Skip to main content
Dashlane Logo

Naughty or Nice? Here’s How to Tell If an E-Commerce Website is Legit

  |  Malaika Nicholas

We all want to find the sweetest deal on best name-brand clothes, sleek new toys, and the hottest tech gadgets on the market. But do you really know if that online shopping website is just selling you a bag of coal? According to Forbes, retailers are projecting that online fraud attempts will increase 43 percent this year alone, and is projecting to peak on Christmas Eve–accounting for 2.5 percent of all fraud for the year. 

Online shopping fraud continues to increase not only because scammers continue to improve the look and feel of their fake websites, but they’re also using legitimate methods to reach new potential victims, including email, text messages, and Facebook advertising. Luckily, there are a few telltale signs you can look for while online shopping to distinguish authentic e-commerce sites from the fake. Before entering any personal or payment information into an online shopping site, ask yourself these important questions:

Does the URL look familiar?

Sure, we all know Amazon.com is a legitimate website, but if you don’t look carefully enough, you could easily miss a misplaced letter, an unfamiliar domain, or an unsecured HTTP connection. To make sure the website is legitimate, check for these red flags:

  • The URL shouldn’t be long or complicated. Sometimes, it can be as simple as changing Apple.com to Applé.com—notice the difference? URLs are a strong indicator for legitimate vs. illegitimate sites.
  • Check for a secure network connection. A site with a valid, trusted server certificate and a secure TLS connection will have a “https://” at the beginning of the address URL, and a padlock or a key on the far left side of the address bar.
  • Be on the lookout for spoofed email links and return addresses. Scammers often trick their victims by using web addresses that look very similar to the domain of an authorized major retailer. To avoid any phishing scams in your inbox, look to see if the return address uses a public email provider (i.e. Gmail, Yahoo, or Hotmail) instead of the website’s domain. Moreover, before clicking any links in an email from a retailer, verify the link’s URL by hovering over the link with your mouse; you can see the URL at the bottom of your browser or in a small popup.

Is the price too good to be true?

We all love a good sale, but if the latest high-tech gadget is on the market for 80 percent off, it probably is too good to be true. If you spot a deep discount in online ads, classified sites, or auction sites, start by comparing the price of that item on from multiple retailers as, well as the manufacturer.

Do they have a safe, secure payment system?

Many of us are accustomed to paying for our online purchases with a credit or debit card, or a PayPal account. However, if you’re thinking about purchasing your items from an online auction site or a classified site, avoid any sellers or retailers requesting payment via a money order, a wire transfer, bitcoin, or a prepaid gift card. Moreover, before entering any payment info, make sure the checkout page has an “HTTPS connection in the address bar.

Another tip to keep your finances secure is to use a credit card instead of a debit card for your online purchase. Select card providers will reimburse your purchase if the transaction turns out to be fraud, and some will also offer extended warranties or other consumer protections on online purchases. Make sure to contact your card provider to learn more about their specific policies.

Are there any certifications or seals of approval?

secure-shopping-symbols

Photo credit: PartSelect.com

Since labels and logo can easily be fakes or stolen, this isn’t a flawless guarantee, but it’s a positive sign if an online retail site has some seal of approval from a reputable organization. Look for some of the most common logos and seals of approval from organizations like the Better Business Bureau (BBB), TRUSTe, PCI DSS compliance, VeriSign, and many more.

Does the website have strong password requirements?

Last year, Dashlane did a study of e-commerce websites, and found that 80 percent of the sites we examined–including Zulily, IKEA, 1800Flowers.com, Cabela’s, Walmart, Amazon, and dozens more–had dangerously weak password requirements.

To counteract the security risks associated with weak password requirements, we recommend using a long (8+ characters), complex alphanumeric password, and also purchasing from websites that do not accept common  hackable passwords, including Apple, Target, and Best Buy.

Is the website asking for unnecessary information?

Entering your name, email, phone number, billing/shipping address, and some payment information on a checkout screen isn’t uncommon, but be wary of any retailer that requires entering additional information, like your social security number, social media accounts, or other sensitive information.

Is your device protected?

Installing anti-virus and anti-malware programs on your devices can go a long way in protecting your personal and financial information in the long run. This will help protect you from any viruses, spyware, or other types of malware that could infect your device when you visit a sketchy website. Also, although it’s convenient, try to avoid making purchases while connected to an unsecured public WiFi network.

Installing anti-virus and anti-malware programs on your devices can go a long way in protecting your personal and financial information in the long run. This will help protect you from any viruses, spyware, or other types of malware that could infect your device when you visit a sketchy website. Also, although it’s convenient, try to avoid making purchases while connected to an unsecured public WiFi network.

Ask these questions every time you consider making purchases online, even if you decide to shop on a major retailer’s website. Looking for other ways to protect your personal and financial data online? Check out these helpful resources on our blog!

Sign up to receive news and updates about Dashlane