Online shopping has become so common that we can easily drop our guard. Once we do, we’re vulnerable to everything from identity theft to outright fraud. But some simple steps before making purchases can remove most of the risk so you can shop online safely.

Shop only on trusted sites

As a rule, if you haven’t heard of the site, don’t shop there. It should be a common site or one you’ve had references on from trusted parties. There are scam sites set up, and your money isn’t all they get from you. The bigger prize is the information you provide that will give them access to your credit card or bank account. Some of them might also sell your identity to third parties who will use it for no good purpose.

Avoid shopping on sites that come to you from your email, even if they’re household names. One of the scams right now is copying pages from popular sites that are in no way connected with the true site. You’ll buy as you normally would, only you’ll never get what you pay for. The site scammers however, will get exactly what they want.

If it’s a popular site, exit the email, pull up the site on your web browser (from your favorites or from a search page) and go directly to the true site. It’s sad that we have to think this way but the scammers are getting more sophisticated all the time.

Use a unique password for every site you shop on

Many of us get lazy when it comes to passwords; we use the same password again and again so we don’t have to remember multiple passwords. But if that strategy is easier for us, it’s also easier for would be scammers and identity thieves. Once they have your password from one site, they can use it on others.

Have a unique password for each site you shop on and be sure it isn’t one that’s obvious or overly simple. If a thief wants to use your password against you, make him work for it!

Look for the “s” at the end of “http” in the payment page url address

When you come to the point where you actually make the purchase—that is, where you pay—make sure the url address is “https” and not just “http”. There IS a difference.

With an “http” url, anyone can potentially see what you enter in a screen; “https” encrypts your entries on the page so that no one but the intended recipient will see it. That substantially cuts down on the chances that your information will fall into the wrong hands.

Provide only the minimum information required

An online seller should request only the amount of information needed to make the transaction. That means general information, like name, address and phone number, and any payment information (your credit card information should be sufficient). If they ask for more than that you have good reason to be suspicious.

Never give out your bank account number, social security number or any other information that might be used to access your credit information. If a site asks for it, it’s time to pack up and move on.

Pay with PayPal

Despite our best efforts to avoid it, the possibility of a scam still exists. For this reason we need a Plan B—a recourse on the payment side.

There are usually different ways to pay for your online purchases, but make sure that the credit card you’re paying with offers some sort of buyer protection in case the selling site turns out to be a fraud. I’ve had this happen twice and each time the credit card company recovered the money.

Better yet, have a PayPal account for online transactions. The advantage is that your payment information is stored by PayPal, not by the site you’re shopping on.

When in doubt, do a quick web search

Here’s something I’ve found to be a huge help when I’m not sure if a site is legitimate. Do a quick search on the site you want to buy from by searching the site’s name followed by the words “scam” or “fraud”. For example, search “buygreatstuffonline.com scam”, and see what comes up. If nothing comes up, you’re good to go, but if you get a bunch of entries—particularly those indicating proceedings by state attorneys general—you know something’s wrong.

When doing this, be careful to distinguish between true scam sites and simple complaints. These days if people have trouble with a business, they’ll take their case to the web and complain to anyone who will listen. That doesn’t indicate a scam as much as a deal gone wrong.

What steps do you take to make sure that the sites where you make your online purchases are legitimate?