But what about the bad guys who lay in wait? IID's Third Quarter eCrime Report for 2011 indicates that use of phishing attacks (where thieves attempt to swindle you out of your sign-in credentials and even credit card info by pretending to be a real website, or even an online bank) is down, as much as eight percent since the second quarter and 11 percent since the third quarter of last year. That's great news—except the same report says sites with malware (malicious code aimed at compromising your privacy) has increased by 89 percent since the second quarter.
Stay calm. While somewhat alarming, these stats should not keep you from shopping online. You simply need some common sense and practical advice. Follow these basic guidelines and you can shop online with confidence. Here are 11 tips for staying safe online, so you can start checking off items on that holiday shopping list.
1. Use Familiar Websites
Start at a trusted site rather than shopping with a search engine. Search results can be rigged to lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it's less likely to be a rip off. We all know Amazon.com and that it carries everything under the sun; likewise, just about every major retail outlet has an online store, from Target to Best Buy to Home Depot. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example)—those are the oldest tricks in the book. Yes, the sales on these sites might look enticing, but that's how they trick you into giving up your info.
Never ever, ever buy anything online using your credit card from a site that doesn't have SSL (secure sockets layer) encryption installed—at the very least. You'll know if the site has SSL because the URL for the site will start with HTTPS:// (instead of just HTTP://). An icon of a locked padlock will appear, typically in the status bar at the bottom of your web browser, or right next to the URL in the address bar. It depends on your browser.
Never, ever give anyone your credit card over email. Ever.
3. Don't Tell All
No online shopping store needs your social security number or your birthday to do business. However, if crooks get them, combined with your credit card number for purchases, they can do a lot of damage. The more they know, the easier it is to steal your identity. When possible, default to giving up the least amount of information.
4. Check Statements
Don't wait for your bill to come at the end of the month. Go online regularly during the holiday season and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don't see any fraudulent charges, even originating from sites like PayPal. (After all, there's more than one way to get to your money.)
If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems, however; after that, you might be liable for the charges anyway.
5. Inoculate Your PC
Swindlers don't just sit around waiting for you to give them data; sometimes they give you a little something extra to help things along. You need to protect against malware with regular updates to your anti-virus program. PCMag recommends Webroot SecureAnywhere Antivirus (4.5 stars, Editors' Choice, $39.95 direct), which has extras to help fight ID theft, or at the very least the free Ad-Aware Free Internet Security 9.0 (4.5 stars, Editors' Choice)