Check before you buy online

09 August 2018

Make sure the websites you use are safe and secure


Fraudulent websites and data leaks remain a persistent problem. It’s good to be cautious, and it’s vital to check that a website is safe before sharing any personal information, such as credit card numbers, passwords, addresses, etc.

The first piece of advice for anyone doing online shopping is to resist any purchases until you are at home/work and using a trusted and secure internet connection. A free Wi-Fi hotspot in a public place might be convenient but is more vulnerable to attack by hackers or malicious software and could put you at an increased risk of fraud.

Never click a link before making sure it’s going to take you to a legitimate site. Rolling your mouse over a link only takes a moment and will verify to what the URL is really linked. Make sure the URLs are spelt correctly; Many people only glance over text on the web; Hackers know this and will often substitute visually similar characters (e.g. ‘’ instead of ‘’) to trick you into visiting their phishing sites and giving them your details.

Before you type your card details in, ensure website address begins ‘https’ at the payment stage which indicates a secure payment. HTTPS is often used for online banking and shopping, because it encrypts your communications to prevent criminals from stealing sensitive information like your credit card numbers and passwords. You should also see a padlock symbol appear at the top or bottom of the page. A padlock icon of a locked padlock present in the URL bar at the top of your web browser will usually determine whether the website has An SSL Certificate. Popular online banking and other popular sites often use Extended Validation (EV) certificates that have a greater degree of protection, authenticity and improved indemnity conditions: this should display as special icons in your browser or alternatively as green high-lighted address bar: if the site you are accessing has this facility, check that these signs are visible.

A TLS (transport layer security) is an encryption method that all online retailers who deal with credit or debit card details must have. A TLS encryption stops hackers from accessing your personal or financial information, ensuring your details are secure and safe. Another method of identifying a website with a TLS Certification is the domain name. Secure websites begin with https://, while unsecured websites begin with: http://.

Some phishing websites could be using HTTPS to appear to be legitimate, but if a website doesn't have that padlock or you are presented with a security warning message by your browser when you access that site then DON’T enter your details.

To make matters work, some criminals can also obtain genuine HTTPS certificates from lesser known certificate issuers that are trusted by your browser; so even if your browser indicates the site appears to be ok, still be on your guard. Browsers also provide means to inspect the certificate credentials; to allow checking HTTPS certificates come from main-stream issuers. Remember more trust can be placed in sites protected by EV certificates.

If possible, always try to buy from retailers you have heard of. If you're looking for a specialist item that is only available on an independent website, be diligent.

Frequent spelling or grammatical errors in the product descriptions or website copy can be a good indication as to the quality of a website. Websites that appear to be written in broken English should be avoided, as well as websites that don't include unique photographs of the product, the ability to leave reviews, or an advertised returns policy.

Look out for a privacy statement on any website you are planning to make a purchase from. A privacy statement detailing how the business collects, uses, and protects sensitive financial information should be readily available from any retailer. Legitimate retailers almost always have a contact number and physical address visible in the header or footer of the website. If you have any reservations about the legitimacy of a website, copy and paste the address into a search engine to see if the given location is accurate.

The internet is also used to market counterfeit and fake goods and services, and also offers the services of rogue traders. These are problems that are - and always have been - rife in any distance selling arrangements. Before making high value purchases, commitments or booking holidays, be vigilant and perform extra checks. Check reputations by researching the people you are buying from: refer to online reputation resources such as TrustPilot, CheckATrade, or RatedPeople, type in the company or site name in the search engine and look for negative feedback, make full use of price comparison services, check reputation scores and customer feedback on online marketplaces such as eBay or Amazon. If the company claims to be a UK company look up their details using the Companies House WebCheck service.

It is important to realise that just because a website ends in ‘’, there is no guarantee that company is UK based. Conventional checks work too: look for a UK contact number and business address in their ‘Contact Us’ page: if only an email is provided it may be a fake trader. If there is a number: call it. If there is an address: give their business a virtual visit using online street view tools.  

Here is another trick: you can grab the photo images of your purchase or holiday package and use a search engine, Google or Bing, for image searching. This will reveal if the same image is used on multiple sites (possibly indicating fake goods/property or other mis-selling). Taking these precautions will help ensure that what you are purchasing is the real deal and has other benefits as well (e.g. ensuring you do not get stung for import charges that were not included in the price or waiting weeks for delivery via a slow boat from the Far East).  

Another sign that a website is genuine is that there will often be a "trust mark" on the footer, header, or on the checkout pages. These marks are accreditations from Internet security bodies (such as Norton, McAfee, TRUSTe, Trustwave), and should give an indication that the website is trustworthy.

Fraudulent websites may attempt to deceive users by including similar trust marks on their website. To ensure the logos are legitimate, try clicking on them – if the trust symbols are authentic, you should be taken to another website that explains the accreditation and what it means.

Finally, even if you are satisfied that the website is safe, use your credit card to pay. Credit cards are the safest method of making online purchases over £100, as it's easier for credit card companies to refund any money lost due to fraud. Websites that don't accept credit cards should raise a red flag, as it's often more difficult for fraudulent websites to become certified by credit card companies.




Contact us for more information

<< Back to Latest News items