Pro tip No. 3: 'Google' brands
The real site is likely to be the top result, say experts. Here's what the FBI advises: "Log on directly to the official website for the business identified in the email instead of linking to it from an unsolicited email. If the email appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information."
None of this is fail-safe — there's a reason phishing emails are the most common trick hackers use to target their victims — but employing these tools can these help you navigate the Wild West Web.
Pro tip No. 4: Activate 2-factor authentication
Amazon recently joined eBay and Etsy to offer customers two-factor authentication. Here's how the world's most valuable e-commerce company is selling multifactor authentication to its customers:
"Why do I need this? Passwords can get stolen, especially if you use the same password for multiple sites. Adding two-step verification means that even if your password gets stolen, your Amazon account will remain secure."
"How does it work? Sign-in will be a little different. You'll enter your password as usual, and then a security code will be sent via text message to your phone, or you will generate a code using an app. You will then enter the code and complete your sign-in. You can also choose to 'trust' devices, so that you will not have to enter security codes on those devices."
Despite its advantages, most retailers do not offer two-factor authentication.
"Consumers have not yet been willing to accept really rigid strict security measures in order to shop," said Lauri Floresca, senior vice president and partner at Woodruff Sawyer & Co., an insurance services and risk management firm.
"Any decisions companies make to increase security, they have to view against customers finding it too burdensome and not bothering to shop, right? So there's that tension or that trade-off that companies make," she said. "That's some of the basis behind why you aren't seeing more companies have really aggressive security policies online — it's because they're afraid that it will lead to fewer sales."
We reached out to Target, Walmart, Nordstrom and did not hear back. Macy's told us: "We maintain a very active program to protect data. We will not comment on specifics, knowing that anything we say will only serve to help the bad guys."