The Safe Click Project

Safe Online Shopping and Banking

CyberSmart Seniors  •  About 14 minutes

By the end of this lesson, you'll know three simple checks for telling a real online store from a fake one, and you'll know exactly what to do if a card number leaks.

Intro

Online shopping and online banking are two of the most useful things the internet does for daily life. They're also where scammers can do the most direct financial damage in the shortest amount of time. This lesson is about doing both safely — not avoiding them, just doing them with two or three habits that make almost all the risk go away.

Check 1: Look at the URL

The URL is the web address at the top of your browser. Before you type a credit card number into any website, look at it.

Two things to check. First, does it start with https? The “s” means encrypted. Most modern browsers also show a small padlock. If you see “Not secure” next to the URL, do not enter a card number.

Second, is the domain name actually the company you think it is? Scammers buy domains that look almost right. amzaon.com instead of amazon.com. paypa1.com with a number 1 instead of an L. tjmaxx-deals.com that isn't TJMaxx at all. If you searched for the store on Google and clicked the first result, double-check the URL before checkout. The cleanest way to be sure: type the company's name into your browser yourself, instead of clicking a link from an email or a social media ad.

Check 2: Pay attention to price and feel

Scammer stores are often built fast, and you can usually feel it. The prices are too good — designer sunglasses for nine dollars, an iPad for eighty. The product photos look like they were taken from someone else's website. The “About Us” page is missing or vague. There's no real phone number, just a generic contact form.

Your gut is doing real work here. If a store feels off, close the tab. There are millions of legitimate stores online, and you don't owe any one of them your business.

Check 3: Use a credit card, not a debit card

This is one of the most important habits in this whole course.

Credit cards and debit cards look the same, but the law treats them very differently. Federal law caps your liability for credit card fraud at fifty dollars, and in practice most banks waive even that. Debit cards are weaker — your liability depends on how fast you report the fraud, and in the meantime the money has already left your checking account.

For online shopping, use a credit card. Pay it off in full each month if you can. If a number leaks, the worst case is you call the bank and they reverse the charges. With a debit card, the bank is reversing your own money back into your own account, which can take days.

Even better: many credit cards now offer virtual card numbers — disposable card numbers you can generate for a single transaction. If a virtual number gets stolen, it's already useless. Look in your bank's app or website for “virtual card,” “single-use card,” or “card lock.”

Banking online: the three settings to turn on today

Most banks now offer three protective features. Turn all three on if you haven't already.

  1. Two-factor authentication. We'll cover this in more detail when the paid Tier 01 course opens, but the short version: when you log into your bank, the bank sends a code to your phone in addition to asking for your password. Even if a scammer steals your password, they can't get in without that code.
  2. Login and large-transaction alerts. Your bank can text or email you every time someone signs into your account or makes a transaction over a certain dollar amount. The first sign of a scam is usually a notification you didn't expect.
  3. Card lock or freeze. Most major banks let you lock your card from the app. If you misplace your card or think a number leaked, lock it instantly. You can unlock when you find it.

What to do if a card number leaks

Five steps, in order:

  1. Call the number on the back of your card or open the bank's app. Lock the card or report it lost. The bank will cancel it and send a new one.
  2. Look at recent transactions. Report anything you didn't make as fraud. The bank will reverse those charges.
  3. If the scam involved a website that asked for additional information (full name, address, Social Security number), tell the bank. They may flag your account for extra monitoring.
  4. Change your password on the affected account if you used the same password anywhere else.
  5. Report it to the Federal Trade Commission at reportfraud.ftc.gov. This doesn't recover your money, but it helps the FTC track scam patterns and protects other people.

Notice what's not on that list: blaming yourself. Card fraud happens to careful people every day. The system is designed to make you whole. Use the system.

Recap

Three checks before you shop: look at the URL, trust your gut on price and feel, and use a credit card with a virtual number if your bank offers one. Three settings on your bank: two-factor authentication, login and transaction alerts, and card lock. Five steps if a card leaks: lock, report, alert, change passwords, report to the FTC.

If you take one thing from this lesson

Open your bank's app today and turn on transaction alerts. The first time a scammer tries something, you'll know within seconds — long before any real damage is done.

Try this today

Look at your last five online purchases. For each one, did you type the store's name yourself, or did you click a link from an email, an ad, or a social media post? If you clicked a link, that's the habit to change first.

That's it for the CyberSmart Seniors track. Four lessons, twenty habits, no jargon. If something in this course saved you from a scam, tell a friend. The best protection any of us has is each other.

Download the resource

A one-page summary you can print and keep.

Download the one-page PDF