Online Shopping Safety Guide – The White Hatter


Online Shopping Safety Guide – The White Hatter

With the convenience of online shopping, comes the increased risks of scams, hacks, and frauds. Here are some simple tips and strategies you can employ to greatly decrease the likelihood of falling victim.

Credit Cards

The first tip, while online shopping, use a credit card. Now you might be thinking, well obviously that’s how you buy things online, but there are many other digital means to transfer money – cryptocurrency, wire transfers, and the use of cash apps like Venmo. The advantage of shopping online with a credit card, most have extra consumer protections. If you have a reasonable credit card spending limit, meaning your card can not process any purchases larger than your limit, any fraudulent charge can’t be greater than that limit. Often you can dispute fraudulent credit card purchases compared to money transfers from your bank account or apps. Also, some cards offer warranties on purchased products which can be a bonus. Many banking institutions have the ability to set up purchase notifications over a certain dollar value, so if you set it at $50, anything purchased over that amount will trigger an email or text notification to you. So if you get a charge notification but you did not actually buy anything, that might be a clue something is wrong.

Checking your bills is a must. Spotting fraudulent charges quickly is key. There are different strategies scammers can use. One of the most common strategies – take ask much as you can as fast as you can once they have accessed your account. On the flip side of the coin, another strategy that can be implemented – make smaller fraudulent purchases that look like any other nominal charge that do not raise your suspicion. In either case, do check your purchase statements frequently.

If you really do not want to use your personal credit card, a virtual credit card service might be of interest – is one such service. Essentially, you can generate a temporary virtual credit card that is only used for the purposes of a specific purchase. If the site is fraudulent, then they cannot charge you more. Plus, there are other neat safety features you can utilize in the dashboard.



False retail sites are just one way online shopping scams happen. However, one of the more common scams is called “phishing” – a fraud tactic designed to send you an email or text message that contains a fraudulent link. Delivery services such as DHL or Purolator top the charts in brands used to fraudulently scam consumers. So, look out for fake shipping text messages and emails. An example – getting a message about an outstanding delivery bill for a parcel you were not expecting.  If you are expecting an international package, you may receive a fraudulent message that your package is in customs, and you need to pay X amount of dollars to release the package. Rather than clicking on the link, contact the delivery service by phone to check the authenticity of the email or text. 

Oversharing can leak information to a scammer letting them know what items you are waiting for, or what delivery service you are using. While this method does take some time for the scammer to accomplish, time is on their side and the rewards make it worth the time and effort.

When receiving messages for “limited” time offers, check where the buttons and weblink in the message take you. Scammers will try their best to hide scammy weblinks behind buttons, hyperlinks, short links, or QR codes. Typically, just visiting a page will not result in any data leakage or damage. There used to be a time that drive-by-downloads were a considerable concern. Simply visiting a bad webpage would place you at risk, thankfully web browser security has come a long way since then (although this is still a risk in the deep web). Normally for a hack or a scam to succeed, the computer users must click on something like a link, hence why trickery is the most common method to access your private information. Never click on a link in any email or text that says it will take you to a website – instead, manually search the site yourself, and always check the top URL addresses. Often, the clue that you are dealing with a scam weblink will be located at the end of the URL. There is nothing stopping an online criminal  from creating the following 

The White Hatter is our website, so we can put whatever we want in front of it. This is how scammers love to hide their fake links and websites. Instead of clicking on buttons in an email or text that will send you to a fraudulent website,  go to the promotion homepage directly. Important note – we do understand not all promotional websites are easily and publicly available.

Do not save credit card information on sites. Although convenient, it can place your information at risk for scammers. Not all retailers use the best security. Again, sticking with the major retailers should be fine.  Also remember, if you have automatic login and payment saved on your device, and the hacker has access to that device remotely because they downloaded malware onto your device, it could possibly allow that hacker to open your browser, navigate to your favored shopping site, and make some purchases using your credit card information if you have auto-login enabled.  A computer anti-virus you are running should help to mitigate this threat.



