Home > Publications > Non-Technical > Safety Tips for Shopping Online

Safety Tips for Shopping Online

 Using best practices while shopping online will help ensure your computer is secure before completing any transactions; provide tips on recognizing secure websites, scams and guidelines for shopping online. Appling these tips everyday and not just on the holidays will allow users to be one step ahead of criminals. Increasing the user’s computer knowledge/awareness about shopping online will decrease the number of infections/scam attempts.

Secure Your Computer
Before you begin to shop online, ensure your computer is secure with a firewall, anti-virus, and anti-spyware program to prevent hackers from installing malicious programs in your computer and viewing your files. Configure your security software and operating system to update automatically to prevent conflicts with each other. Ensure your password is difficult to guess, because if your password is easy a criminal will have access to your accounts in minutes. When these tips are put into practice they will reduce your chances of becoming infected with a malicious program (virus, trojan horse ...etc). Securing your computer is always the first step after turning the computer on.

Firewalls are a barrier between the computer and the Internet. All machines that use the Internet should turn their firewall on.

  • Software firewalls are programs that allow or deny network traffic to pass to/through the computer. The user is responsible for entering specific web address to allow or deny.
  • Hardware firewalls are additional devices added to a network that either allow or denies traffic. These are normally found in businesses and not in the home.
  • Configure firewalls to filter out unauthorized (gaming, x-rated…etc) websites, and to prevent hackers from scanning/retrieving information from the computer.
    Frequently check the firewall manufacturer’s web site for updates and patches.

Anti-Virus/Anti-Spyware is software that attempts to identify/block/remove malicious programs (virus, worms, and bots) from compromising your computer.

  • Install anti-virus/spyware software to protect the computer from being compromised.
  • Set the anti-virus/spyware to update automatically to combat new fast spreading worms, viruses, and bots that are released every day.
  • Scan your computer frequently to prevent hidden worms, viruses, and bots from compromising the computer.
  • If a virus/spyware is found research it and try to remove the infection using the anti-virus/spyware removal tool.


Patching is a quick fix before an update can be released. Patches are the result of security vulnerabilities found in computer software programs. They should be applied immediately because someone can exploit the security vulnerability in a matter of minutes.

  • Configure the computer/software to install patches automatically.
  • For older software, check the vendor’s web site frequently for patches.
  • Subscribe to receive patch notification e-mails.
  • Research newly released patches for compatibility purposes with the computer/software. Some may cause more harm than good.

User ID's and Passwords are used to identify and authenticate you on a computer. You are responsible for all actions taken on a computer that use your ID and password.

Follow these best practices to prevent your password from being used:

  • NEVER tell or share your password with ANYONE
  • Your password should be changed periodically.
  • Don’t use birthdates, names, repeating numbers/letters.
  • Don’t reuse your previous passwords.
  • Don’t use the same password for each of your accounts.
  • When your computer prompts you to save your password, click on “No.”
  • Never use a word found in a dictionary (English or foreign.)
  • If you think your password has been compromised, change it immediately and notify the information security officer or manager at their organization.
  • Create a password that is eight or more characters, use numbers and letters, special characters, and use hard to guess but easy to remember passwords. For example, “The big Red fox jumped over the Fence to get the hen?” becomes TbRfjotF2gth?



Recognizing a Secure Website
Check for signs of a secure site by looking for a closed padlock on the browser's status bar or the HTTPS/SHTTP (secured encryption) in the address bar of the web site's URL address when you are asked to provide payment information. Additionally, look for is the Better Business Bureau Seal. When clicked you should be directed to the Better Business Bureau home page (www.bbbonline.org).

Use SSL websites when entering in a credit card/bank account number. SSL websites provides secure/encrypted transactions during a payment process.

Guidelines for an SSL website:

  • A closed padlock on the browser's status bar
  • The HTTPS/SHTTP (secured encryption) in the web site's URL address bar when purchasing or making a payment.
  • Look for the Better Business Bureau Seal (www.bbbonline.org), when this is clicked it should bring you to their website
  • Do Not Pay with Cash (money-wiring service) or money orders for any online purchase. There is no guarantee that your money will be refunded to you if you return the item.
  • Don’t pay with debit cards, it is a direct link to your bank account. If a person obtains your debit card information and the pin number they now have access to your bank accounts.
  • Pay with a credit card, most creditors will refund fraudulent charges on your account. Some creditors have a security plan that monitors your activity on your card, so if anything unusual happens they will notify you that a transaction happened.

