Don't Start Your Online Black Friday Shopping Before Reading These 10 Security Tips

Top10.com Staff
Don't Start Your Online Black Friday Shopping Before Reading These 10 Security Tips
With Black Friday just around the corner, many online shoppers are preparing to go on their biggest online shopping spree of the year. While we certainly recommend taking advantage of the many fantastic offers available at this time of year, it’s also prudent to take a number of measures to ensure that you don’t become a victim of identity theft or fraud.

Here are our top 10  recommendations for what you can do to keep your personal details safe and secure this Black Friday season: 

1. Get Your VPN Up and Running (Unless You’re Buying At Home)

Here at Top10.com, we’re big fans of VPNs. A top VPN can help spoof your location and give you access to all kinds of deals that you would otherwise not be eligible for. But when it comes to online shopping, a VPN also fulfills a very important purpose. It creates a secure, encrypted communications tunnel between your computer and the VPN server, which then creates a regular communication to the rest of the internet, such as the online shopping websites that you surely plan on frequenting. 

If you’re shopping from your home network and you know and trust every device on it, then it’s reasonably secure to shop without a VPN. After all, virtually every online merchant these days uses HTTPS, which is secured with SSL encryption (if you’re shopping for a site that doesn't have this, run for the hills!). But if you’re shopping online from a coffee shop or another public hotspot, then using a VPN could save your credit card details from falling into the wrong hands.

This is because hackers, Man in the Middle (MITM) attackers, and other nefarious cyberfoes could be lurking on any network you haven’t set up and secured. What’s worse, when you’re buying online not only do you typically enter credit card details but you also typically send your home address too. 

Fancy someone from your local café robbing your credit card and potentially knowing where you live while they’re at it? If not, it’s wise to take every precaution. Play it safe and get a VPN. 

2. Combine Strong Passwords With Two Factor Authentication 

If you rely on using a simple text password string for all your online accounts, then did you know that you are putting yourself at significant risk for having an unwanted party get into your account.

Why? Hackers can sometimes use a technique called brute-forcing to forcibly attempt to guess the password that you’re using by automatically entering multiple combinations. 

These days, most ecommerce sites operate protection against this type of exploit. Nevertheless it pays to take all protective measures possible. That’s why we recommend both setting a strong password and using 2FA.

3. Use as Strong a Password as Possible

Considering how dictionary-based brute force hacking works, it’s important to use as strong a password as possible to protect your accounts. It’s hard for non-experts to differentiate what constitutes a secure password compared to those that are not actually that robust. But thankfully there are a number of websites that will specifically evaluate the strength of your password. These even tell you how long it would take your typical machine-assisted hacker to automatically breach your password — which can range from several seconds to several decades!

In general, we recommend aiming for a password that is at least ten characters long, uses numbers, has at least one capital letter, and uses at least one symbol. This all makes it more difficult for a hacker to crack your code.

4. Change Passwords Frequently

Security experts recommend that you change your password between every 30 and 180 days. Many password management programs support a functionality that prompts users when they have been using the same password for too long and prompt users to change it. Some websites even force users to change passwords after a certain period. But don’t rely on somebody else to keep your details safe. Change passwords regularly. And keep your passwords strong. 

5. Don’t Use the Same Password for Every Website

Not using the same password on every single website that you visit is another vital part of password hygiene. The reason for this is obvious: if you use the same password for every account you own, if a hacker gains access to one account, then every other account you own could be compromised. For more sophisticated hackers with the ability to spoof SIM cards, even text-based multi-factor authentication could not be enough to protect your security in the event of a successful breach. But to stay as safe as possible, you should make their work as hard as possible.

6. Use 2-factor Authentication Whenever Possible

A 2-factor authentication system requires that a second credential be entered in addition to the username and password to gain access to an account. The second credential is usually a Time-based One Time Password (TOTP) that’s typically generated by a special app, such as Google Authenticator or Authy. Using a 2-factor authentication on all your online shopping accounts makes the job of hackers exponentially more difficult. Use 2FA wherever it’s supported.

7. Be Wary Of Phishing Scams

Even if you are using a VPN, it’s still possible to fall victim to phishing websites that are not operating over your local network. Cyber-fraudsters have long sought methods to replicate the look and feel of popular online shopping forums in order to dupe vulnerable users into signing up for accounts and placing orders. The best defense against these operators is to install an internet security program on your computer. Commonly, these also come with browser extensions that provide an additional layer of security. Programs such as these automatically flag any known phishing URLs that the user opens. 

8. Make Sure Store Emails Are The Real Deal

Just as cybercrooks have been known to create phishing websites in order to lure unsuspecting users into clicking on bogus pages, they have also been known to send out fake emails confirming transactions that never took place. Make sure to keep an eye out for these threats and consider reading up on how to differentiate phishing emails from the real thing. 

9. Don’t Trust A Site Without HTTPS

Look for the little padlock item in the URL line of your internet browser whenever you’re shopping online. You can even click onto the icon to see details of the SSL certificate that the merchant is using. This technology ensures that whatever information you send to the store, and back, travels over the internet encrypted. If you’re buying something online, then a https:// at the start of the URL is a must. Chrome will now flag non-secure websites not running SSL. So keep an eye out for any unexpected warnings. 

10. Be Wary Of Sharing Too Much On Social

After clicking the ‘buy now’ button many people’s first instinct is to share their great haul on social media. Unfortunately this can end up being just another way to give the cybercrooks a clue as to who you are and what you’re buying. If you’re going to share your purchasing activity on social media, then make sure that you’re keeping tabs on who you are sharing with. Sharing information publicly, such as through a non-private Twitter account, is a particularly risky gambit. 

Keep Safe Online

If you’re planning on going on an online shopping frenzy this Black Friday, it’s vital to protect yourself. Always use a VPN, practice good password hygiene, use 2-factor authentication whenever it’s offered, and install a reliable internet security program. Doing all this should keep you safely out of harm’s way. 

You may also like:

How To Surf The Web Anonymously With a VPN

The Most Private Vpns: Which Is Best for Secure Surfing?

Top10.com Staff
Top10.com's editorial staff is a professional team of editors and writers with dozens of years of experience covering consumer, financial and business products and services.