Safe Shopping: 2023 Edition
This month, gift-giving season officially begins in the United States (and several other places, I presume). It kicks off in full with Black Friday, but brands are increasingly starting their holiday deals as early as the beginning of this month. Consequently, this is the time to discuss safe shopping tactics. Below are updated online shopping tips, reflecting techniques and strategies I've picked up in the last year. (Note: some of the services I suggest offer affiliate programs, which The New Oil has signed up for. Affiliate links are clearly marked and are optional.)
Use cash. Credit cards offer some personal finance benefits (such as cashback or rewards points and purchase protections) and the risk of skimming and other card-stealing techniques – while never fully eradicated – has been largely mitigated. However, credit cards are still a privacy nightmare. Your shopping data will absolutely be sold by your bank to data brokers. As such, cash is king. But if you need some less-paranoid, more practical reasons to use cash: if you’re buying a gift for someone who has access to your bank statements (such as a significant other) it can help shield your purchases and keep the gift a surprise. Furthermore, holiday spending and gift giving is often a source of debt in the new year, so using cash will help you stick to your budget.
For online shopping: Of course, sometimes online shopping is the only practical option. For those times, utilize pre-paid cards or alias payment services like Privacy.com (non-affiliate link here), MySudo, or ViaBuy (if you live in Europe) to safeguard your real data from theft. The effects of a data breach could be as minimal as having to get a new card or as serious as draining your bank account, stealing your identity, or even stalking you. Be aware that Privacy.com and MySudo essentially function as banks in this scenario, so they will ask for some personal information that some people may not be comfortable with. If that's the case, call your bank and ask if they offer virtual card services. Some banks do – including large ones – and it's becoming more popular. You won't have the privacy benefit of having your transactions shielded from the bank, but you'll get the security of not having your card number stolen.
Use alias email addresses. These services forward emails to your inbox while hiding your real email address, providing both privacy and security with convenience. By using different email addresses for each site, you make it slightly harder to be tracked across sites, but all your emails arrive in one place. This also improves your security as it changes your login on each site and makes it harder for credential stuffing attacks if your email gets exposed. As a bonus, sites often spam you with offers, newsletters, and other marketing crap. Usually you can simply click “unsubscribe” but some of the scummier sites – or scammers if your email address was exposed – don't respect that request. With an alias email address, you simply turn it off and stop getting the spam. I recommend SimpleLogin (affiliate link here) and Addy.io as alias email providers.
Use reputable websites. These days there are tons of websites and apps promising to help you score a great deal on something by taking you to some website you’ve probably never heard of. While some of these are legitimate, others aren’t. The last piece of stress you probably want to pile onto the chaos of the holidays is having your data stolen. It’s just not worth saving an extra $10 on shipping. That said, I'm also vehemently opposed to Amazon for a number of reasons, so when I say “stick to reputable sites” I’m not advocating for getting everything on Amazon to play it safe. I prefer to buy directly from the manufacturer when possible using alias cards and email addresses, but there’s also big box stores, department stores, and pretty much anyone else. Not to say that Target or Etsy aren’t evil, I’m simply trying to make it clear that this isn’t a call for readers to continue to feed the abusive Amazon monopoly, It’s also a warning to be wary of those “greatdeelz.com” sites that seem to be dime-a-dozen.
Beware scammers. Scammers are always drawn to opportunities to make money and the holidays are a great opportunity for them to take advantage of the increased online financial activity and the surrounding chaos to try to sneak in phishing attacks like “there’s a problem with your Amazon order, click here to correct it” or “here’s your receipt for your order of an iPad Pro/Samsung Galaxy” or “low balance” alerts from your bank (all designed to get your login credentials or card numbers directly). The best way to avoid these scams is to slow down, take a deep breath, and think. Ask yourself “did I even use this site recently?” For example, if you don’t bank with Bank of America, then how would you be getting a low-balance alert? Even if you suspect the alert is legitimate, go directly to the website and log in. Do not click the link in the email no matter what. If there really is an issue, there will be a message waiting in your inbox or a pop-up as soon as you login asking you to correct the issue. As an extra measure, you can call customer service to verify – but again, make sure you get the customer service number from an official source like the retailer’s website or the back of your credit card. Be careful if you “Google” the site as a way to find their customer service number, there have been cases where scammers abuse ads to direct people to fake websites with fake customer service numbers.
Use a PO Box. PO Boxes can serve tons of great purposes that you didn’t even know you needed. To start, they can be pretty inexpensive, in some places as little as $20/year. They can be handy because your packages don’t sit unguarded on your porch while you’re at work, instead sitting safely inside the building. And of course, you don’t have to worry about some stranger on the internet snagging your home address, whether that’s the random seller on Etsy, the rogue employee at Amazon, or the cybercriminal who hopefully didn’t steal your information because you already implemented my other advice.
Secure your accounts. Be sure to use strong passwords with a good password manager and use two-factor authentication (2FA) on all your accounts that offer it. I know the holidays are a hectic time for most people with travel and family and such, but it also usually means some paid time off. Take advantage of some of that down time and set aside an hour or two to pick a good password manager, change your passwords and password habits, and enable 2FA. This is one of the single most effective things you can do to protect your online accounts. On top of that it's free and easy, yet few people do any of this stuff. Doing this step alone will make you a harder target than most, and all but the most dedicated attackers won’t even bother with your data, they’ll simply move on to easier targets (of which there are plenty).
Don’t quit on December 26. The thing about these habits is that they’re great any time, not just around the holidays. Shopping is something we do all the time, all year, and these strategies can be implemented there, too. You can pay cash at the grocery store or when getting gas. You can use payment-masking services to pay for your subscription services or bills. Even a PO Box can be a neat thing to have on hand if you rent and move in the same area frequently, if you need an address on file for work, or freelance and need somewhere to send checks or a return address for merchandise you sell.
I hope these tips help keep you safer online this holiday season, and good luck finding that perfect gift!