Be sure that caution tops your list when shopping online

By U.S. Army Cyber CommandNovember 15, 2023

e-commerce concept minimal design, vector
e-commerce concept minimal design, vector (Photo Credit: Bplanet) VIEW ORIGINAL

Online shopping is convenient, easy, and quick. But because there are plenty of ways cyber crooks and bad guys can get steal your important personal data – and more -- it’s wise to make sure you’re protected before you start adding items to your cart.

Here are some things you can do to protect yourself when shopping online:

Healthy software equals healthy protection

-- Make sure security software, web browsers and operating system are up to date. Keeping a clean machine is the best defense against viruses, malware, and other online threats.
-- Antivirus software is good, but it usually attacks malware after the fact. Better protection is provided by tools such as traffic scanners that filter incoming and outgoing data and scan sites and block any that contain embedded malware.

Do your homework

-- Check out sellers. Conduct independent research before you buy from a seller you have never done business with. Some malicious sites appear legitimate, so you should verify the site before supplying any information. Search for merchant reviews.
-- Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.

Be wary and vigilant

-- Before you enter personal and financial information, look for signs that a site is secure. These include a closed padlock or tune icon on your web browser’s address bar, and/or an address that begins with shttp or https. This indicates that the purchase is encrypted or secured. For added security you can also use a browser extension that encrypts your information.
-- Watch for signs of fake sites: strange URLs; odd brand selections (like a site that sells toys and lumber); odd product descriptions and bad grammar; suspicious contact info; extremely low prices, and poor site design. But even legitimate sites can be victims of malicious code that scans your computer for vulnerabilities (often caused by outdated apps) and installs malware.

Treat your data like gold

-- Protect your personal data: When making a purchase online, be alert to the kinds of info being collected for the transaction. Make sure you think it’s necessary for the vendor to request that information -- things such as birth date, Social Security number or other items may not be needed for an online purchase. You only need to fill out required fields on a checkout form.
-- Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be stored and used.
-- Be wary of emails requesting information. Attackers may attempt to gather data by sending emails asking you to confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Contact the merchant directly if you are alerted to a problem using contact information found on your account statement, not in the email.

Pay carefully

-- Use safe payment options. Credit cards are generally safest because they allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered. Unlike debit cards, credit cards may have a limit on the amount you will be responsible for paying if your data is stolen and used by someone else. When possible, use payment methods that employ two-factor authentication. Keep confirmation numbers and emails for all online purchases.
-- Never send cash through the mail or use a money-wiring service, because you’ll have no recourse if something goes wrong.
-- Read credit card statements as soon as you get them to make sure there aren’t any unauthorized charges. If there is a discrepancy, call your bank and report it immediately.
-- Review the vendor’s return policies. You want to be able to return items with no hassle.
-- Print and save records of your online transactions, including product descriptions, prices, online receipts, terms of sales, and copies of any email exchanges with sellers.

Practice good cyber hygiene

-- Never use an unsecured wireless network to make purchases. Beware of wifi connections that are open and don’t require a password; that use simple encryption languages such as WPE/WPA that can be easily broken (even the better WPA2 AES can be broken by a dedicated hacker); or in places where the router is in an exposed location where it can be tampered with.
-- Turn your computer off when you’re done shopping. Leaving your computer running and connected to the Internet can give scammers access to install malware and commit crimes.
-- Mobile apps are generally more secure than websites. Many vendors have dedicated apps that require dedicated attacks to hack, while sites can be hacked by general browser attacks.

For more fact sheets on cybersecurity and other topics, go to


ABOUT U.S. ARMY CYBER COMMAND: U.S. Army Cyber Command integrates and conducts cyberspace operations, electromagnetic warfare, and information operations, ensuring decision dominance and freedom of action for friendly forces in and through the cyber domain and the information dimension, while denying the same to our adversaries.


Interested in the challenge of joining the Army Cyber team? Check out military and civilian cyber career and employment opportunities by clicking on the "Careers" tab at