How to: Shop Safely Online

By Kenneth van Wyk

December 08, 2008

Three simple things you can do to make your online shopping environment substantially safer, as well as more organized.

Ladies and gentlemen, start your browsers: it’s the holiday shopping season--but wait, you are being safe in your shopping habits, aren’t you?

I’m willing to bet that many of you are spending at least a bit of your time and money doing some shopping on the Web this month; it sure beats the endless mall mobs, if you ask me! I’m quite content doing the lion’s share of my shopping online. But online safety is always a primary concern, especially with all the URL-laden e-mail advertisements and such we all receive. It’s all too easy to click on a link that takes our browsers to “botnet land.”

Sure, we’ve all heard about the perils of clicking on e-mails, but that latest e-mail from an unknown retailer sure caught our attention, right? A big screen HDTV for how much?!

So, let’s explore some things you can do to make your holiday shopping a bit safer—and less likely to result in a credit card bill next month with thousands (or more) of dollars of charges you didn’t make. In fact, there are three simple steps you can take today that will go a long way to allowing you to be safe and confident in your online holiday shopping.

1) Disable or restrict active content.

Arguably the Web’s biggest vulnerability, active content (e.g., Javascript, Flash, ActiveX, Java) running in browsers, is a launch vector for much of today’s malware. Most browsers do little to prevent active content from running by default—sure, they all have an “Allow Javascript” button and such, but that’s hardly a usable control. If we turn off all Javascript (and other active content), almost all of today’s Web sites will not function for us, so that’s hardly a “solution” to our safe shopping issues.

If you’re using Firefox or Internet Explorer, you’re in luck. We can quickly and easily restrict which sites may run active content and disallow all others in both of these browsers. (No doubt some other browser can do this as well.)

For Firefox, just install NoScript (from It’s a free plug-in that disallows all active content from all sites by default. You then allow trustworthy sites one at a time as you care to—and this only need be done once per site, because NoScript will remember your settings. Quite simply, it’s one of the best free security enhancements I’ve ever seen. Great stuff.

For IE users, you need to tweak your “security zones” a bit—just click tools‡Internet Options‡Security. Disable all of the ActiveX, JavaScript, etc., settings in your “Internet” zone. Now, add trustworthy sites one at a time to your “Trusted sites” zone. It’ll take a little trial-and-error, but it’s not too hard to figure out, and you can always restore the defaults by clicking on the “Default Level” button.

In both IE and Firefox cases, “trustworthy sites” should consist of sites you want to do business with. With NoScript, you can even temporarily enable JavaScript on sites you want to try out, but aren’t yet convinced you want to do business with.

2) Centralize your payments.

Chances are pretty good you’ll be entering your credit card data on several sites this holiday season. Each time you do that, there’s an exposure to fraudulent activity.

First off, be sure you want to do business with the site you’re connected to. Use consumer rating sites like BizRate to see what other customers say about the sites, especially if you’ve never done business with them before.

Then, consider using a payment centralizing service like PayPal to reduce how many sites see your credit card information. It’s a couple extra steps when you pay for an item, but if nothing else, it means you’ll have fewer places to keep organized when and if you change credit card account numbers later on.

3) Use a local password vault to store your passwords safely.

In addition to storing credit cards on a slew of sites, you’ll probably be asked to register on many of the sites where you’ll do business this holiday season. If you’re like many people, you’ll use a single username—perhaps your home e-mail address—and a single password that you can easily remember, and you’ll use these on all the sites you frequent.

You probably even know that this isn’t a great idea, but you do it anyway because it makes things easier and less complicated. Does that sound familiar?

Well, there’s a better way. Consider installing and using a local password vault system. There are hundreds of these available for free or for cheap on Windows, Mac OS X, and Linux. Pick one that has gotten great consumer reviews.

I find 1Password works great for my OS X needs. What these products have in common is they store all your passwords safely in one place on your computer. That single password store is then itself password protected—remember this password, it may be the last password you’ll never need! Most of the products can also generate long and random passwords. So, when you sign up for a new account at your favorite online merchant, use your password vault to generate (say) a 40-character random password and then remember it in your password store.

Now, whenever you visit that site, your password vault will remember the password and will fill it in on the site’s login page. This way, you can have different and very secure passwords on every site you use, without having to remember them all. Just remember that one password.

(I can’t emphasize this enough.)

Do these simple things—today—and I’m confident your online shopping environment will be substantially safer, as well as more organized. You can find free or cheap solutions to all three of the above. You’ll only regret not doing these things.

Article courtesy of eSecurity Planet.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.