person shopping online on mobile

6 Tips for Online Shopping Protection [Video]

Black Friday…Small Business Saturday…Cyber Monday…Giving Tuesday… Pretty soon we’ll have a special shopping name for every day of the week! But whether you wait all year for these holiday deals or save your spending for spring and summer, you should always be careful when shopping online. To that end, here are 6 tips to help you protect your data—and your bank account—when making online purchases and charitable donations.

Watch this 3-minute video of our CEO on WTOC discussing the warning signs of holiday scams. Then read below for the rest of the safer shopping tips.

1. If a deal seems too good to be true…it probably is.

With billions of dollars on the line, the period from Black Friday to Cyber Monday means big business to most retailers. And that business reaches out to consumers through billions of emails and online ads. In fact, on Friday alone, more than 150 emailed offers from legitimate retailers made it to my Inbox. And that’s not including the others that were caught by spam filters.

So with all that noise and competition to get your attention, businesses have to get creative. But offering a 50″ 4K TV with 6 month subscription to Disney+ included for $99 total should set off a lot of alarm bells.

That ‘free 6-day cruise’ is going to come with a lot of fine print…or it’s a scam.

And the Google Home device for every room, plus a brand new Pixel phone for only $19.99 a month, is a steal. Literally.

These deals are designed to get you to click so they can steal your data. Which they can use to wipe out your bank accounts or turn around and sell to others with evil intentions.

So trust your instincts. If an offer seems too good to be true, odds are, it is.

2. Choose credit, not debit.

Debit cards have been such a convenience since they came on the scene. No more running to the bank or looking for ATMs with the lowest fees to take out money when you need it. But when it comes to online shopping and fraud protection, credit is king.

With a debit card, the money is taken out of your account immediately. And if you find out you’ve been scammed, it can take days or even weeks to get that money back. Depending on your bank, you may also have a limited amount of time to discover and report such fraud, sometimes only a matter of days.

With credit cards, you often have a period during which a charge can be disputed or put on hold while the credit card company investigates before removing the funds. And if you don’t find out and report immediately, federal protections offer zero-fraud liability, which means you should not be responsible for more then $50, if anything, if you report a fraud within 60 days.

Paypal and other online payment systems may also have added protections for you, but if they link directly to your bank account, you may want to go the separate, secure credit card route just to be safe.

3. Check and double-check those URLs.

You’ve heard it before, and you’ll keep on hearing it again and again.

  • Hover over links to see the destination before you click. If it looks like a bunch of gibberish and you’re not sure, pull up the website separately to find the deal.
  • Carefully check for misspelled domains or similar-sounding fakes (such as rather than
  • Check to see that the website you are making purchases on is secure, that it has a closed padlock in the web address, and look for a privacy policy. Any retailer accepting online payments should offer a clear explanation of what data they track, how they handle it, and what your rights are.

Recognize that any offers, whether online, in email, or even via text, will be designed to get you to click without thinking. They won’t all be scams, but the scammers are getting more sophisticated, so take your time and trust your instincts.

4. Make sure that charity is real.

End-of-year giving is a common and wonderful thing to do. Whether it’s a passion project or for tax purposes, your generosity is not only appreciated by nonprofits, but can also be the only thing keeping them running at times. Sadly, it can also be exploited.

Your local firefighters association may find that handwritten letters earn them higher donations. The retired police group may prefer personal phone calls. A Children’s Theater may go door-to-door with its young actors. There may be a number of smaller nonprofits you haven’t even heard of in your community. And any of these may reach out through email, text, or the methods listed above.

What’s important to keep in mind is that you do not have to act immediately. You should never share your banking information over the phone or online, and you CAN take the time to research these groups.

  • If they reach out to you in person, ask if they have a website. Visit it and look around to see if it has what you’d expect or if it looks like it was thrown together. If they have a Facebook page, when was it created? Do they have very few followers? How frequently do they post updates?
  • Check the address of the agency. They may use a PO Box, but they should also have a physical address.
  • Look them up in the IRS Tax Exempt Organization Search. This database includes all organizations with a valid 501(c)3 tax exemption, which makes your donation tax-deductible. Nonprofits do not have to be 501(c)3, but if they are telling you your donation can be written off and they are not in this database, they might not be telling the truth about other things as well.

5. Avoid purchasing on public wifi.

Free wifi has become a convenience we expect nearly everywhere. It’s great for keeping our data usage down if we don’t have unlimited, but it’s terrible for protection.

The risk is right there in the name. It’s public. It is not private, and using it to make purchases should be looked at the same way as leaving your credit card taped to the drink machine in a Chick-fil-A—available for anyone to come by and take it.

If you’re curious about how wifi works, read this article about Encryption.

6. Don’t Fall for Delivery Scams

With all the online shopping this time of year, there’s an accompanying increase in package deliveries. You ship things to your home, your office, your relatives, wherever. And conveniently, you receive automatic notifications when items are shipped and sometimes when they have arrived.

Scammers know this and have capitalized on it. Whether it’s for UPS, FedEx, the USPS, or another carrier, phishing emails with fake delivery notifications or alerts will hit your Inbox more frequently this time of year. Typically they claim to have a problem that you need to click on a link to review and address. But please think before you click.

  • Check that the sender is legitimate. If you have received ten other notifications from Amazon, then do not click on this one from a different company ‘about your Amazon package.’
  • If you have not ordered anything, do not click. Yes, there may be loved ones sending you packages, BUT legitimate carriers will contact the buyer, not you the receiver. Or they will leave a note on the door when they attempt delivery.
  • If it looks legitimate, but you’re not 100% sure, you can always log into your account independently to check on the status of your order. Don’t let the message make you panic or trick you into quickly clicking.
  • Remember that these tips apply to texts as well as emails. We’re allowing companies to send us text alerts more frequently now, and scammers are recognizing that and adapting. Any unsolicited link should be viewed with suspicion.


Now go forth and shop safely. If you’re interested in more tips like this, click on the tags below for related posts. And if you’d like to know about the latest phishing scams, view them all here.