Avoid 3 traps if you want to protect your online data on Cyber Monday

More than 90% of U.S. adults recently put their personal data at risk, according to a survey.


Cyber Monday shoppers are eager to spend money this year. The annual post-Thanksgiving e-commerce tradition could rake in more than $12 billion in online sales in 2020, according to data from Adobe Analytics. That's up from $9.4 billion in 2019 and $7.9 billion the year before. 

The amount Americans plan to spend makes it even more important that they know how to protect themselves when shopping online. Unfortunately, most people don't. A Bankrate survey of over 2,500 U.S. adults conducted in September and October found that a whopping 91% of respondents were putting their personal data at risk online by not following simple security measures.

If you're planning to take part in the shopping festivities and want to avoid falling for a scam that could cost you, watch out for these three common traps.

Reusing the same password

A full 80% of the poll-takers say they reuse online passwords, while another 45% said they've saved passwords on their computer or phone. Experts recommend against that.

"Reusing passwords isn't a great idea, but almost everyone does it," says Ted Rossman, a Bankrate industry analyst. "The real worry is if there's a data breach like Marriott and that was also your bank account password," referencing a 2018 data breach at the hotel, which exposed millions of customers' credit card and passport numbers. "It complicates the situation."

If a different password for each merchant seems like too much to remember, Rossman suggests getting some help. "Let technology do it for you," he said earlier this month.

Free password managers like Dashlane and LastPass could ensure all your passwords are unique and safe. Each service assigns encrypted passwords for your accounts.

Buying from shady sites

Over a third, or 36%, of the respondents in Bankrate's survey used public Wi-Fi to make a purchase, which isn't as safe as using your home internet. The situation could become worse if you also use a website that isn't secure.

Make sure the site you're buying from is encrypted, meaning the URL starts with "https:" not "http:." Encrypted files disguise the content of any information you enter to protect potentially sensitive information from being read or accessed by another party.

How to spot a phishing scam

Video by Ian Wolsten

If you're not shopping through a trusted retailer like Target or Walmart, where the chances of a hack are less likely, then "it would be a good idea to check the company out using the Better Business Bureau's website, or even on Yelp," Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, recently told Grow.

Look out for merchants who approach you first, too, as phishing scams tend to ramp up during the holidays. When expecting an email about a package or shipment, beware of red flags including misspellings, long strings of garbled code, and anything that seems suspicious.

"Scammers are always on the hunt for ways to get our data, and one of those tactics is to pretend they are a well-known entity," says Trae Bodge, a smart shopping expert at TrueTrae.com. "For example, if you receive an email from a retailer, especially if the message is about a huge sale or a 'problem' with your account, take a moment to scan the message for any spelling or grammatical errors before clicking on anything or replying."

How to save shopping online during the holidays

Video by Mariam Abdallah

Using a debit card instead of credit

Buying with debit instead of credit can cause problems if someone commits fraud on your card.

Credit cards offer more robust protections for shoppers. If you find an unauthorized purchase with credit, you're only liable for $50 of the total amount spent, per federal regulations. That's also true for debit but only if you alert your bank within two business days.

"Credit cards are much safer than debit cards because credit cards represent the bank's money, at least until you pay them back," says Rossman. "They're just a line of credit, not direct access to your checking account. Debit card fraud can leave you without real money for weeks."

You could even go a step further with a virtual card number that masks your true card number. "This way, if there's fraud," according to Rossman, "it's contained and you don't need to get a new card and reset all of your auto payments. PayPal Key lets you do this with credit, debit, and a checking account. Apple Card, Citi, and Capital One allow this with credit cards."

More from Grow: