Safety Tips for Shopping Online

The holiday shopping season sees an uptick in people shopping online. Scammers may try to steal your information through scams. Here are some ways to help protect yourself.

Safety Tips for Shopping Online

  • Use websites that you know or trust.

  • Compare prices and deals, including free shipping and extended service contracts.

  • Use promo codes from sellers to get discounts or free shipping.

  • Get a complete description of the item and parts included.

  • Find out about the delivery timeline, warranties and the return policy.

  • Verify the full price of the item, including extra fees.

  • Read product and seller reviews from past customers and independent experts.

  • Pay with a credit card. Federal laws protect you if you need to dispute charges. You don't have that same protection with other methods of payment.

  • Use a secure browser. Look for a URL that starts with “https” rather than “http.” Also look for a closed padlock icon, usually in the web address bar.

  • If you plan to shop online, avoid using any public wifi hotspots or access points to do it. Hackers have more opportunities to try to access your devices if you’re connected to a shared network. Shop from your secure home wifi network. Learn more about better securing your home wifi network at the Federal Trade Commission’s website.

  • Some credit card companies offer a virtual card number for online shopping. This is a temporary, one-time-use number that expires after using it to make a purchase. Even if a hacker or scammer obtained the number, it would be no good to them after you’ve completed a purchase. Contact your card issuer to see if they offer this service.


If you get an email from a company that seems suspicious or offers a deal that sounds too good to be true, it could be a phishing scam. In phishing, scammers use fake emails, text messages, or copycat websites to steal your identity or personal information. The scammer may say your account has been compromised or charged incorrectly.

When they contact you, scammers will tell you to click on a link in their email. Or, they’ll ask you to give your bank account number to confirm your identity or verify your account. Sometimes, they may even threaten to disable your account if you don't reply. Don’t believe them. Legitimate companies never ask for your password or account number by email.


  • Contact the company if you’re unsure. Don’t call the number or use the links in the email. Instead, find their legitimate website or check a bill or account statement for contact information. Tell a customer service representative about the email and ask if your account has been compromised.

  • Turn on two-factor authentication. This involves accessing an account or website online using your password and another piece of information. This could be a code sent to your phone or a random number generated by an app. This protects your account even if your password has been stolen.


  • Don't click on any links or attachments in the questionable email. They may contain a virus that can harm your computer. Even if the links in the email say the name of the company, don't trust them. They may redirect you to a fake website.

You may already be aware of phishing scams. But now scammers are also trying vishing (voice phishing) and smishing (SMS text phishing) scams. Swindlers call or text, pretending to be with a company you know to steal your personal information. They may direct you to call a phone number to verify an account or to reactivate a debit or credit card.

If you receive one of these requests, report it to the Internet Crime Complaint Center (IC3). They’ll forward it to federal, state, local or international law enforcement. Also, contact your credit card company. Tell them if you’re disputing unauthorized charges made by scammers on your card or if you suspect your card number was compromised.

You could also become a victim of identity (ID) theft. Visit to learn how to minimize your risk.

For more resources on how to improve your personal cybersecurity, follow the hashtag #BeCyberSmart on social media and visit the Cybersecurity and Infrastructure Security Agency website.

Visit our information security center to learn how we protect you.