Staying safe online when browsing and shopping

Last updated: 21 February 2021   By Lyndsey Burton

Understanding the risks when browsing and shopping online can stop scammers getting hold of our personal information.

Taking steps to protect ourselves and our devices can reduce the risks to our personal details and our money.

Internet users should always keep their browsers up to date and be cautious when downloading extensions, apps or files.

Plus, the simple act of staying cynical every time we do anything on the internet can help us avoid falling into a cybercriminal's trap.

online shopping
Credit: William Potter/

In this guide:

What are the risks when browsing online?

The Office for National Statistics (ONS) found 95% of UK adults had used the internet within the past three months at the time their survey was taken in 2020.

As more people get online, the risks of doing so multiply and evolve. Even the most tech-savvy among us could be hit by new scams as we browse the web and shop online.

There are three major categories of online risk to be aware of, which we cover in more detail below. Bear in mind, there's some crossover between the three categories, especially for more sophisticated scams.

Along with these, there is also the potential for web browsers to be exposed to inappropriate content, especially younger web users.

The Age Appropriate Design Code aims to make companies and websites respect children's privacy: read more about that here or read our full guide looking at whether the Government can keep kids safe online.

We've got a full guide on parental control software for parents and carers too.

Risk 1: Malware

Malware is the collective name for various types of malicious software we may encounter while browsing or opening our emails.

These are some common subsets:

  • Viruses which infect our computers when an action is taken (such as an app being opened)
  • Worms which infect our computers automatically when a file is downloaded (no need to be triggered by an action)
  • Trojans which pretend to be legitimate programs and then damage our computers when used
  • Ransomware which locks computers until a ransom is paid

Taking protections and remaining vigilant when we're online can reduce the possibility of this malicious software making it onto our computers.

Risk 2: Phishing

Phishing is the name given to scams where the intention is to steal personal information. This could be credit card details, login credentials or any other personal details scammers may be able to use to run their scams.

Internet users can come across these scams in various settings, but the main ones spoofed websites, emails or text messages purporting to be from a company.

These scams can be tricky to spot. Read our full guide to online scams for more information or learn how to protect your personal information on social media and elsewhere online.

Risk 3: Fraud

Online fraud accounted for 87% of all identity fraud cases in 2019, and there are plenty of opportunities for fraudsters to target people while they're browsing and shopping online.

These include:

  • Fake shopping websites
  • Fake charity websites
  • Fake gambling apps or sites
  • Fake dating profiles
  • Fake listings on sales sites

The goal of fraudsters is to get hold of our money by pretending to be a legitimate website where we make a purchase or persuading us to transfer money through a listing on a marketplace, dating website or a link to one of our social media accounts.

We've got a full guide to understanding fraud and how likely it is.

How to stay safe while browsing or shopping online

Now that we understand the risks of browsing and shopping online, let's take a closer look at how to battle against them.

These are six of the best tools in our arsenal:

1. Use strong passwords

It might be the most common piece of advice for staying safe online, but that's because strong passwords can protect us in numerous ways.

Complex passwords may include:

  • Mix of upper and lowercase characters
  • Numbers
  • Symbols
  • Multiple words

They shouldn't include information that is easy to guess such as a family member's name or birthday, nor should they be one word which might easily be hacked.

If creating unique complex passwords for all our logins sounds intimidating (and difficult to memorise), we could use a reputable password manager to store all our passwords, so we only need to remember one.

There are plenty of paid and free password managers out there including:

  • LastPass
  • 1Password
  • Dashlane
  • RoboForm

Always do your research before choosing a password manager and remember the password you choose for your overall password must be memorable or you won't be able to access any of your accounts.

2. Protect your devices

Reliable antivirus software and a good firewall can prevent our web browsing bringing malware on to our devices and stop phishing attempts in their tracks.

There are paid and free antivirus software options available from the likes of:

  • Norton
  • McAfee
  • Avast
  • AVG
  • Kaspersky

It's one thing to have quality antivirus software installed on our devices, but we've got to use it properly too.

Remember to:

  • Run regular virus scans
  • Keep the antivirus software updated
  • Pay attention if it tells you something is suspicious

Don't forget that our smartphones and tablets are vulnerable to attack too, and these are often the places where we do the majority of our web browsing, shopping and banking.

Install security software on these too and read our guides on the most secure smartphones and the safety of mobile banking apps.

3. Always install software updates

We mentioned keeping antivirus software updated above, but there are other programs on our computers and devices we need to make sure are updated too.

The browser we use to access the internet, whether that's Chrome, Firefox, Safari or another, will be regularly updated by the developers to protect against the latest threats.

