How to Avoid Phishing When Shopping Online
Online retailers have made buying holiday gifts stupidly simple, but as convenient as it is, it’s much easier for hackers and fraudsters to phish your financial data if you’re not careful.
Phishing attacks have been around since the early days of the Internet, but a recent report released by data security firm Venafi indicates that the number of fake websites is on the rise. These sites, claiming to be popular retailers like Amazon, Walmart, even outnumber the real ones (see for yourself). Wenafi’s numbers are even more alarming when you consider pages masquerading as social media sites, banks, postal services and other web applications .
With Black Friday and Cyber Monday sales remaining in the weeks ahead, it’s important to take a few minutes to consider a few preventative measures that can protect you, your money, and your privacy when shopping online:
Make sure the url is safe
For example, URLs in most browsers display a locked padlock or say “Safe” or “Safe” in the address bar when the website is encrypted and your connection has not been intercepted. Some browsers also issue a warning and prevent access to unsafe websites in the first place.
Check URL Accuracy
Even if the website looks like a real one and your browser loads it without any warning and says it is safe, there is still a chance it is not a real object. Read the URL carefully to spot any gimmicks such as misspelled words, extra numbers or letters, or unusual domains. For example, Amazon should just be “amazon.com” with no extra numbers or anything added. If this is “amazon.com.xyz”, it is not Amazon.com.
Use a browser with DNS over HTTPS (DoH)
… for example Chrome or Firefox and enable it if needed. DoH is a safer and more anonymous way to access websites. You can also use a third party DoH service like Cloudflare .
Don’t click on suspicious links or attachments in email messages.
Better yet, just ignore suspicious emails.
Bookmark the real website and / or login pages
Make sure you only access these pages from bookmarked links and never log in from unknown links.
Use a password manager
This not only protects your login information, but also makes it easier to spot fake login pages because your password manager, if configured correctly, will only recognize real ones. If you need to, we have a variety of guidelines , many of which work in both mobile and desktop browsers.
Use official mobile apps for online stores / services
If you are using a mobile phone, find the company’s app instead of opening it in a mobile browser. (In cases where the website doesn’t have an app, be sure to check for fake URL strings in a browser like Chrome.)
And be sure to properly report any fake websites you come across .