How to safely shop online this holiday season

Dos and don’ts from NAIT’s cybersecurity manger

Holiday shopping is all about trade-offs. If you loathe the idea of bumper-to-bumper parking lots and jostling with other shoppers seeking sales at the mall, shopping from your phone or desktop might be for you.

Like any internet activity, online shopping brings its own challenges and risks. The joy of no lineups needs to be tempered with the expectation that, by whipping out the credit card, you’re opening yourself up to possible hacks, malware, identity theft and other nefarious hijinks not in keeping with the spirit of the season.

Fortunately, NAIT cybersecurity manager Eric Springler (Computer Systems Technology ’96) has some helpful advice to ensure the holidays remain jolly.

1. Shop at reputable sites

When in doubt, stick to trusted brands such as Amazon, Simons or Apple where many people are shopping anyway, Springler says. When visiting any site, make sure you’re navigating to the correct destination. Springler says shoppers need to pay attention to the URL of the online store you’re perusing.

“If it looks odd, chances are it’s not right,” he says. Sites that end in “.it” or “.ru” instead of the more common .com or .ca signify the shop could be a front based in another far-flung country, which is something every shopper should be aware of, he says. The same goes for a URL that looks off, like (we made that up, so don’t bother).

2. Beware of suspicious links

If you’re receiving emails about can’t-miss holiday specials, make sure the links in the email body actually send you where they’re supposed to. If you get an email from Amazon that tells you to check your account, it should take you to Amazon and nowhere else.

By hovering your mouse over a link, you can see a popup of the destination URL. If it doesn’t match the written text on the page, that’s a warning sign, Springler says.

“Clicking on the wrong link can lead to trouble,” he says. That’s a technique hackers use for drive-by downloads – where you unwittingly download malicious software, or malware, onto your device.

3. Watch out for fake delivery notifications

An email or text notification about the delivery status of the package you purchased online should fill one with glee this time of year. The exception? When you haven’t actually ordered anything at all.

Fake notifications from hackers posing as “Canada Post,” “Purolator,” or any other courier service is another common example of a malware attack, Springler says, with hackers taking a chance that you’ve actually done some online shopping and might be fooled into clicking a shady link.

4. Think before you download that shopping (or any) app

Smartphones and tablets are not immune to hacking attempts. One of the unchecked ways for malware to get onto your device is through mobile apps that you’ve willingly downloaded from an app store.

The problem, Springler says, is that there are so many apps being released that it’s challenging for operating system manufacturers to properly vet each product. With so many publishers of apps, it’s hard to know whose intentions aren’t genuine, he says, so stick to apps that are popular with positive reviews.

“You can’t possibly know all the publishers that make apps.”

5. Monitor your banking activity

Entering your banking or credit card information on the wrong site can lead to disastrous financial consequences. It’s a no-brainer, but Springler says you should be aware of your shopping transactions, meaning you should be checking your bank account and credit card balances. If you spot something awry, contact your financial institution or provider right away.

Subscribe to receive more great stories every month

Find out more news about NAIT, stories about our alumni and their impact on their communities, and useful how-to content featuring our experts.

Sign up today »