Know who you’re dealing with. Anyone can set up shop online under almost any name. Confirm the online seller’s physical address and phone number in case you have questions or problems. If you get an email or pop-up message while you’re browsing that asks for financial information, don’t reply or click on the link in the message. Legitimate companies don’t ask for this information via email.
	Know exactly what you’re buying. Read the seller’s description of the product closely, especially the fine print. Words like “refurbished,” “vintage,” or “close-out” may indicate that the product is in less-than-mint condition, while name-brand items with “too good to be true” prices could be counterfeits.
	Know what it will cost. Check out websites that offer price comparisons and then, compare “apples to apples.” Factor shipping and handling — along with your needs and budget — into the total cost of the order. Do not send cash under any circumstances.
	Pay by credit or charge card. If you pay by credit or charge card online, your transaction will be protected by the Fair Credit Billing Act. Under this law, you have the right to dispute charges under certain circumstances and temporarily withhold payment while the creditor is investigating them. In the event of unauthorized use of your credit or charge card, you generally would be held liable only for the first $50 in charges. Some companies offer an online shopping guarantee that ensures you will not be held responsible for any unauthorized charges made online, and some cards may provide additional warranty, return, and/or purchase protection benefits.
	Check out the terms of the deal, like refund policies and delivery dates. Can you return the item for a full refund if you’re not satisfied? If you return it, find out who pays the shipping costs or restocking fees, and when you will receive your order. A Federal Trade Commission (FTC) rule requires sellers to ship items as promised or within 30 days after the order date if no specific date is promised.
	Keep a paper trail. Print and save records of your online transactions, including the product description and price, the online receipt, and copies of every email you send or receive from the seller. Read your credit card statements as you receive them and be on the lookout for unauthorized charges.
	Don’t email your financial information. Email is not a secure method of transmitting financial information like your credit card, checking account, or Social Security number. If you initiate a transaction and want to provide your financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some fraudulent sites have forged security icons.
	Check the privacy policy. It should let you know what personal information the website operators are collecting, why, and how they’re going to use the information. If you can’t find a privacy policy — or if you can’t understand it, consider taking your business to another site that’s more consumer-friendly.

Spoofing Attacks

Spoofing attacks are commonly used in conjunction with phishing. The spoofed site is usually designed to look like the legitimate site, sometimes using components from the legitimate site. The best way to verify whether you are at a spoofed site is to verify the certificate. Keep in mind that there are several ways to get the address bar in a browser to display something other than the site you are on. Therefore, do not rely on the text in the address bar as an indication that you are at the site you think you are.

Always verify the security certificate issued to a site before submitting any personal information. Before submitting any personal information, ensure that you are indeed on the website you intend to be on. In Microsoft® Internet Explorer, you can do this by checking the yellow lock icon on the status bar. This symbol signifies that the website uses encryption to help protect any sensitive personal information—credit card number, Social Security number, payment details—that you enter.

Secure site lock icon. If the lock is closed, then the site uses encryption. Double-click the lock icon to display the security certificate for the site. This certificate is proof of the identity for the site. When you check the certificate, the name following Issued to should match the site you think you are on. If the name differs, you may be on a spoofed site. If you are not sure whether a certificate is legitimate, do not enter any personal information. Play it safe and leave the Web site.

Legitimate certificate. The Issued to domain name should match to the Web site domain name. In some cases, the certificate will match the company hosting the site.  As long as the hosting firm is reputable, than this is safe.  Keep in mind that any business must be legitimate to obtain a digital certificate. Also, be cautious about clicking links in e-mail messages or in online ads from retailers you don't recognize or trust. If you have any doubt about a link, do not click it. Instead, type the Web site address into the address bar of your Web browser, or try to confirm that the link is legitimate. Remember, if an offer sounds too good to be true, it probably is.