That inbox full of Black Friday alerts and e-tailer sales pitches are sure signs that the peak holiday shopping season has arrived. But while online shopping from a computer or a smartphone can save you time and money, it can also give online scammers their biggest opportunity of the year. Here's what security experts say you should do to stay out of harm's way when shopping online. That inbox full of Black Friday alerts and e-tailer sales pitches are sure signs that the peak holiday shopping season has arrived. But while online shopping from a computer or a smartphone can save you time and money, it can also give online scammers their biggest opportunity of the year. Here’s what security experts say you should do to stay out of harm’s way when shopping online.Slideshow: Stocking Stuffers: Cool Tech Gifts Under $50Slideshow: The Best Tech Holiday Gifts Under $200Slideshow: Cool Yule Favorites: 15 Techie Gifts We Like1) Double-check the URL If you follow a shopping link from an e-mail or from another Web site (as opposed to typing it in yourself), make sure the URL in the address bar matches the URL at the bottom of the browser window. A mismatch is almost a sure sign that you’ve stumbled into a phishing site.2) Use secure HTTP Before you fill out an online form with personal information, check the address box in your browser to be sure the URL begins with HTTPS (as opposed to the usual HTTP); you can also scan your browser window for the closed padlock icon. Both indicate that you’re on a secure Web site, and that the information you’re sending will be encrypted.3) Use credit cardsYou don’t want to use a debit card for online shopping, because if you did and there was then a security breach at the online merchant, the culprits would then have access to your bank account.4) Answer the security questionsDon’t be put off by security questions a merchant might ask–such as where you lived in the past–especially when ordering big ticket items. Jodi Florence, head of marketing at identity verification service IDology, says these knowledge-based authentication questions “are designed to verify that you are who you claim you are and prevent identity theft for both you and the merchant.”The same goes for the increasingly common request for the three- or four-digit security code printed (but not embossed) on most credit and debit cards. People who don’t have physical access to your card can’t get these numbers, even if they do have access to your account number. Merchants often request them in conjunction with other account information that isn’t on the card–your ZIP code, for example–because then someone who steals the card (but not other ID) can’t use it to shop online. 5) Be smart about security questionsDon’t use the same security question on every e-merchant’s site. “Static, shared secrets are dangerous, because they are easy for someone to guess or to Google the answer,” IDology’s Florence says, “especially because we are sharing more and more personal information on social network sites such as Facebook.” She recommends changing questions and answers from merchant to merchant; in particular, she says you should never use the same question and answers on a shopping site that you use to secure your bank account. And you don’t necessarily have to provide the real answers to your security questions; Florence recommends using fictitious ones you can remember.6) Know your payment appIf you are considering a mobile payments app for your smartphone, make sure it is from a known, reputable source. “Disreputable people are putting apps out there, for the purpose of phishing consumer information,” warns Calvin Grimes of Fiserv, a financial services technology provider. And if you are considering a mobile finances app, Grimes recommends looking for one that lets you remotely wipe data from your smartphone, should you lose it. 7) Be wary of SMSDon’t send personal information via SMS and be suspicious if you get a message purporting to be from your financial institution. “SMS is not encrypted, so banks do not send personal information” that way, Grimes says. “If you send sensitive financial information on your mobile phone, be sure you are using a secure browser or app.”8) Keep an eye on itKeep an eye on activity in your accounts. You can eyeball transactions on a daily basis, so that if you see something that doesn’t look right you can take immediate action. Or you can have the bank send you an alert if your balance reaches a certain level.9) Call for helpWhen in doubt, call your bank or merchant. Get a live customer service representative to verify whether or not a communication you’ve received is legitimate.[Yardena Arar is a freelance writer in San Francisco.] Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe