Skip to main content

While you are shopping

A drawing of a pair of binoculars

Learn what to look for when shopping online.

The best way to avoid being a victim of cybercrime is to be informed. Know how to recognise a fake website or scammer and what to do if you find one.

Don't buy from suspicious websites. If you're not confident about how the website will use your information don't buy from them.

If you think you’re a victim of a scam act now.

Follow our advice on what to do if you find yourself a victim of a scam.

Read the following tips to learn how to shop securely online. 

Choosing where you buy 

Do some research on online shopping websites before you buy. Stick to well-known trusted brands and cross-check information on their website.

You can conduct research on online shops by:

  • Searching for reviews from other customers.
  • Reading the fine print including warranty, refund, complaints and handling. Also look at their privacy policies to find out how they will use your information.
  • Know what you’re buying. Read the description of the product thoroughly.
  • Be cautious of sellers offering very low prices. If it looks too good to be true, it probably is!

If you’re shopping on social media, classifieds or online marketplaces:

  • When shopping on Facebook or Instagram page, look for the blue tick next to page’s profile name. This indicates the page is verified by Facebook.
  • New social media pages or pages that only have a few followers may be indications they’re fake. 
  • Look out for pages where the conversation is one-way by the page owner. Little or no engagement from the page’s community is a red flag.
  • When shopping on Instagram, check to make sure the page is public. A true seller is unlikely to make their page private.
  • Visit PayPal’s website for tips on how to pay for Gumtree purchases.

Be aware of fake sellers

Cybercriminals can create fake websites and social media profiles. They will try and steal your money or personal details. They can copy the designs and logos from legitimate businesses to look genuine.

You can verify a website by:

  • Doing a browser search for other web pages or profiles by that seller. Compare logos, business names, URL addresses and contact details. If they don’t match up, steer clear!
  • Type the web address directly into your browser instead of clicking on a link. This will help make sure you aren't directed to a fake website.

For information on identifying genuine businesses, see the Australian Competition & Consumer Commission’s website.

Pay securely

It is unlikely you will get your money back if you've paid a scammer.

Use secure payment methods like PayPal, Bpay or your credit card. Never pay by direct bank deposits, money transfers or other methods (like Bitcoin). 

Follow these simple steps to make sure you are spending money securely online:

  • Check to make sure it is a reputable site with a padlock symbol and ‘https’ at the start (not http).
  • Use secure payment methods like PayPal, BPay or your credit card. There are dispute resolution processes available for these methods if things go pear-shaped. 
  • Never send your bank or credit card details via email.
  • Don’t click on a link received via SMS to pay. Never provide payment details over SMS.
  • Avoid doing any financial transactions when connected to public Wi-Fi, including hospitals, libraries, shopping centres or cafes. 
  • Check your bank statements for unusual transactions.

If you use PayPal:

  • Select the ‘payment for goods/services’ option. PayPal also has a 'to friends and family option'. If a seller asks you to use this option instead of ‘payment for goods’, this is a red flag. Sellers using this option violates PayPal’s policies and voids the buyer protections.

If you use BPay:

  • If you use BPay, use a legitimate biller code and customer reference number. Don't pay by direct transfers to bank accounts.

Online auctions

Online auctions can be a lot of fun. They can help you find good deals, but they also attract cybercriminals.

A common auction scam is when cybercriminals say the winner of an auction you bid on has pulled out. They offer the item to you but have to pay for it outside the auction site. Once you've paid, you won’t hear from them again and the auction site won’t be able to help you.

Here are some tips to help protect yourself:

  • Always make your transaction within the auction website. Don't contact buyers or sellers in private.
  • Keep printed and/or electronic records of all bids. Make sure you have written down the item’s descriptions. Include emails to and from the seller, and transaction records or receipts.
  • If you're buying something expensive, consider using a reputable third-party escrow service. These services hold the funds until you receive your goods.
  • If the website uses a feedback rating system, check reviews and rating scores. 
  • Read the terms and conditions before using an online auction site. Marketplaces like eBay, Etsy and CarSales have dispute resolution processes if things go wrong.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it