Online Holiday Shopping Guide: 6 Tips to Prevent You From Getting “Scrooged” This Season

Today’‘s blog post comes to us from Nancy Woo, a professional writer who has done her fair share of online holiday shopping, and uses these tips to stay safe every time.

Hardly any of us can call ourselves “Moneybags” this season, and in a tumultuous economy, the last thing anyone wants is to find themselves suddenly the victim of Internet fraud or identity theft while innocently shopping for gifts online. Isn’t the holiday season already stressful enough?

We all know how exciting it can be to think that you’re getting a fantastic massage at a quarter of the price from a website that resembles Groupon. But imagine how you’d feel the next day when you found out that Joe Hacker was going to be doing your relaxing for you.

Unfortunately, online fraud does happen, and the holiday season offers the ripest pickings for hackers. So, rather than spending a grueling half-day on the phone with your bank trying to convince them you haven’t been to Moscow lately, follow these tips to protect your account information online.

  Make Sure That Your Browser Is Using 128-bit Encryption

Basically, 128-bit encryption is the highest form of security under the Secure Sockets Layer, or SSL, protocol that is the standard for Internet security.

When information is entered into a website, a special key is used to encrypt, or hide, the data. Then another key, specific only to the legitimate website receiving your information like a bank or retailer, is used to decrypt, or decode, the information entered.

How many “security bits” do you want? 128! No less!

At first, 40 bits was the standard, meaning that the code to decipher the information was 40 units long. When this proved too easy for computer hackers to crack, the standard was upgraded to 128-bit encryption, because it is much more difficult for hackers to correctly guess 128 correct units in a row.

128-bit encryption should be used on all browsers at all times. In order to check whether your browser is currently encrypted with 128 bits, see this handy guide. And if you find you do not have 128-bit encryption, upgrading your browser to the latest version can usually solve this problem.

Use Difficult-To-Decode Passwords And Change Them Frequently.

It doesn’t take a brain surgeon to figure out that a password like “123456” is probably not going to be very hard to guess. In a recent study that revealed the Top 20 Most Common Passwords, this one sadly tops the list at #1. (The password “Password” comes in at a pathetic #4.)

Using a complex combination of letters, numbers and symbols is the best way detour hackers. While at first it may seem like a headache to keep track of these lengthy, involved passwords, it will certainly pay off in the long run.

Making an easily accessible list (that you won’t lose) of your various Internet passwords can help relieve a little of the headache. Even creating an Excel file on your hard drive with various website names, usernames and passwords is safer than using the same simplistic password for all sites.

Also, again, while it may seem like a pain, changing the passwords of websites you visit frequently, like your bank’s website or, will greatly decrease your risk of getting unwittingly hacked.

Verify That The Domain Is Legitimate

One technique commonly used by sneaky, web-savvy hackers is to create a fake website that looks exactly like the website you’re used to visiting with the hopes that you won’t notice and that you’ll enter your information as normal.

This little trick can be fairly hard to detect if you aren’t looking for it, because the login page usually looks pixel-for-pixel like the actual website. And you may be directed to these pages from a friend’s profile, not because they’re trying to trick you, but because their account was probably hacked.

Looks like Facebook… smells like Facebook… but wait a minute, when did Facebook become plural?!

So, in order to be smarter than the average bear, whenever you even have the slightest inkling that the website might be fake, luckily, there’s an easy way to tell. Just look at the address bar and see whether it is some odd variation of the actual website, like or This is a clear sign the website is fake, and all you need to do is close that tab. Disaster averted.

Check For “https://” In The Domain

The “s” stands for secure: burn it into your brain as a sign of a good connection.

Ever notice that extra “s” tacked onto the standard “https://”? Ever wonder what it means?
That added “s” means you are operating under a secure SSL connection. The websites that pay to have secured hosting, and consequently that additional “s,” are the ones that are safest to shop with. The “https://” will usually occur at Login or Checkout pages.

Bonus tip: Along with the “s” in the domain, a little image of a lock will also usually appear somewhere in the browser window, indicating a secure connection.

Look For Trust Badges

Sort of like a good police officer or sheriff, legitimate websites will often proudly display their trust badges to online customers to indicate their valid authority. A trust badge is basically a logo that signifies a recognized third party has deemed the website safe for ecommerce. It’s like the site is wearing a t-shirt with an arrow pointing at itself that reads, “I’m not a hacker.”

Some trust badges, like Comodo, GeoTrust and Verisign Trusted, let the shopper know that the site is fully encrypted with SSL and credit card information is transferred over a safe connection.

Other badges show that the website is partnered with anti-virus and anti-hacker programs, such as McAfee and Trustwave, which scan the sites daily looking to eradicate vulnerabilities.

These little symbols are your friends.

The third type of trust badge, offered by companies like Truste, BBB and PayPal, assures customers that the website has a solid reputation and a strong privacy policy, meaning the information you share is unlikely to be distributed or used for ulterior purposes.

These trust badges are generally hard to design and imitate, so when you see one, it’s a good sign that the website has gone above and beyond their call of duty to let their customers know they’re the real deal.

Shop With Retailers That Use Quality Shopping Cart Software

If it looks fishy, smells fishy, seems fishy, it’s probably fishy. When all else fails, use your best judgment to detect any holes in their legitimacy. For example, if a pop-up window appears that says you’re leaving a secure connection, that doesn’t necessarily mean there’s a hacker on the loose, but it probably means the website hasn’t checked their security levels lately.

When you are at the checkout page, use all the tips you’ve learned here so far to check the security level: is there an https:// in the domain? Is there a lock symbol? Is the domain familiar and not a strange offshoot? Does the website have a trust badge? Does it generally seem to you like a legitimate operation? Does it allow you to verify your information before sending? Putting together all the knowledge you’ve gleaned about online shopping safety will greatly decrease your chances of having Christmas ruined by a hacker Scrooge.

Bonus Tip

Does the website have an “About” page and a “Contact” page with an e-mail, address or phone number? If so, the information is more likely valid. If you’re on the fence about it, try shooting the manager an e-mail or calling them and seeing what kind of response you get. And remember to watch out for those sneaky phishing techniques!