 E-mail Scams and Pop-Ups
 The number of e-mail scams and pop-ups always increase during the holidays because criminals know that people do not examine their e-mails carefully during these days. This can lead to stolen identities, credit cards, and erroneous charges for items never purchased. Using the following guidelines increases your awareness in recognizing e-mail scams and pop-ups.
Guidelines to prevent e-mail scams/pop-ups:

  • If you don’t recognize the sender DELETE IT! and block the address to disable future communications
  • If you receive an e-mail asking to enter in your personal information (bank account #'s, passwords) DELETE IT!!!! Legitimate companies will not send you e-mails asking for personal information (passwords).
  • Look for misspelled words, things that look out of place (logo is normally on the right side now it is on the left), e-mail from foreign countries, etc. DO NOT CLICK ON ANYTHING, DELETE IT.
  • Check your creditor’s official web site regularly and look for any changes made to your account.
  • Close all pop-up ads (by clicking on the “X”), they can contain malware that can infect your computer and obtain your information. Legitimate companies will not allow pop-up ads in their secure web site domain


Research the Seller
 If you are shopping online with an unfamiliar seller keep these things in mind:

  • Call the phone number provided and speak with a customer service representative. If the number provided does not work or you believe that the person on the other line is asking too many personal questions (social security number, date of birth) Do Not Do Business With This Seller. 
  • If an e-mail address is provided, send an inquiry and wait for a response, if one is not received or all of a sudden you start receiving unwanted e-mail (ads you didn't sign up for) in your inbox. Do not open any of the unwanted e-mails (they could contain a malicious program), Delete them! Do Not Do Business With This Seller. 
  • Look for reviews of the web site and read the customer's comments and look if the company is customer service friendly. Ask family, friends, and co-workers if they have used this site before to find out if it is reliable. Also, check if the website is registered with the Better Business Bureau www.bbbonline.org, 
  • Read the web site's terms of agreement and privacy policy. The information provided allows the shopper to find out what information the company collects on them (cookies, IP addresses).


Return Policies

  • Read the Return Policy including the fine print. During the holiday season some companies give customers extra time to return/exchange an item, or an option to return/exchange it at the store (provided the customer has proof of purchasing it online).
  • Be Careful, some online sellers don't accept returns at all (especially if it was personalized/engraved) or some give you as little as a week to return/exchange an item.
  • Ensure you have the correct postage when returning an item because some sellers will not accept the item if the postage amount is insufficient. If you returned an item with insufficient postage the seller could charge your credit (for the returned item) the postage due in addition to charging you postage for sending the new/exchanged item.
  • Ensure there is no restocking fee for the item you are purchasing (popular with electronic equipment). This lets the seller collect money for restocking the item that may not be damaged but opened.
  • Some online sellers offer free products, check if the item you are returning requires you to return the free product too.

What Will You Pay With

  •  Do Not Pay with Cash (money-wiring service) or money orders for any online purchase because there is no guarantee that your money will be refunded to you if you return the item.
  • Be careful when you pay with debit cards because it is a direct link to your bank account. If a person obtains your debit card information and the pin number they now have access to your bank accounts.
  • Paying with a credit card is safer because most creditors will refund fraudulent charges on your account. Plus, some creditors have a security plan that monitors your activity on your card, so if anything unusual happens they will call/e-mail you that a transaction happened.

 Print Out All Receipts

  • Print out and save all your online transactions including the description of the item, receipt conformation, and any e-mails between you and the seller.
  • Check your creditors for the charge and ensure it is correct. When you keep a good record for an item you purchased you have proof of purchase if something breaks.
Finished Shopping? Turn Off Your Computer
When you leave your computer on after you are finished using it hackers and scammers accept this action as an invitation to come in and roam through your files and operating system by installing malicious programs to perform cyber crimes. It is good practice to shut down (turn off) your computer when you are finished using it. Another option is to unplug the internet cable so no person is able to access your computer without you knowing it.

Everyone must work together to encourage good computing habits through best practices to prevent their identities, credit cards, and bank accounts from being stolen. Using the guidelines above is only one piece of the puzzle, the other piece is you (the user), if you don’t install good computing habits, everything you own could be stolen.