ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

How to stay safe when shopping online

If you're anything like me, you'll probably find online shopping a whole lot easier than going out and doing it physically. There's a wider selection of stuff, no parking to worry about, and it tends to be quicker, too! Online shopping removes the hassle from the experience – you can even browse for new home decor in your pajamas if you want!

For the last year or so, thanks to the Coronavirus quarantines, a lot of us have been spending more money online. Whether it's groceries or luxuries, online shopping is a much safer alternative to venturing out into a shopping centre. Obviously you can't handle items or try on clothes via your computer, but the global pandemic has folks feeling wary about doing so in physical spaces, anyway.

Online shopping does come with its own unique risks. In fact, the Internet Crime Complaint Center revealed that half of all reported crimes in 2019 were related to shopping. Just like with preventing pick-pocketing or real-life rip-offs, though, a little knowledge and forewarning can go a long way – and that's exactly what this guide is for. I've put together some tips and tricks, as well as a few security suggestions, to ensure that your virtual window shopping stays safe!

2 small boxes on top of a laptop

Online shopping safety tips

It's easy to have a lackadaisical mindset about online shopping and its myriad threats – if you haven't been caught out by a criminal, it's easy to assume you never will. But it's a big problem. Online shopping fraud shot up by a third in 2020, with a whopping 40,900 reported cases in the UK.

But we're still doing more online shopping than before. The numbers have risen since lockdown began, with clothes shopping rising by 43% in 20xx with the average order value increasing by 26%, too.

Why? Well, we tend to shop because we're bored or lonely just as often as we shop because we need things. I can't tell you how much I've picked up from Etsy, indie artists, or book retailers (my to-read stack is now a to-read bookshelf) because I thought it'd have more of an impact than it really did. Coronavirus has us feeling isolated, stagnant, and scared.

And like I mentioned earlier, shopping online does feel safer in a lot of ways – you're not walking around with cash, for a start. It's also easy to shop online, seeing as anyone with an internet connection and a computer or mobile phone can scroll through listings or visit retail apps.

So, let's take a look at some of the more common ways you can get caught out and taken advantage of when shopping online – as well as a few steps you can take to shore up your security.

Make sure the website is secure

Once you've got your tabs open and arranged, there are a few things to keep an eye out for that'll clue you in as to whether the stores are legit and trustworthy. First, look to see whether there's a padlock symbol to the left of the address bar. Second, click the padlock to inspect the site's certificate information. If there's no padlock, or if you get a warning about the certificate (or lack thereof), it's probably not a great idea to purchase anything from that store.

It's also worth taking a gander at the store's URL. Regardless of whether you punch in the URL directly or navigate to it from a Google search, pay attention to whether it begins with "https". The "S" means "secure" and refers to the SSL encryption of the website. Way more sites are using "https" URLs nowadays, and you might've noticed – they're making the change to reassure their customers... and hit a few SEO targets, too.

Of course, these measures are not foolproof. They're guidelines, tools designed to help you make an informed judgment about the site you're visiting – they cannot be counted on to guarantee the safety of a website entirely. There's just no easy way to determine if a website is entirely legitimate. For example, the padlock symbol does not mean that a website is free from any and all threats – it simply means that the site is encrypted, with a certificate and cryptographic keys. A phishing site created by a crook could also have a padlock symbol. The information you input into this phishing site would be encrypted... but it'd still fall into the hands of the crook.

It's still better to have encryption than to not, of course. Encryption prevents snoopers – like your ISP, the government, and nosy network administrators – from taking a peek at the information that you pass on to the website. This includes things like your payment details, addresses, and logins. Just remember that any website can get its hands on an encryption certificate – even the nasty ones. For more information, check out our blog post on how to check if a website is safe.


  • Lookout for "https" URLs and the padlock symbol next to the address bar.
  • Check the site's certification by clicking the padlock symbol.
  • Be aware that phishing sites can encrypt your data but still steal your passwords and info.

Pay safely

Once you've figured out what you'd like to buy, the next step is paying for it – and you have all kinds of choices. Debit and credit cards are the most ubiquitous, perhaps, but e-payment services crop up just as often. Think PayPal, Google Pay, and Apple Pay; services that make the whole process that much easier. You can often pay for your goods with a single click, and avoid endlessly inputting your financial data when purchasing from multiple sites.

This comes in handy because the retailer in question won't actually receive any of your sensitive info – and services like PayPal have your back if you ever need to request a refund.

