Your Checklist for Safer Online Shopping

As Americans turn more frequently to online shopping--even for necessities like groceries and cleaning supplies—scammers are not far behind. Cybercriminals are reportedly attempting to trick victims with fake package tracking emails, bogus websites, and undelivered products. Learn 11 ways to help you shop online more safely.

Scammers May Lure Victims with Fake Shipping Notifications

Researchers have observed a number of fraudulent emails and websites that convincingly impersonate delivery providers like DHL, FedEx, or UPS. These phishing campaigns are reportedly exploiting the Coronavirus pandemic in an attempt to get the victim’s attention.

Experts say that customers are used to receiving frequent updates from couriers right now due to increased product demand and longer shipping times. These scam emails may encourage recipients to click a link to a fraudulent tracking website that convincingly imitates a shipping provider in order to capture account information. Alternatively, the emails may install malware that can give hackers the ability to steal information.

Fake E-tailers Often Mimic Legitimate Sites—But May Not Deliver

Some online shopping scams hook victims with a bogus website that mimics a trusted retailer, including the logo and slogan. Scammers may attempt to trick victims with a URL that is only slightly misspelled from that of a legitimate retailer or that uses .net instead of .com.

Some fraudulent retailers actually deliver products, but they may be counterfeit. More often, the ordered product will never arrive. In the case of “non-delivery” scams, victims may be initially lured in by finding an in-demand product available at a low price.

11 Ways to Shop Online More Safely

  • Choose trusted websites when possible - Experts advise shoppers to look first on websites run by trusted and known web retailers, as it is less likely to be a scam. It’s best to use apps provided directly by the retailer as well.
  • Research unfamiliar retailers - According to the Federal Trade Commission (FTC), it’s best to research unfamiliar retailers by typing the name of the company or product into a search engine with terms like “review,” “complaint,” or “scam.” Experts advise consumers to ensure they know the retailer’s physical address and working phone number in case there are any problems with the transaction.
  • Look for the padlock - Experts advise consumers not to enter credit card information on websites that don’t display SSL (secure sockets layer) encryption. Websites with SSL typically begin with https (instead of just http), and display an icon of a locked padlock to the left of the URL or the status bar, depending on the browser.
  • Pay by credit card - The FTC advises paying with a credit card, as credit card transactions are protected by the Fair Credit Billing Act, which allows consumers to dispute charges under certain situations, as well as temporarily withhold payment while the credit card company investigates the issue. Additionally, because a debit card draws money directly from a bank account, unauthorized charges could leave the victim with insufficient funds. It’s advised to never pay by wire transfer, money order, or gift card, as sellers that request these types of payments are often scammers.
  • Avoid unsecured public Wi-Fi networks - The Department of Homeland Security advises consumers not to connect to unsecure public Wi-Fi networks, especially for banking or online shopping. It’s advised to use a Virtual Private Network (VPN) or the user’s own cell phone hotspot instead.
  • Safeguard personal and financial information - The Department of Homeland Security states that attackers may attempt to gather information by sending emails requesting shoppers confirm a purchase or account information. Do not provide personal or financial information, including passwords, in response to unsolicited messages.
  • Be wary of phishing emails, even delivery notifications - It’s recommended that you avoid clicking on links or downloading attachments unless you are confident about the sender of the email. Instead, it’s recommended to type the URL directly into a web browser. To better avoid scam delivery notifications, it’s good practice not to use the link provided in the email, and instead enter the tracking number directly on the delivery service's legitimate website.
  • Use caution with gift card purchases - Experts advise buying digital gift cards directly from verified online merchants. In addition, it’s best to check the guarantee policy before using a gift card exchange site, as some scammers trade cards that no longer have funds.
  • Regularly review credit card and bank statements - It’s recommended to regularly check credit card and bank statements for any fraudulent charges, and immediately notify both the bank or financial institution and local law enforcement of any suspicious activity. It’s also a good idea to set up alerts to receive an email or text message when transactions are made.
  • Implement unique passwords and multi-factor authentication - Experts advise using a unique password—or passphrase—for each account, as well as multi-factor authentication wherever possible. Multi-factor authentication can make it more difficult for hackers to access an account by sending a unique one-time code to the user’s mobile device.
  • Keep devices up-to-date - Experts advise that consumers protect devices by keeping software up-to-date and enabling automatic software updates where applicable. Also consider installing an antivirus program.

If You Suspect a Problem

  • If you have an issue with an online purchase, the FTC advises first trying to resolve it directly with the retailer. If that is unsuccessful, report it to the FTC at ftc.gov/complaint.
  • If you believe your personal or financial information has been stolen, report it immediately to the local police as well as to the FTC at IdentityTheft.gov.