Shop safely online during the holiday season

Supply-chain issues are impacting everything from Baby Yoda to computer hardware, and online shopping fraud is on the rise — especially for hot items where demand may exceed supply.

To shop safely online this holiday season, start early and follow these simple tips:

Shop cautiously.
If a deal sounds too good to be true, err on the side of caution. Both scammers and legitimate retailers employ a variety of scarcity models designed to lure you into buying decoys that might disappoint. To avoid this, research the features you want and note identifying details such as brand names and model numbers. 

Buy only from retailers you trust

Look out for bad third-party sellers on legitimate websites.
When shopping on a trusted site like, be wary of suspicious companies as well as individuals:

  • Learn the online store’s policy on purchases from their third-party sellers.
  • If you have any doubts about a reseller, purchase directly from the online store instead.
  • Steer clear of sellers who are new to the online store, have too few or poor reviews, or who offer deals too good to be true.
  • Read reviews from trusted, well-known consumer advocates or product-testing sites such as
  • No matter who you buy from, make sure you understand the seller’s warranty and return policies before making a purchase.

Be especially wary of fake online stores
Cybercriminals are mimicking well-known online stores to steal your personal information as well as your money. If you purchase anything from sites like these, what they ship to you could range from stolen or counterfeit items to no delivery at all. Some of these sites look exactly like legitimate sites such as, so you need to be extra careful:

  • If an online store has a professional look, do not assume it’s legitimate. Instead, Google its name or web address for consumer reviews. Include search terms such as “fraud,” “scam,” “never again,” and “fake.”
  • Go to the retailer’s website that you trust by typing their URL address directly into your browser and use their site to find what you need. 
  • Always check the web address of an online store to make sure you’re shopping in the right location. 
  • Do not shop at any site that has a missing contact page or a broken link to this information. If the contact information looks like a personal email address, do not shop there.

Shop only on secure internet networks.
Do not sign in to any of your accounts when connected over public and unsecured Wi-Fi networks. It’s worth waiting to do your online shopping from a private, secure connection.

Shop only on secure sites.
Every secure website address includes one or both of the following indicators, so if neither is present, do not shop at that site:

  • A locked padlock icon to the left of the address. A locked padlock icon
  • “https://” at the beginning of the URL address.
    The “s” indicates a secure connection that encrypts your personal information.
    For example:

Shop with a credit card or trusted electronic payment service.
Should you need to dispute a charge or demand a refund, a credit card company will assist you. Debit cards, prepaid cards and gift cards don’t offer the same level of protection. Also: 

  • Review your credit card transactions often this holiday season, if not always. If you see any suspicious charges, notify your credit card company immediately. 
  • Electronic payment services such as PayPal or Google Pay are also a safer option because they do not share your credit card information with the vendor. 
  • Do not use websites that require cryptocurrency or any obscure form of payment.
  • Document your purchases. Keep copies of confirmation pages and email messages until you receive your purchases and confirm their expected condition. Learn and prepare to respond accordingly for each item’s return policy and store it with your confirmation records. See BBB Tip: Holiday returns and exchanges for further details.

Beware of phishing scams.
When you recognize the signs of phishing scams, you can protect yourself from identity theft and subsequent financial loss. For example, if you recently researched smart TVs on any online resource such as Google or Facebook Marketplace, you are likely to receive phishing emails attempting to deceive you into clicking on dangerous links that appear to be spectacular deals on smart TVs. Be especially on guard for smishing, which is like phishing, except that malicious links are sent in text messages, aka Short Message Service (SMS). 

Be wary of fake delivery notifications.
Do not click delivery-notification links from emails you aren’t expecting. When tracking shipped deliverables, for example, it is always safer to go directly to the USPS, UPS and FedEx websites instead.

Make all your passwords unique and strong.
Change your password or passphrase regularly, never use the same password for more than one account, and use a password manager to store your passwords (e.g., LastPass, KeePass). For more details about passwords, visit NC State Password Standard.

Set up Two-Factor Authentication (2FA).
Use 2FA both personally and at work. 2FA provides two or more ways to log into your accounts; it prevents hackers from accessing your accounts, even if they obtain your login and password via phishing or other malicious activities. For example, some mobile devices allow you to set up a fingerprint scan as an additional method to access your account. An ever-growing number of services already support 2FA, including Facebook, Tumblr, eBay, PayPal, Twitter, and online banking. Be sure to read each company’s documentation thoroughly to understand how 2FA works with their service.

For more information on shopping smart this holiday season, see: