Online Shopping Safety Tips

Couple online shopping with computer and credit card
Photo by Andrea Piacquadio from Pexels

This holiday season, many of us will be surfing for the best deals, but cyber Grinches also are online trying to steal your cash. Those monster deals might just stink, stank, stunk. Avoid those bad bananas, check out the online shopping safety tips below.

If your password is breached on one site, the hackers can’t use that password on your other sites and accounts if it is unique. If they get one of your passwords, they may try it on other websites in a credential stuffing attack. Use a password manager to store all those unique passwords.

Multifactor, or 2-step, authentication (MFA/2FA) prevents access to your account even if your password is breached. In order to log in a site with MFA, you will need to provide your password and something else, like a text message code, in order to log in.


Be careful shopping on sites new to you because hackers set up very convincing fake or imposter sites to steal your money.

Check how old a site is by looking up their Who Is record, which tells you when the domain name was registered. For instance, the who is record for shows that it was registered in the year 2000, which means it is over 20 years old. That makes it more trustworthy. But if the site was created recently, you know to avoid it.

Best Buy Who Is Record

The Who Is record for the fraudulent domain is from 2020, so is less trustworthy.

Fraudulent site Who Is record dates



Hackers use domain names spelled just slightly differently from the real ones to fool you, like instead of This is called typo-squatting.

Fraudulent site also mimic the look and feel of the real site as well, and they can be very convincing.

Look out for deep discounts, like 50-90% off, as this could be a red flag.

Example Canada Goose Doppleganger Site

Sites that encrypt your information will show a lock in your browser’s address bar.

The Bay Website SSL Lock

Sites that aren’t encrypted will show a lock with a line through it in Firefox, and in Chrome, Safari, and Edge it will say “Not secure”.

Insecure Website NotificationsNote that in 2016, a non-profit organization called Let’s Encrypt started offering free SSL certificates to all site in the interest of securing the internet. An unintended consequence of this is that even fraudulent sites can encrypt themselves for free. So just because a site has the lock, does not mean it’s not a scam.

If others had problems with the website, they may have reported it online somewhere.

If the site’s policies are very strict or have spelling and grammar errors, that could mean it is a scam.

Check the vendor ratings and reviews on sites like Amazon, Etsy, or Best Buy Marketplace to see if other people had problems with the seller.