1. Select your own seller. If you're looking for a particular item, don't let a search engine pick a site for you -- go to a price-comparison site, such as PriceGrabber.com or Dealio.com. That's because hackers seed search results with fraudulent sites that phish for your personal information, says Michael Gregg, a cybersecurity consultant. Even if you're using a site that you think is legitimate, look for a security label, such as VeriSign or Cybertrust, and for https:// in the URL on pages that prompt you to enter personal information.
2. Shop at home. Never make purchases online using a public Wi-Fi connection. Hackers can tap into Wi-Fi connections at hot spots, such as coffee shops, airports and hotels, to capture your personal information. Also, never use a public computer to shop or check accounts online.
3. Pay with plastic. And make sure you use a credit card. If a hacker steals your debit card information and uses it to make unauthorized purchases, you must report any misuse within two days of learning of the fraud to get the same $50 limited liability you would get with a credit card. Miss that deadline but report your loss within 60 days and your liability is limited to $500. After 60 days, your liability is unlimited. That said, if you've been a good customer, most banks will credit your account within a couple of days after you report the fraud.
4. Transfer with care. Wiring money by Western Union to pay for a purchase is also a bad idea. You're inviting fraud because you have no way to get your money back if the item you buy never arrives. And if you are making a large purchase, such as a car, and the seller tries to steer you to a particular escrow company to handle the transaction, be suspicious. Make sure the provider is legitimate by checking with state regulators, or ask to use an escrow company of your own choosing, such as Escrow.com.
5. Read your card bill. If you do a lot of shopping online, review your credit card accounts regularly to make sure there aren't any unauthorized purchases. Jon-Louis Heimerl, director of strategic security for Solutionary, a security-services company, recommends that you print out your receipts or put e-mail receipts into a separate folder so that you can check your statements against your receipts. He uses only one of his credit cards for online purchases, so he was able to catch an unauthorized purchase quickly when another of his credit cards was used to buy something on the Web.
6. Beware of bogus bargains. If a Web site or individual offers a deal that's off-the-charts cheap, demands a direct transfer of funds and won't accept credit cards, it's probably a scam. Social-networking sites, such as Twitter, can be a smart way to stay on top of deals. But note that the URLs on Twitter (and sometimes Facebook) are often shortened, so you won't know whether you're landing on a legitimate retailer's site by clicking the link. One option is to use a deal notification you see on Twitter as a tip, then research the details on your own. Also be wary of unsolicited e-mails promoting sales or deals -- even if the e-mail looks as if it came from a legitimate retailer. You're safer going directly to the retailer's site to see whether it's having a sale.
SEE OUR SLIDE SHOW for more online shopping traps to avoid.