@mvp Great question. Much of this depends on what you are looking to buy, and from which site. In general, the below rules always apply
- Ensure that the site you are purchasing from has a good reputation rating. It’s well worth checking reviews from previous customers on sites such as Trust Pilot etc, and better still, try to communicate with other buyers on the site in question to get their feedback
- Never pay upfront for something with the promise of a delivery unless it is from a reputed seller. There are a number of scams in operation where goods are paid for upfront, yet never arrive. Such sites that have exhibited this behaviour before as eBay, for example.
- Ensure that the site you are using leverage a secure checkout experience. By default, they should be using SSL - look for the padlock in the browser, and take it one step further. Check the certificate they are using (easily done in most browsers) to ensure that the site is who it purports to be. There have been cases in the past where fake sites have been setup using Cloudflare. They look legitimate, but in fact, are anything but
- Use PayPal or similar to fund purchases. PayPal in particular has buyer protection, meaning you can get your money back (after successful arbitration) if the goods never arrive. If no digital mechanism exists, use a credit card rather than debit. It’s almost impossible to get a refund on a debit card for fraudulent transactions, whereas a credit card offers insurance against this.
- Use a secure password for the site in question. Don’t use passwords that are easily guessed, and leverage a password manager to store that password.
- If the site offers two factor authentication, use it. However, avoid SMS based two factor if possible, as this is subject to specific vulnerabilities such as SIM jacking for example
Basic tips, but good starting points.