. But it does mean there’s a risk something like that might happen down the line.
The problem is that cybercriminals are targeting online retailers more and more – not mainly because they have a lot of money (though that is one of the incentives), but because a lot of people use those platforms (currently, around 1.92 billion people shop online). What’s more, even though many online shopping websites have improved their security standards, they still fell victim to hackers.
So, for now, online shopping isn’t 100% safe. It’s likely not even 60-70% safe. And when you see our round-up of the main online shopping security threats, you’ll understand why.
Malicious websites often contain pop-up ads that advertise some incredible promotions (like saying you won a free PS4 or so). If you click on them, you’ll either be asked to share sensitive data (like credit card details and personally identifiable information), or your device will directly get infected with other types of malware (spyware, keyloggers, or ransomware).
Even worse, you might be exposed to such ads on legitimate websites too. While they’re normally pretty secure, some hackers might be able to exploit some vulnerabilities (if the website hasn’t done its latest security update, for example), and inject malicious ads into the platform.
You should also know that the malicious part of the ad can trigger if you click on the “X” to close it as well.
Cybercriminals set up fake shopping platforms to trick users into wasting money or revealing sensitive data. They normally try to imitate legitimate online retailers, claim they work with them, or invent their own made-up retail brands. Usually, one of two things will happen if you spend money on a fake online store:
Of course, there’s no guarantee that both of those things won’t happen on certain fake websites – especially if the scammer is very greedy, and wants both your money and personal/financial data.
Fake online retail websites are usually promoted through phishing messages and emails. The recipients’ contact details will either be acquired through a different phishing scam, or they can be bought off the deep web for a pretty small amount of money.
Not many people know this, but one of the main security risks of shopping online is having your identity stolen. Essentially, cybercriminals aim to steal as much personally identifiable information from you as they can (your full name, mobile number, email address, physical address, etc.). Once they have it, they either auction it off on the deep web, or they use it in other scams or to impersonate you.
According to statistics, most identity thefts occur during holiday shopping, seeing as how around 43% of consumers reported they became the victims of identity theft during such periods.
Identity theft normally occurs on fake websites, but legit online retailers can expose their own users to something like that if they suffer a data breach (which we’ll discuss in a bit), or if their platforms become infected with malware.
Websites that don’t use SSL encryption (the ones whose URL address starts with “http” instead of “https”) are a pretty big online shopping security risk. Why? Because the info you share on those platforms isn’t encrypted, meaning it’s very easy for hackers to monitor it if they want.
You can always take a risk if the website has decent offers (unless they are phishing attempts, of course), but keep in mind that even Google is now marking non-HTTPS websites as being unsecure.
Many online retailers have their own dedicated apps, and cybercriminals sometimes try to imitate them by creating fake versions. The main goals are to steal your credit card details, login credentials, and any other personal information they can get their hands on.
Like identity theft, fake apps seem to be used by hackers during holiday shopping seasons – likely because shoppers aren’t paying as much attention then, and are rushed to find promotions and discounts.
You’d think fake apps aren’t such a huge online shopping security concern since they can be easy to spot, but Apple’s App Store alone has been plagued with hundreds of them.
A data breach is when a cybercriminal gets unauthorized access to a website (either through phishing, malware, or by exploiting vulnerabilities). Most data breaches cause the retailers a lot of financial damage, but the real victims are the users who have their financial and personal information stolen.
You’d think data breaches wouldn’t happen too often, but you’d be wrong. Back in 2018, a record number of breaches were reported at big brands like Adidas, Sears, Best Buy, and Ticketmaster (among many others).
Shopping over unsecured WiFi is never a good idea. Sure, it might be extremely convenient to buy the latest mobile device or clothing item while sipping your coffee at your favorite place downtown, but it’s also very dangerous if the network isn’t secured.
How can you tell if a WiFi network is secured or not? Simple – if it doesn’t require a password to log in, it doesn’t use any encryption. That means your online connection to any retailing platform isn’t encrypted. So, any hacker who might be targeting the WiFi network could easily eavesdrop on your traffic. If they do that, they can see all the info you share with the retailer’s server, such as:
“Okay, so I’ll just use a WiFi network that’s secured. Problem solved!”
Not exactly. The problem with secured network is that they use WPA2 as an encryption standard. Well, the issue with that is that WPA2 is actually vulnerable to a cyber attack, namely the KRACK attack. WPA3 is supposed to fix that problem, but it’ll take some time until it’s fully deployed on all compatible devices.
Even if you take all the precautions you can, there’s always a risk your device might end up being infected with malware or viruses. In that case, it really helps to have reliable antivirus/antimalware programs installed because they’ll protect your data. What’s more, such a program could also prevent you from accidentally accessing malicious websites.
Just make sure you don’t use free solutions. They aren’t very reliable, and might not offer you any protection at all.
Oh, and don’t be confused about the antimalware/antivirus term – both of them do the same thing. A virus is a type of malware, after all.
You shouldn’t schedule regular updates just to get rid of annoying notifications. They are actually very important if you want to make sure security weaknesses and exploits don’t endanger you when shopping on the Internet.
For example, the latest update for security software (no matter how small it is) could contain vital data that helps the program detect new threats. Operating system and browser updates do something similar, as they often come with changes that boost security.