When a browser prompts us to update, there's a good reason for that. It may be inconvenient, but it's a few minutes of inconvenience that could prevent damage to our computers or help stop us becoming a fraud victim.

Similarly, applications we use every day either through our computer or via our smartphones will periodically prompt us to download and install updates.

If we look at the explanation alongside many of these updates, it will say they're fixing minor security bugs or flaws. Some people won't bother downloading these updates because they don't seem to improve the application they're happy using, but that's not the point: the application might now be a security risk for their computer or device.

4. Beware browser extensions

Browser extensions are useful to undertake quick tasks online like taking a screenshot, applying discount codes or clipping items to online notebooks.

We should always download extensions from trusted sources such as the web browser's own marketplace but be aware this isn't completely fool proof.

Scammers may be able to add malicious browser extensions disguised as genuinely useful tools on to the marketplace, sometimes bypassing the stringent vetting procedures browsers claim they have.

When giving a browser extension permission to do something (as we do when we first install them), check whether the permissions they're asking for make sense.

For example, any extension asking to log secure details such as passwords or credit card details should be treated with suspicion.

5. Protect your personal details

Scammers love getting hold of our personal information, so it's important we take steps to stop that happening.

There are some obvious things we should not be sharing with others online such as:

  • Passwords
  • Bank details
  • Credit card details
  • Home addresses

However, we should also be careful about the other things we share online in places such as social media. We may share information about our location or children's names or other identifying information that could be used by fraudsters as part of a bigger scam.

Make use of privacy settings on all websites that offer them and be careful about sharing unnecessarily information online.

6. Practice safe browsing

Safe online browsing and shopping can encompass a whole host of factors. Although some of these tips are second nature to some of us, we're all liable to forget them at times.

Remember these points:

  1. Always ensure a website where we're making a payment or sharing personal information is secure by checking it begins with "https" instead of just "http"
  2. Check the websites we visit are spelled correctly and don't have bizarre domain names or unexpected country domain extensions
  3. Don't click on clickbait links designed to lure us to unsafe websites
  4. Don't download software from sites unless we're certain they're safe
  5. If a shopping offer seems too good to be true, it probably is
  6. If a website requests more information than they need, be cautious
  7. Don't give anyone else access to our accounts

Fraudsters become more sophisticated as our ways of fighting them become more sophisticated. That's why we have to constantly be on our guard when browsing and shopping online.

Stay vigilant

Most advice about staying safe while browsing and shopping online can be boiled down to one pro tip: always stay vigilant.

If we understand the mechanics of how scammers work and what information they want to steal from us, we can take steps to protect that information.

At the same time, scams are constantly evolving and flaws we never knew about emerge quickly before they're fixed.

As an example, back in 2019, it was confirmed the Samsung Galaxy S10 had a thumbprint sensor flaw, meaning any thumb could unlock the device if a screen protector had reduced the effectiveness of the sensor.

Although the flaw was quickly patched with a software update, it demonstrated how technology can increase problems as well as reducing them. Biometrics are actually really useful as a way of securing our devices and our accounts, but we all need to make sure we pay attention when reports of flaws come out.

Another example would be Hyperoptic's issues with their routers reported back in 2018. Thanks to all the routers having the same hardcoded root password, it was theoretically possible for cybercriminals to access all routers by persuading individuals to click on phishing links.

Security threats and reports of breaches emerge every day, and it'd be exhausting to stay on top of each and every one.

However, app makers and software companies are required to stay on top of anything that puts their users at risk, so when they ask us to install a software update to fix a security flaw, we should do it as soon as possible.

Conclusion: browse securely

With more of us online than ever before, scammers are trying every trick possible to access our personal details and defraud us.

There are a couple of golden rules when it comes to safe online browsing:

  1. Be vigilant
  2. Be cynical
  3. Be careful

If something seems suspicious for any reason, trust your gut instinct and close the browser window. Don't buy the cheap handbag or download an app or click on a link: just close the browser window and carry on with your day.

Yes, we might miss out on some legitimate opportunities, but we'll avoid far more risks too.

For example, if a legitimate company is wondering why their great offer appearing in a pop-up window isn't attracting attention, they may eventually ask whether they're presenting it in the right way. Companies need to adapt to face the next round of threats: it isn't down to the customer to trust them anyway.


Which broadband deals are available in your area?

independent comparison

We are independent of all of the products and services we compare.

fair comparison

We order our comparison tables by price or feature and never by referral revenue.

charity donations

We donate at least 5% of our profits to charity, and we aim to be climate positive.

Get insider tips and the latest offers in our newsletter