If you're daunted, I get it – I was terrified of credit cards for the longest time, thinking of piles of debit and credit sharks, but using them to pay your online sprees isn't a bad idea. You can build up your credit and save a little money and benefit from the legal protection.

This protection is known as section 75 of the Consumer Credit Act. It might sound complicated, but it basically means that when you use a credit card to buy something, you're covered so long as the purchase was between £100 and £30,000. Your credit card provider takes on just as much responsibility as the seller does in the event that your purchase is problematic, or if the seller goes bust. This protection comes in especially handy if you're putting down a deposit (or paying in more manageable chunks) for something big – like a TV, console, or piece of jewelry!


Research your retailers

There are more stores out there than you could possibly ever check out (but that's not a challenge), and more folks are branching out into indie ventures, too! It's a total buffet out there. The chances are that the majority of sites and apps you happen across will be above-board and secure, but there's always one bad apple in the bunch.

Again, there are a number of factors to be mindful of if you're worried about a store's legitimacy. Look for an "about us" page with a contact number and address. These details can also appear on a "contact" page or the site's header or footer, but once you have them, run them through Google. Check that the location details match, see if there's really a business registered there, and trust your gut if the results are thin or far between. It's all too easy for crooks to whip up a malicious website and paste in a fake address, after all.

I'd also suggest leaning on other online shoppers – with reviews! Personally, I never used to leave reviews on the products I bought. I either didn't have the time or doubted that they'd be useful, but I've since gotten into the habit of leaving them whenever I can. One genuine review, good or bad, can quickly inform a potential customer. Google is jam-packed with reviews, as well as other consumer review websites like TrustPilot and Yelp.

If you're planning on making a big purchase and you want to make extra sure that you're buying from a trustworthy source, you can head on over to the manufacturer website to confirm that the distributor you're purchasing from is legitimate.


  • Hunt down store details on the "about us" or "contact page".
  • Check out user reviews through Google or review sites.
  • Say your piece and keep other shoppers informedit only takes 5 minutes.

Stick with what you know

Some stores are go-tos for certain things – it's a no-brainer, sometimes. Sephora for cosmetics, for example, as well as Amazon, which stocks pretty much anything you can imagine as well as just about everything you couldn't. As a rule, sticking with these big name brands is a good idea. You'll get a broad selection of products and prices that make sense, and they're generally safer to shop at than smaller stores.

Of course, if what you're shopping for is kind of niche and specific, or if you're looking for a real bargain, you can end up scrolling through the Google results for a while. You might even end up clicking on page two. Be careful if you do, because these results can quickly lead you astray to some unsecure places.

Do your research before making purchases on a website that you've never heard of before. Check out reviews, check out their certificates, and check out their contact details. It might sound like a lot of work to do for just one purchase, but you won't want to take any risks with your financial information!


Avoid phishing scams

Phishing scams are one of the oldest online threats, and anyone with an email address will probably have seen their fair share of dodgy messages. Phishing scams come concealed as emails from legitimate businesses – think PayPal, banks, and even credit card suppliers. They'll claim that you need to take some kind of action, too, like logging in to your account to update a password or read an important message.

Scammers play on a person's emotions, and craft messages that can be alarming, frightening, or even incredibly exciting. They want you to click that link in the email now, so they whip up some lie about your account being locked or compromised, a huge transfer pending, or a special offer that's about to expire.

It's all a trap, unfortunately. If you click that link you'll be taken to a malicious phishing website that's been designed to swipe your info as you type it to "log in." These websites can look dodgy, with misspelled content or weird images, but they're increasingly becoming harder and harder to distinguish from legitimate sites.

Phishing scammers also use nasty email attachments to catch you off-guard. They'll explain that the attachment is actually something good, like a coupon, a receipt, or even a bank statement – but again, it's not going to be legitimate. These malicious attachments can contain viruses that cause chaos on your machine if you click or download them.

So, steer well clear of any iffy links or attachments that drop into your inbox. Trust your gut, go directly to the site in question if you think there could be any truth to the email you've received.

There's info to be gleaned from the emails themselves, however. Scammers rely on generic greetings like "Dear Sir/Madam" in their correspondence – real services, legitimate ones, will use your actual name. It's also worth taking a look at the email address and its domain. Does it match up with the business or company that's apparently sent it to you? Scammers obviously can't send emails from real domains, so they'll create their own with extra numbers or letters to try to catch you out. It's the difference between "" and "" Take a look at our email security tips for more details about avoiding these scams.


