TANSTAAFL: If it sounds too good to be true, it is. Remember: “There Ain’t No Such Thing As A Free Lunch”
Update Your Software: All the devices you use for shopping - including smartphones and tablets - should have up-to-date software.
When in Doubt…: Delete any suspicious emails and be sure to review links in email, tweets, posts, and online advertisements before clicking on them.
Wi-Fi Hotspots: Don’t shop, bank or share financial information over an unsecured wireless network (e.g., Starbucks, hotel or airport WiFi). Be sure to turn off WiFi and use your cellular data connection when shopping or banking. Consider using a secure VPN service for your personal laptops and mobile devices, such as Nord VPN.
Check Website Legitimacy: Verify the spelling of any website URL’s you visit to make sure they’re not fraudulent. For new sites, check online reviews.
Use Safest Payment Options: Credit (not Debit) cards are generally the safest option because they allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered. Also, credit cards may have a limit on the monetary amount you will be responsible for paying. Further, Debit card fraud can cause you to be without access to your cash until after a lengthy investigation is completed.
Watch for Fake Shipping/Delivery Notices: A common phishing attack is to notify someone that an urgent delivery will not be delivered unless you provide personal information to authorize delivery, or it will be returned to sender tomorrow.
Require Signatures Before Delivery: Provide ship valuable items “signature required”. In order to meet tight delivery schedules, drivers of delivery trucks often just leave packages on doorsteps and driveways unless specifically instructed to obtain a signature. In 2017, 31% of all US families had at least 1 package stolen by thieves following delivery trucks into neighborhoods and stealing unattended packages left on porches and driveways.
Keep a Paper Trail: Save records of your online transactions, including the product description, price, online receipt, terms of the sale, and copies of email exchanges with the seller. Read your credit card statements as soon as you get them to make sure there aren’t any unauthorized charges. If there is a discrepancy, call your bank and report it immediately.
Attackers are Constantly Evolving their Methods: It used to be that you could check for a closed padlock on your web browser’s address bar or a URL address that begins with shttp:\ or https:\. However, this has recently been found to be ineffective due to new attack techniques. Recently, attackers have begun to encrypt their website URL’s to make them more difficult to spot. Currently, approximately 50% of the websites used in phishing attacks have adopted this approach (example below).