Shopping safely online

The internet offers convenience not available from other shopping outlets. You can search for items from multiple vendors, compare prices with a few mouse clicks and make purchases from your home.

However, the internet is also convenient for cybercriminals, giving them many ways to access the personal and financial information of unsuspecting shoppers. Attackers who obtain this information may use it for their own financial gain, either by buying items themselves or by selling the information to someone else.

How do cybercriminals target online shoppers?

There are three common ways that criminals take advantage of online shoppers:

Creating fraudulent websites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, cybercriminals can create malicious websites or email messages that look legitimate. Attackers may also misrepresent themselves as charities, especially after natural disasters or during holiday seasons. Criminals create these malicious sites and email messages to convince you to supply personal and financial information.

Intercepting insecure transactions – If a vendor does not use encryption, a cybercriminal may be able to intercept your information as it is being transmitted.

Targeting vulnerable computers – If you do not protect your computer from viruses or other malicious code, a criminal may be able to gain access to your computer and all the information on it.

How can you protect yourself?

Do business with reputable vendors – Some cybercriminals may try to trick you by creating malicious websites that appear to be legitimate. Before giving any personal or financial information, make sure you are interacting with a vendor you know and trust.

Study the URL – Check for spelling errors; some criminals will set up fake sites that are one letter off from the real site. If something seems off, avoid that site. A URL (Uniform Resource Locator) is a standard naming convention for addressing documents located on the internet. An example of a URL is, which is the URL for Oregon State Credit Union.

Click on the padlock in the address bar – A drop-down box will open that will provide security information about the site.

Use an online verification site – If you’re uncertain about a website, run the URL through an online verification site. can give details about the site, and can tell you if a website is safe.

Don’t click on links in an email – Type the URL of the business into the search field, or use a search engine to find the business.

Make sure your information is being encrypted – Look for a URL that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted.

Be wary of emails requesting information – Attackers may try to gather information by sending emails asking that you confirm purchase or account information. Legitimate businesses will not ask for this type of information through email. Oregon State Credit Union will never send you an email asking for your password.

Use a credit card – You have fraud protection on all your Oregon State Credit Union Visa® credit and debit cards, but there is a difference. Using your credit card is like taking out a loan: If there is fraud, you aren’t out any money. But your debit card draws money directly from your credit union accounts. Unauthorized charges could leave you without enough money for a few days while the fraud is confirmed and your account refunded. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases, like your Oregon State Credit Union Visa Value or Visa Rewards credit card.

Check your statements – Keep a record of your purchases and copies of receipts and confirmation pages, and compare them to your credit and debit card statements. If you see something wrong, report it immediately.

Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your personal information will be stored and used.


Back to fraud resource articles

« Return to "Financial education articles" Go to main navigation