  • Be suspicious of emails attempting to frighten you into taking actions.
  • Don't click links or attachments that you aren't expecting.
  • If you're wary, investigate the sender's email address and greeting.

a fish hook through a credit card

Don't use public Wi-Fi

If you're bored and hanging out at a cafe, waiting for a train, or killing time before meeting friends, it can be tempting to do a bit of casual online shopping – but making purchases in public can be dangerous.

The free Wi-Fi you come across in these places (like shops, hotels, and airports) is handy in a pinch but is generally considered unsecure. Hackers are well aware of this and frequently prey on these weak connections to try to steal financial information. They'll sometimes even make their own fake access points in the hopes that you'll join them without thinking twice. For instance, a hacker could cozy up in Starbucks and create a Wi-Fi connection named Free_Starbucks_WiFi. If the real one was actually called StarbucksWiFi_FREE, would you be able to tell the difference?

Your mobile data is a way better alternative if you're going to be buying anything in public. I'd recommend sticking to it if you plan to log in or input any details, too. Alternatively, you can check out a VPN and stay secure no matter where you are or the connection you're using – and I'll cover VPNs in more detail a little later on.


  • Avoid shopping on public Wi-Fi connections if you don't have to.
  • Beware of fake access points and ask staff if you're uncertain.
  • Stick to mobile data or invest in a VPN.

Keep secure

It's one of the golden rules that comes with any internet-enabled device – keep it up to date! System updates, antivirus updates, and even app updates, they can start to pile up if you leave it too long. You might be busy, but they're incredibly important in the fight to keep your data (and money) secure. Updates often contain security benefits that'll protect your devices against hackers and online scammers, and can combat the constant stream of new virtual threats. If you're not installing these updates, then your devices could be vulnerable to attack – hackers and malware know how to seek out loopholes that haven't been patched up by updates, after all.

If you do a lot of your shopping on a mobile device via dedicated apps, you'll want to make sure these have been updated recently, too.

I really can't stress how important it is to keep your passwords strong and updated – oh, and make sure you're not using one password for all of your accounts or devices! Steer clear of flimsy passwords (like "p@assword123" and anything containing a maiden name). If a hacker guesses your password, they'll have the key to any and all accounts that you use it to secure. So, vary your passwords, throw in some symbols and numbers when making them, and check out a password manager if you're concerned about keeping tabs on them. In fact, we've got a great article that digs into the best password managers out there – to take a look our best password managers page.

Finally, one of the best and simplest ways of protecting your accounts is with two-factor authentication. I'd suggest using it wherever you can! Luckily, a lot of banks and e-payment services now allow you to opt-in for 2FA. Using it is simple; you'll just need to provide and input a code when logging into your account, and the code will be messaged to your mobile device as a text. This means that a hacker with your email address and password still wouldn't be able to infiltrate your account because they won't have your phone, or your code!


Don't over-share

Cybercriminals who figure out your details can do a lot of damage with them – they can buy stuff for themselves, steal your funds, freeze your accounts, and even sell them, amongst other things. And the more they know about you, the easier it is for them to get into your accounts.

So make it difficult for them! When you're buying something online, don't feel compelled to fill out all of those boxes on the online form. I definitely feel the urge to do this, because it feels as though it'll make a difference – like I'm doing a quiz or an exam rather than just buying a book or something. The reality is that stores don't need this extra info. Stick to filling out the necessary fields marked by an asterisk, "*", and avoid giving over any details that seem shifty – like your mother's maiden name, the name of your first school, or a pet, as this is all info that could be used to crack your password or security questions.

It's pretty common for a store to ask you whether you want to make an account after you purchase something, either to keep tabs on your order or to save time "next time." Again, you don't have to do this. If it's a one-off purchase, or even if it's not, saying "no" to this request means that there's one less website storing your details. Leaks happen all the time, so be choosy about the places you entrust your name and payment info to.

For all the sites and stores where you do have an account, you might also be asked whether you'd like to save your payment information – again, to save time. This can make checkout that much faster the next time around... but it's just not necessary, and shaving off a minute or so of time isn't really worth the risk of your information being disclosed one day as part of a breach.


  • Don't over-share on social media, especially if your accounts are public.
  • Only fill out necessary fields in forms when making purchases.
  • Don't agree to save payment details on store sites.

