Here are a few precautions to keep in mind.
“I’d never thought I would buy steak online, but I’m buying steak online,” Mark Ostrowski, a cybersecurity expert at software firm Check Point, told CNN Business. “People really need to keep track of their footprint and go through and delete accounts, remove credit cards, move personal information off a lot of these things after they do their purchasing — especially if it’s a one-time type purchase.”
It may sound tedious but keeping a running list of websites where you’ve entered your credit card information can be helpful to make sure you remove that data later.
Some browsers such as Google Chrome have a built-in password manager that reveals which sites you have accounts with. “You could use that to kind of go backwards in time and … clean it up,” Ostroswki said.
Password managers such as LastPass or Dashlane, which can store all your passwords securely and autofill them on websites, or even generate temporary numeric codes so you don’t have to enter your password, can also make it easier to protect data against
Think twice about how you pay
Digital payment services like PayPal can also allow you to make purchases without entering your card information on numerous sites.
it’s the oldest trick in the book, but cyber criminals frequently try and impersonate popular brands or companies in phishing attacks, emailing fake offers or discounts that may look like the real deal but install malware when you click on them. But they keep at it because people fall for these tactics. Getting around it can be as simple as typing out the website on your browser first.
“Doing a Google search for the company which you want to do business with is a lot safer than clicking on a link that you’re getting in an email,” Ostrowski said. “And better yet, if you know exactly where you need to go, go directly there.”
Many best practices for other types of online activity can also be effective when it comes to online shopping, such as making sure the website you’re on is encrypted. The best way to do that, according to CISA, is to check whether the site’s URL starts with “https” rather than the more standard “http.”
Some browsers also have a padlock icon that indicates a site is encrypted, CISA said. But users should be careful about those, too. “Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser,” the agency added.
Finally, experts warn shoppers should never buy anything online when on a public WiFi network, which tend to be less secure and ripe for exploitation. If you’re out of the house and not on a known secure network, it’s “safer to do so via your mobile phone network,” according to Kaspersky.
The cybersecurity firm also recommends using a dedicated email address just for online shopping, to prevent attacks disguised as marketing emails from making their way to your main inbox.
“If such messages are sent to your primary email address, you’ll be aware that there’s a fair chance that they’re fake or malicious,” Kaspersky researchers said.
According to Ostrowski, the sheer amount of data users end up exposing while shopping online can make them vulnerable even long after they stop purchasing.
On a daily basis, people don’t think about “how big their footprint is on the internet with online retailers,” Ostrowski said. “In six months or eight months, when maybe you don’t need as many of these retailers, that footprint’s going to continue to exist for a long time. So I think people really need to keep track.”