Online buyers beware

Let online buyers beware

Technology has ushered in a brave new world. You can order groceries, make investments, furnish your home, have gifts sent to friends and family around the globe, get quotes on home repairs, pay your bills, and even shop for insurance, all from the comfort of your laptop. You don’t even have to change out of your PJs.

Unfortunately, it's a world in which a new class of scammer — the cybercriminal — has also established a beachhead. These thieves prey on the unwary, harvesting personal data such as credit card info, phone numbers, Social Security numbers, and more, using it to make illicit purchases and even hack into bank accounts, businesses, and vital civic infrastructure. By some estimates, cybercrime will cost the world $8 trillion dollars in 2023.

Even governments can have their computer systems hijacked and held for ransom, being forced to pay hundreds of thousands or even millions to malicious hackers to regain access to their systems. If cybercrime were a country, it would represent the third largest economy on the planet. With this big of a payoff, it’s a problem that’s not going away anytime soon.

Happily, there are things you can do to thwart the crooks. Here are some tips to help you keep your identity and your financial information protected when you’re online.


There are many paths cybercriminals can take to access your personal information. Educating yourself about them is a good first step to living a safe digital life. The Federal Trade Commission (FTC) maintains a frequently updated archive of consumer alerts you can consult for warnings about emergent threats.

    First, here are some tips and red flags the FTC has identified :
  • Bogus internet storefronts are everywhere. According to the Better Business Bureau (BBB), in 2021 online shopping rip-offs accounted for 37 percent of the complaints reported to its Scam Tracker service. Scammers often start by putting up a counterfeit website, mobile app, or social media site, sometimes built with images pirated from legitimate businesses. They use these images to construct catalogues that lure unwary buyers but deliver knockoff merchandise if they deliver anything at all.
  • Sloppy sites. If it looks suspicious, avoid it. Serious e-commerce retailers have generally put a lot of work into their websites. If the website you’re looking at features poor-quality visuals, multiple misspellings, or grammar errors, you may be dealing with a criminal. Even a good quality website is no guarantee the retailer who put it up is legit. Beware of sites that are made to look like genuine websites, but that have URLs that aren’t quite right (e.g., “” rather than “”), or that lure you in with familiar merchandise at once-in-a-lifetime prices. If a deal seems too good a deal to be true, it probably is.
  • Questionable ads or an abundance of them. An illegitimate website will often feature ads for other illegitimate websites in banners, pop-ups, and other parts of the site. These ads may promote pirated movies, or software to “protect” you from viruses, but may in fact harvest your data or infect your computer with malware if you follow their links.
  • Read the receipt. Make sure you understand the terms of the purchase you’re making and look past the sales price at such items as taxes or mailing fees.
  • If you’re still suspicious… Trust your gut. Do a keyword search of the business’s name and the word “scam” or “review,” then scan the results page for messages that warn you off.


We’ve compiled a brief list of “dos” and “don’ts” based on the FTC’s recommendations. Our list isn’t comprehensive, but it should get you started.


  • Do use a credit card rather than a debit card, if possible. It is easier to recoup lost funds through credit card companies, some of which offer guarantees that you will never have to pay for a fraudulent charge.
  • Do check if the website uses a well-known payment processing service. Payment services generally do some research on a website to confirm they are legitimate before agreeing to contract with them.
  • Do make sure you receive an email confirmation of your purchase. Screenshot or print the confirmation page at the end of checkout to ensure you have the receipt information and keep a file of these images and confirmations. If you haven’t received a confirmation, contact the seller right away. If they’re slow to respond or don’t respond at all, contact your credit card to cancel the purchase.
  • Do check your credit card bill to make sure you were charged the correct amount.


  • Don't save your payment information on a website, especially on one you have not used before.
  • Don't wire money. It is nearly impossible to get wired money back if your item never arrives.
  • Don't ever share Social Security numbers, bank account numbers, or other sensitive information.


  • Let your bank and credit card company know right away. If you suspect that your credit card information or identity has been stolen, immediately freeze any accounts you think may have been affected. It's better to overreact than to underreact and lose valuable time. Banks and card companies have procedures in place to help protect you.
  • Change all affected passwords. Changing your passwords as soon as you suspect identity theft is a great way to help limit damage that can be done.
  • If you see something, say something. Report the theft to the police and the Federal Trade Commission. They can verify you have been a victim of identity theft/fraud. Copies of these reports will go a long way with creditors when reversing fraudulent charges.

The information included here was obtained from sources believed to be reliable, however Grinnell Mutual Reinsurance Company and its employees make no guarantee of results and assume no liability in connection with any training, materials, suggestions, or information provided. It is the user’s responsibility to confirm compliance with any applicable local, state, or federal regulations. Information obtained from or via Grinnell Mutual Reinsurance Company should not be used as the basis for legal advice and should be confirmed with alternative sources.

Sources: Cybercrime Magazine; Better Business Bureau; AARP