Online Shopping — Pause, think before you pay!

The holiday season is not just busy for shoppers — it is busy for cybercriminals, too.

What are the risks of online shopping?

  • Identity Theft
  • Credit Card Fraud
  • Adware & Malware
  • Fake Online Stores
  • Overpayment

How to stay safe online

Never reveal your Social Insurance Number or driver's licence number
Your most valuable asset online isn't your credit card number, but your personal information. The more you reveal about yourself online, the greater the risk of identity theft.

An online store will request your name, address, phone number, e-mail address, and billing information. No legitimate business needs a Social Insurance Number or a driver's licence number for a simple purchase.

Use a dedicated shopping e-mail address
Your personal e-mail account likely includes personal information, lists of contacts, and archived correspondence you wouldn't want hackers to access. Your work e-mail account may contain even more sensitive information.

Setting up a separate e-mail account used only for online shopping makes the information in your regularly used e-mail accounts less vulnerable if there is a data breach involving the shopping site. In addition, any special offers, marketing ads, and other e-mails from retailers will go to that account, making it easier to identify spam in other accounts. Make sure the shopping e-mail account's username and password are different from those of your regular accounts.

Never click shopping links in an e-mail 
Be very careful in how you handle messages from online retailers. Even if a message shows up in your dedicated shopping e-mail inbox, it isn't necessarily legitimate. Rather than clicking on the link in the message, go directly to the store's official website and search for the item on sale, or type in the codes for special offers.

At the very least, verify the link embedded in the e-mail message by hovering your mouse cursor over the link — the actual link will be displayed at the bottom of your browser window.

Use smart password management
Many data breaches involve unencrypted or poorly encrypted passwords. Because many people use one or two basic passwords for everything, once a cybercriminal has the password for one online account, they can usually access other accounts.

Make sure you use a different password for any account that involves money or personal information.

Use two-factor authentication
If an online store offers two-factor authentication, use it (Amazon now does). Yes, it may mean going through an extra step, such as typing in a code texted to your phone or generated by an authenticator app, but it adds a layer of security. It'll make it much harder for anyone who has your password to access your account.

Use store apps when shopping on mobile devices
It is difficult, if not impossible, to do all the standard safety checks you would do on a computer (checking links, checking browser connections) on a mobile device's web browser.

The safest way to shop on a mobile device is to use the store's own app - downloaded from an authorized app store - and use the cellular carrier's network or a secure Wi-Fi connection.

Do not shop on public Wi-Fi
If "avoid unsecured Wi-Fi" is something you hear so often it is obnoxious, that is because it is an essential tip: public Wi-Fi is dangerous, especially if you are doing secure business, like shopping online.

Unsecured Wi-Fi makes it easy for someone to steal your login credentials, credit card details, and other personal information. If you have to use public Wi-Fi to shop online, make sure it is a network you have to sign in to. While still not as safe as shopping at home, it adds a bit of security.

Keep all your software up to date
No matter which device you use, don't go shopping online until you know all of your software is updated. That includes using the latest version of your preferred browser, having the best antivirus software installed, and applying all the most recent software patches, whether you're on a desktop, laptop, tablet, or smartphone.

How you can tell if a website is secure?

Only ever put your card details into secure websites. Be on the lookout for the following signs to know you are shopping safely. Remember, this only means the site is secure, not that the seller is honest.

  • Padlock symbol — There should be a padlock in the address bar next to the website address.
  • Website address — This should start with https://. The S stands for "secure".
  • Green address bar — On certain browsers and websites the address bar will turn green.
  • Valid certificate — If you click the padlock symbol or just to the left of the address bar, you should see information on the site certificate. This should tell you who has registered the site. If you get a warning about a certificate, avoid the website.

What to do if something goes wrong 

If you have been sent the wrong or defective items, the first step should be to contact the online seller and the website you used such as eBay or Amazon.

If you paid on a card and you're not happy with the retailer's response, or you have received no response, contact your card provider.

If you think your card has been used fraudulently, let your bank know straight away so they can stop any further use of it.

Four scams to watch out for this holiday season

SIM swapping
Fraudsters will send a phishing e-mail, which appears to be from your service provider, offering you free data or something similar — and a link for you to claim your "prize." The link asks for personal information to update your cellular account profile. Fraudsters will then contact your service provider and, using that information, gain access to your phone and your bank accounts, your social media accounts, e-mail accounts, etc.

If you receive an e-mail from your service provider with an offer, make sure it is real.

Evolving phone scams
This one might sound familiar: someone allegedly calls from the Canada Revenue Agency (CRA) and demands payment for back taxes while threatening the victim with arrest . Fraudsters tell victims their social insurance number (SIN) is compromised and then attempt a two-part scam. First, they'll attempt to coax your name, date of birth, SIN and other personal information from you. Then they'll say police or investigators need to follow up, which later turns into a demand for cash telling victims to move money into a "safe account."

Keep in mind that Canadian agencies wouldn't call and ask for personal information.

Online shopping scams
As more and more shoppers turn to the internet to find that perfect holiday gift, fraudsters are taking notice. Scam comes in the form of an unbelievable offer for a wish-list item — but often it's counterfeit or of an inferior quality.

Simply, if a deal seems too good to be true, it probably is.

Loan scams
This scam typically preys on victims looking for extra cash during the holidays. Fraudsters offer loans, and then either take personal information or begin to demand payments.

Be cautious and only seek loans from credible providers.