Check your statements

Here's one that I've just started doing! It took a while, seeing as I get so incredibly nervous to check my bank account, but it's a great way to stay proactive about your financial security and keep a tighter rein on your spending... particularly around the holiday season! Sure, you could run through your bank transactions (and e-payment history) loosely at the end of each month and be done with it, but it's better to go at it with a fine-toothed comb in more regular intervals to check for unauthorized or suspicious activity. I promise it doesn't take long! Twenty minutes a week could save you a whole mess of trouble down the line.


On the off-chance that you do notice something out of the ordinary, don't wait to report it. Let your bank or credit card provider know right away. Oh, and remember that if you have a credit card, you have 30-days to raise the problem with your bank or the issuer.

You can set up alerts that notify you each time your credit card is used, too. That might sound annoying, but it's an easy way of making sure that your payments are going through as planned and that nothing is happening without your immediate knowledge. These alerts can be emails or texts, whatever suits you best, and I actually think they're a great way to establish proper fiscal responsibility, as boring as that sounds, especially for folks less experienced with finances.

Speaking of emails, you should also get into the habit of holding on to your receipts. I have a folder in my inbox where I store all of mine, just in case, and it's easy to organize them with a bit of dragging and dropping. You'll be able to search for a particular receipt with ease if you need to raise an issue with a store, and you'll also have a virtual paper trail to fall back on if anything untoward pops up in your transactions.


The benefits of a VPN

VPNs can be daunting if you're not super familiar with them and what they do, especially given how much jargon there is to sift through – but they're so useful! They can secure multiple devices, keeping your shopping secure, and use a VPN for Netflix to access geo-restricted TV shows and movies. If you want a non-nonsense, no-jargon introduction to VPNs, head on over to our guide what is a VPN guide.

A VPN encrypts all of your incoming and outgoing information via an encrypted tunnel. This tunnel is created as soon as you connect to one of the VPN's remote servers. Your info is routed through this tunnel back and forth to the server, and kept hidden from any nosy folks who might want to take a peek at your payment details or addresses. Even your IP address is concealed, seeing as your VPN assigns you a new one!

That's great for day-to-day browsing, and awesome for shoppers, seeing as crooks won't be able to make off with any details you input into stores. VPNs also excel when it comes to shopping on the go. I've covered how relying on public Wi-Fi isn't ideal, but you might not have much choice if you're traveling for work or leisure, and that's where a VPN's encryption really shines. Connect to a VPN server, then the public hotspot, and rest assured that nobody else connected to that same hotspot will be able to monitor your session or pinch your payment details.

What to do if things go wrong

First of all, don't be embarrassed – finding a dodgy transaction or being caught out by a crook can come with a hefty amount of shame, but the internet just isn't a safe place 100% of the time! If something's gone awry, the only person to blame is the hacker or scammer in question – and there's plenty that you can do to recover your details.

  • Familiarize yourself with the store's refund policy, especially if you've purchased something that arrived faulty or not as described – and remember that you usually have 14-days to issue for a refund.
  • If your item is damaged, let the seller know and keep a copy of any correspondence. Sites like Amazon and Ebay make it particularly easy to get in touch and report anything out of the ordinary.
  • Alternatively, if you've noticed an unauthorized transaction, immediately report it to your bank! They'll be able to walk you through the specifics of what comes next and ensure that no further purchases are made without your say so.
  • Victims of scams should also check out the Action Fraud website, where there's a wealth of information and advice available.


Online shopping is one of the best things about the internet. It's easy, it's cheaper, and it can be a lot more fun and a lot less stressful to sit at home and shop – no queues, no parking, no dressing up. Sure, you'll need to wait a few days for your goods to arrive on your doorstep, but that's almost part of the fun – I weirdly enjoy knowing that there's something in the post for me!

We've come to rely on online shopping that much more during lockdown, too. Unfortunately, there are people who are hell-bent on taking advantage of that fact in the worst possible way. They'll hope that you aren't protecting yourself and that you aren't aware of the dangers that come with online shopping – so catch them out by brushing up on a few of the tips above.

Hopefully, the next time you do a bit of shopping online it'll be a straight-forward and fun experience! Just remember to stick to trusted websites, pay safely, and trust your gut if you get any alarming emails. And, if you're really serious about your online privacy, you should check out a VPN!


Written by: River Hart

Originally hailing from Wales, River Hart graduated from Manchester Metropolitan University with a 1:1 in Creative Writing, going on to work as an Editor across a number of trade magazines. As a professional writer, River has worked across both digital and print media, and is familiar with collating news pieces, in-depth reports and producing by lines for international publications. Otherwise, they can be found pouring over a tarot deck or spending more hours than she'll ever admit playing Final Fantasy 14.


There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service