Online shopping can be convenient; with the ability to purchase items through your phone and mobile device and getting early delivery options right to your door. However, with all those benefits comes risks as well and you should be aware of the threats associated with online shopping. These threats pose many risks to not only your personal information, but to your workplace or organization’s assets as well (e.g. email addresses, shipping addresses, phone numbers, credit card information, etc.).

What are some harms associated with online shopping?

Online shopping puts you and your organization at risk for identity theft, hacking, and financial loss. Some ways in which they can steal sensitive information and hack accounts are:

• Fake e-commerce websites that collect your information after you’ve followed through with fake purchases
• Fraudulent payment processing sites (i.e. third-party financial arrangements)
• Websites that are not encrypted or secure, leaving your information open to anyone

So how can you protect yourself?

here are some ways that you can protect yourself and your organization when you are shopping online:

Doing some initial research on the retailer

• Read the website’s privacy policies, return policies, and other relevant information

Before you browse and how to do so safely

• Use websites that start with https, as they use encryption policies to protect your information
• Use websites that displays a green lock in the top corner so it can encrypt website traffic
• Be cautious when browsing on your mobile phone because URLs are shortened and may hide information
• Security software is essential, using appropriate filters to monitor and block online activities

Other additional precautions you can take

• Limit the amount of personal information you use on the website (e.g. do not give your social insurance number)
• Back up, update, and patch devices
• Use a secure Wi-Fi network with password protection
• Avoid unsolicited emails, links, and files in unknown emails

	While implementing these practices can help protect you when shopping online and reduce risks, they do not erase them completely

What if you have already been scammed, what should you do next?

If you are the victim of a scam or a potential compromise, you should take the following actions to report and mitigate the incident:

1. Report the incident to your security department, IT support, or senior management
2. Inform your credit card company and let them know immediately
3. Reset your account credentials for related accounts (email, social media, etc.)
4. Report the incident to the Canadian Anti-Fraud Centre or at 1-888-495-8501