So, whenever you see an update notification, don’t leave it for later. Install it since it could significantly help with online shopping security.
While a VPN can’t help protect you from all online shopping security threats, it can make sure you’re not exposed on unsecured WiFi. So, you could actually shop online while connected to public WiFi without having to worry about hackers eavesdropping on your communications.
Also, a VPN could prevent shopping websites from sharing your geo-location info with third-party advertisers since it masks your IP address (which contains geo-location data).
If you need a reliable VPN service, we’ve got you covered. Our solution offers high-end encryption (AES, so it’s military-grade), extremely secure VPN protocols (OpenVPN, SoftEther, IKEv2), and a no-log policy that protects all your privacy.
On top of that, we also throw in DNS leak protection and a Kill Switch to make sure you’re never exposed on the Internet even if your VPN connection goes down. Oh, and you also get to enjoy unlimited bandwidth and high speeds, ensuring you get a smooth online shopping experience.
So go ahead and give our 24-hour free trial a try. No credit card details are necessary, and you get access to all the features. Also, you’ll be covered by our 30-day money-back guarantee once you become a CactusVPN user, so there are absolutely no risks involved.
If the online shopping websites you use allow it, turn on multi-factor authentication. Usually, you’ll be able to use two-factor authentication, which involves having to type in a generated code (which is often sent to your mobile device) after you log in with your password.
This way, even if cybercriminals were to somehow obtain your login credentials either through a data breach or phishing messages and fake websites, you’ll at least have an extra layer of security which will protect your account information (like your credit card number, for example).
Credit cards are simply safer than debit cards. Why? Mainly because debit cards don’t normally give you any leverage when disputing a sale. The seller needs to agree to give you your money back, and good luck with that if you’re dealing with a scammer.
What’s more, if you become the victim of fraudulent credit card activity, you won’t be held liable for it – as long as you report the issue in a timely manner, of course.
For example, if you use your credit card to purchase something on a shady website, and then you start noticing weird transactions that you never approved, you can get your money back if you alert the bank in time. Naturally, you’re going to have to get a new credit card after something like that, but the extra security – compared to a debit card – is worth it.
One good way to avoid some of the security risks of shopping online is to come up with strong passwords. That way, it won’t be easy for hackers and scammers to brute-force or guess your passwords, and use your accounts to buy stuff with your money, and steal any private and personal information they can.
We already have an in-depth guide on how to create a secure password, and how to keep it safe too. But if you’re in a rush, here are the highlights:
Also, it’s a good idea to use a reliable password manager (like LessPass, Bitwarden, KeePass/KeePassXC, and PSONO) to store all your login credentials. It’s much more convenient, not to mention more secure than typing the password yourself on multiple websites.
Online shopping websites will normally require some information from you – either to let you set up an account, or just buy without an account. Normally, they’ll ask for payment details (usually your credit card info) and personal information (physical address, for example).
If a website ever asks you for more personal data, like your Social Security Number, date of birth, gender, or various preferences, it’s best to find another platform. We’re not saying that automatically makes a website fake and malicious, but – depending on their Terms of Service – they might share that information with third-party advertisers, endangering your privacy. Plus, if said platform ever suffers a data breach, all that info is likely to end up for sale on the deep web, where scammers might buy and use it.
As for your payment information, the best way to keep it as private as possible is to either use websites that accept cryptocurrencies and PayPal (or another online payment system) as payment options, or just the Cash-On-Delivery option, so you’ll only pay when you receive the physical product from the delivery agent.
If you get duped into using a fake shopping website, your credit card details and personal info will be good as gone. So, you need to watch out for the tell-tale signs of fake, malicious websites:
We highly recommend using this list too, which currently contains a large number of fake websites.
In case you’d like to learn more about phishing (what it is, how to spot it, how to protect yourself), here’s an article we wrote about the topic.
The main idea is to not reply to and delete or block any phishing messages you might get, and not reveal sensitive information on phishing websites. Also, if possible, try to get in touch with the authorities in your country to report the phishing attempt. Oh, and don’t click on any button in the email – even the “Unsubscribe” button – since they can infect your device with malware.
As for the signs of a phishing attempt, most of the signs we mentioned in the section above apply in this case. Other things that might point to a website or message being an online shopping phishing scam include:
We’re keeping this tip for last because it isn’t the most effective one. Despite that, you should know that doing online shopping on your mobile device might be safer.
Why? Because reputable retailers have their own dedicated apps, which are much harder to exploit than websites. Basically, cybercriminals need to use specific attacks to compromise an app, while they can usually compromise websites with the same tactics.
Still, please keep in mind that retailer apps can be spoofed, and if you use one of them your financial and personal info will be as good as gone. Luckily, there are some ways to spot fake apps:
Buying things on the Internet is very convenient, and saves you tons of time. However, you need to be aware of online shopping security threats if you don’t want to end up the victim of identity theft – or worse. Things like adware, fake websites and apps, unencrypted platforms, data breaches, and WiFi can always expose you to cybercriminals.
Luckily, there are some things you can do to avoid the security risks of shopping online. If you don’t have the time to read through them all, here’s a summary:
Protect online privacy, secure your connection and access blocked websitesTry CactusVPN For Free