2024 Guide to Safe Online Shopping
For many, this month is when gift-giving season officially begins in the United States (and several other places, I presume) thanks to Black Friday, which is quickly consuming most of November in many cases. As a result, even though online shopping is something most of us engage in year-round, now it’s particularly important to discuss how to safely shop online. Below is my now-annual updated online shopping tips, reflecting techniques and strategies I've picked up in the last year. (Note: some of the services I suggest offer affiliate programs, which The New Oil has signed up for. You can see a list of our affiliates here and see our affiliate link policy here.)
Use payment-masking services. While credit cards offer some benefits (such as rewards points or purchase protections), there astronomical rise in data breaches and e-commerce compromise makes using your credit card online a bit risky. Instead, I recommend utilizing pre-paid cards, gift cards, or alias payment services like Privacy.com in the US or Revolut in Europe to safeguard your real data from theft. The effects of a data breach could be as minimal as having to get a new card or as serious as draining your bank account, stealing your identity, or worse. Be aware that payment-masking services essentially function as banks in this scenario, so they will ask for some personal information that some people may not be comfortable with. If that's the case, call your bank and ask if they offer virtual card services. Some banks do – including large ones – and it's becoming more popular. You won't have the privacy benefit of having your transactions shielded from the bank, but you'll get the security of not having your card number stolen.
Alternately: use cash. Sometimes shopping in-person can have its perks, too. You can save money on shipping, get it quicker, and you don’t have to wonder if your loved one will come home and find it on the porch before you get home and hide it. When shopping in person, cash remains king. Your bank will absolutely sell data about your shopping habits based on when, where, and you much you spend on your card to advertisers. As a practical bonus, if you’re buying a gift for someone who has access to your bank statements (such as a significant other), cash can help shield your purchases and keep the gift a surprise. Additionally, holiday spending and gift giving is often a source of debt in the new year, so using cash will help you stick to your budget and start the new year off on a positive note.
Use alias email addresses. These services forward emails to your inbox while hiding your real email address, providing both privacy and security with convenience. By using different email addresses for each site, you make it slightly harder to be tracked across sites, but all your emails arrive in one place. This also improves your security as it changes your login on each site and makes it harder for credential stuffing attacks if your email gets exposed in a data breach. As a bonus, sites often spam you with offers, newsletters, and other marketing crap. Usually you can simply click “unsubscribe” but some of the scummier sites – or scammers if your email address was exposed – don't respect that request. With an alias email address, you simply turn it off and stop getting the spam. I recommend Addy.io and SimpleLogin as alias email providers.
Secure your accounts. Be sure to use strong passwords with a good password manager and use two-factor authentication (2FA) on all your accounts that offer it. This will prevent attackers from accessing your accounts, where they can then do things like buy stuff using your stored card or see your information like name and shipping address to threaten and extort you. I know the holidays are a hectic time for most people with travel and family and such, but it also usually means some paid time off. Take advantage of some of that down time and set aside an hour or two to pick a good password manager, change your passwords and password habits, and enable 2FA.
Use a PO Box. PO Boxes can serve tons of great purposes that you didn’t even know you needed. To start, they can be pretty inexpensive, in some places as little as $20/year. They can be handy because your packages don’t sit unguarded on your porch while you’re at work, instead sitting safely inside the building. And of course, you don’t have to worry about some stranger on the internet snagging your home address, whether that’s the random seller on Etsy, the rogue employee at Amazon, or the cybercriminal who hopefully didn’t steal your information because you already implemented my other advice.
Use reputable websites. These days there are tons of websites and apps promising to help you score a great deal on something by taking you to some website you’ve probably never heard of. While some of these are legitimate, others aren’t. The last piece of stress you probably want to pile onto the chaos of the holidays is having your data stolen. It’s just not worth saving an extra $10 on shipping. That said, I'm also vehemently opposed to Amazon for a number of reasons, so when I say “stick to reputable sites” I’m not advocating for getting everything on Amazon to play it safe. I prefer to buy directly from the manufacturer when possible using alias cards and email addresses, but there’s also big box stores, department stores, and pretty much anyone else. Not to say that Target or Etsy aren’t evil, I’m simply trying to make it clear that this isn’t a call for readers to continue to feed the abusive Amazon monopoly, It’s also a warning to be wary of those dime-a-dozen deal sites that may or may not be properly securing your data.
Beware scammers. Scammers are always drawn to opportunities to make money and the holidays are a great opportunity for them to take advantage of the increased online financial activity and the surrounding chaos to try to sneak in phishing attacks like “there’s a problem with your Amazon order, click here to correct it” or “here’s your receipt for your order of an iPad Pro/Samsung Galaxy” or “low balance” alerts from your bank (all designed to get your login credentials or card numbers directly). The best way to avoid these scams is to slow down, take a deep breath, and think. Ask yourself “did I even use this site recently?” For example, if you don’t bank with Bank of America, then how would you be getting a low-balance alert? Even if you suspect the alert is legitimate, go directly to the website and log in. Do not click the link in the email no matter what. If there really is an issue, there will be a message waiting in your inbox or a pop-up as soon as you login asking you to correct the issue. As an extra measure, you can call customer service to verify – but again, make sure you get the customer service number from an official source like the retailer’s website or the back of your credit card. Be careful if you “Google” the site as a way to find their customer service number, there have been cases where scammers abuse ads to direct people to fake websites with fake customer service numbers.
Don’t quit on December 26. The thing about these habits is that they’re great any time, not just around the holidays. Shopping is something we do all the time, all year, and these strategies can be implemented there, too. You can pay cash at the grocery store or when getting gas. You can use payment-masking services to pay for your subscription services or bills. Even a PO Box can be a neat thing to have on hand if you rent and move in the same area frequently, if you need an address on file for work, or freelance and need somewhere to send checks or a return address for merchandise you sell.
I hope these tips help keep you safer online this holiday season, and good luck finding that perfect gift!
You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...