Ship to a safer place. If a package will be simply dropped off at your front door, porch pirates might take the opportunity to steal your package. Instead, pick the package up at your post office, or delivery service distribution hub. Another option, investing in a doorbell camera can certainly help. It is well known that porch pirates will look for cameras before they strike. However, we have seen videos where the porch pirate is wearing a mask and a hoodie, to protect their identity. Yes, this does work, unless you happen to steal a package from Mark Rober


Account Management

Proper account management is an important failsafe if you experience a compromise. Please make sure your shopping accounts (all accounts) have different passwords. The most common way accounts get hacked or credit card information leaked – being tricked to enter a password into a false login page where malicious malware records all your keystrokes. A second common way your information gets compromised,  a website that you thought was secure gets hacked, and your password gets leaked publicly. A third way you can be compromised, or your password was way too easy to guess Has your email or password been compromised? – check this site out 


Mobile Shopping

Shopping on the go? Consider using your cellular data or a VPN when using a public WIFI network. While modern network security is pretty good, a bad actor on your same network might intercept your information. This would require an attacker to be nearby, but can easily be accomplished with hacking tools such as the wifi “Pineapple” – we will not get too much into the tech behind it,  but the Pineapple is designed to hack open wifi.

Remember, if shopping online, do so on your own device. Cheap little Keystroke logger hardware can easily be plugged into the back of a computer or a keyboard USB port. The purpose of this hardware is to record all the keystrokes of the keyboard, notably looking for usernames and passwords.


Device Security

The use of standard antivirus software should be obvious. In case you do download something nasty, proper antivirus often will be the insurance you need to protect your device. Also, if you share a computer with someone and are not sure exactly what they are downloading, malware protection is a must. Any of the major name malware providers work the same. Norton, Eset, Bitdefender, TrendMicro. Using proper paid-for-service antivirus is preferred over the free stuff.

Looking to buy a neat, or unusual gift Item? – well-known brands come in handy when it involves smart devices. It is unfortunate, but buying a brand name may be the best option. Too many cheap or knockoff brand smart devices have had so many digital security issues. Remember, saving a few dollars may cost you more in the long term when it comes to privacy, security, and safety. Typically, when a brand-name smart device has an issue there is usually effort to fix it. What incentive does a one-time brand have to support its product? Smart cameras, smart locks, and smartwatches for kids have all had no name-brand products that had security issues.

Besides viruses, which are typically less common today than in the past because of malware protection, a growing threat is bad browser plugins. Having a program installed and running on your devices is one thing, but bad code will try to run inside your browser. Surprisingly, the security for plugins is often lacking. If the store you are buying from has an official app, using it could be a bit safer. Specific store shopping apps are limited, thus because of this limitation harder to cause external problems assuming the app is built properly. Yes, there is always a risk that the app could have a security flaw but if it is a large retailer app, highly unlikely.

Protect your personal information such as social insurance and security numbers. With online shopping, there is no need for retailers to ask for your social numbers. If you are being asked to submit very private information, connect with customer service or find the item elsewhere


Buying Used or on a Marketplace

If you are buying used or “still new” items that someone is reselling online be careful – scalping at a premium is a reality. Check out our video about using person-to-person marketplaces.

    • Meet sellers and buyers in brightly lit, public places with people around, that are likely to have surveillance cameras, like a shopping mall, public library, or public building.
    • Conduct the financial transaction by e-transfer instead of carrying cash. If the objective is to rob you as a buyer, cash is what they are looking for, an e-transfer is traceable
    • Bring a friend or family member with you. Safety in numbers has always been a great safety tool If a deal is too good, consider its legitimacy. This does not mean it is a scam. There are situations when sellers need money quickly and will sell items very cheaply.
    • Do not give out personal or banking information such as a social insurance number, bank account number, or address over the internet. Some local police detachments have emphasized it is totally cool to transact the trade or sale in front of their building or lobby. Some cities have even set up buy and sell exchange zone
    • Also consider the platform you are buying from, some local buy-and-sell websites, account setup, and verification only need an active email. It is super easy to make fake unlimited accounts with simple temporary email generators. Services like Facebook Marketplace might be ideal. Generally, folks buying and selling are using their personal Facebook account. Although not impossible to set up a fake Facebook account, given Meta’s data-mining and profiling activity, it’s a bit more challenging. Plus, there is some social pressure on the Meta platform to make fair and scam-free trades.
    • If something does go wrong, get yourself to a safe place, and call 911.

Hopefully, these tips and suggestions can help you have a better online shopping experience over the holidays. Stay safe and have a great time online!

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment