Skip to main content

While you are shopping

A drawing of a pair of binoculars

What to look out for when shopping online

The best way to avoid being a victim of cybercrime is to be informed. It is really important to know how to secure your device and recognise a fake website or scammer.

Don't buy from suspicious websites. If you're not confident about how the website will use your information don't buy from them.

If you think you’re a victim of a scam act now.

Follow our advice on what to do if you find yourself a victim of a scam.

Read the following tips to learn how to shop securely online. 

Choosing where you buy 

Do some research on online shopping websites before you buy. Stick to well-known trusted businesses and cross-check information on their website.

You can conduct research on online shops by:

  • Searching for reviews from other customers.
  • Reading the fine print including warranty, refund, complaints and handling. Also look at their privacy policies to find out how they will use your information.

Be careful about spoofed hyperlinks and websites. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain: for example instead of

If you know the domain name of the website, carefully type it into your web browser URL/search bar and check that you didn’t misspell it.  Otherwise use your favourite major search engine and click on the first result which isn’t an advertisement.

Warning signs

If you see these warning signs while shopping online, think carefully about proceeding:

  • A product is advertised at an unbelievably low price, or advertised to have amazing benefits or features. If it looks too good to be true, it probably is!
  • The other party insists on immediate payment, or payment by electronic funds transfer, a wire service, gift cards, or digital currencies such as Bitcoin.
  • An online retailer does not provide adequate information about privacy, terms and conditions of use, dispute resolution or contact details. The seller may be based overseas, or the seller does not allow payment through a secure payment service such as PayPal or a credit card transaction.

If you’re shopping on social media, classifieds or online marketplaces:

  • When shopping from a store’s Facebook or Instagram page, look for the blue tick next to the page’s profile name. This indicates the page is verified by Facebook.
  • The social media-based store is very new and selling products at very low prices. New social media pages or pages that only have a few followers may be indications they’re fake. 
  • Look out for pages where the conversation is one-way by the page owner. Little or no engagement from the page’s community is a red flag.
  • If you’re buying from an individual, for example over a Facebook group, view the seller’s profile. If the account is new, is not very well-established, or has other listings that are very cheap or too good to be true, it could be a scam.
  • When shopping on Instagram, check to make sure the page is public. A true seller is unlikely to make their page private.
  • Visit PayPal’s website for tips on how to pay for Gumtree purchases.

Be aware of fake sellers

Cybercriminals can create fake websites, social media profiles and email addresses. Their goal is to try and steal your money or personal details. These can look like genuine retail stores, even copying designs or logos from legitimate businesses. Their websites can even look identical to legitimate websites, but the URL might have a variation in spelling (e.g. one extra letter or a different domain extension – e.g. .net instead of .com).

When using retail websites, find out exactly who you are dealing with. If it is an Australian company, you are in a much better position to sort out the problem if something goes wrong. Look for an Australian address, phone number, business hours, or an ABN.

Protect your devices and accounts

Make sure your device is up to date

It is important to keep the devices you online shop with up to date. 

Turn on automatic updates for operating systems and applications (such as web browsers). Updates introduce new functionality and resolve security problems. New versions of operating systems and applications usually have new security features.

Operating systems and applications that aren't supported means you can't update them. If your operating system is no longer supported, you should think about buying a newer device or service.

Secure your high risk accounts

Protect your personal information by using multi-factor authentication (MFA) and secure passwords.

Where possible, you should turn on MFA for your high-risk accounts (such as those that store your payment information). MFA is when you use two or more different types of actions to verify your identify. You may already be using MFA. For example, when you receive an authentication code by SMS text message after entering your password to log into an online account. MFA makes it harder for cybercriminals to access your account, by adding extra layers of protection.

You should use different passphrases for your high risk accounts, such as those that store personal or financial information. It is important that the email address you use for accounts has a passphrase that you don't use elsewhere. If you’re having trouble remembering them all, you can use a password manager to store or generate passwords for you.

Use a secure network connection

Public Wi-Fi can be convenient, but it is also risky. If your Wi-Fi connection isn’t secure someone may use it to steal your personal or financial information for malicious purposes. Stick to secure, trusted networks or switch to your cellular data connection (e.g. 4G/5G) when online shopping.

Pay securely

It is unlikely you will get your money back if you've paid a scammer.

Scammers like you to use payment methods like direct bank deposits, money transfers or digital currencies like Bitcoin because it’s an easy way for them to steal from you.  Always make sure you use secure payment methods like PayPal, BPay or your credit card for any online shopping purchases that you make. 

Follow these simple steps to make sure you are spending money securely online:

  • Use secure payment methods like PayPal, BPay or your credit card. There are dispute resolution processes available for these methods if things go pear-shaped. 
  • Never send your bank or credit card details via email.
  • Don’t click on a link received via SMS to pay. Never provide payment details over SMS.
  • Avoid doing any financial transactions when connected to public Wi-Fi, including hospitals, libraries, shopping centres or cafes. 
  • Check your bank statements for unusual transactions and report them to your bank.

If you use PayPal:

  • If you’re sending funds to someone using PayPal, there are two payment types to choose from. Only one of them is protected. If you’re paying for an item you’ve agreed to buy online, use the goods and services payment option in PayPal. If a seller insists on the friends and family payment option, this could be signs of a scam and you will not recover any money sent this way.

If you use BPay:

  • If you use BPay, use a legitimate biller code and customer reference number. Don't pay by direct transfers to bank accounts.

If you use a credit card:

  • You may want to set up a second card with a low credit limit and keep it specifically for online purchases. If your card details are ever compromised after shopping online, this will minimise your financial losses, and if you need to cancel your card you will still be able to continue using your primary credit or debit card.

Online auctions

Online auctions can be a lot of fun. They can help you find good deals, but they also attract cybercriminals.

A common auction scam is when cybercriminals say the winner of an auction you bid on has pulled out. They offer the item to you but have to pay for it outside the auction site. Once you've paid, you won’t hear from them again and the auction site won’t be able to help you.

Here are some tips to help protect yourself:

  • Always make your transaction within the auction website. Don't contact buyers or sellers in private.
  • Keep printed and/or electronic records of all bids. Make sure you have written down the item’s descriptions. Include emails to and from the seller, and transaction records or receipts.
  • If you're buying something expensive, consider using a reputable third-party escrow service. These services hold the funds until you receive your goods.
  • If the website uses a feedback rating system, check reviews and rating scores. 
  • Read the terms and conditions before using an online auction site. Marketplaces like eBay, Etsy and CarSales have dispute resolution processes if things go wrong.

Tony’s story

35-year-old Tony, from Albury, got caught out after spotting what he thought was a genuine ad on an online classified site for a second-hand digital camera. Looking at the pics of the camera, it was a great price at $310, and would’ve been the perfect gift for his father-in-law, an avid photographer. He confirmed by text message with the Melbourne-based trader that the item was still available and then transferred via a bank deposit the funds plus $20 postage.

By the end of the week, Tony hadn’t received the item and followed up with the phone number listed on the ad, leaving numerous voicemails and sending text messages. After a further week of no responses and the ad disappearing from the website, Tony came to the sad realisation he had been scammed. As he had paid by bank transfer as well, his bank was unable to help him recover his funds.

Jamie’s story

59 year old Jamie wanted to buy her husband a set of golf clubs for his birthday that she knew he wanted. She searched online and found the clubs at generally the same price on online golf sites, online classified sites.  Jamie then found the same set of clubs on a website she had never seen before, offering them for $300 less. Jamie emailed the website to double check it was legitimate.

Someone from the website emailed back, explaining the very last set of clubs was available but credit card information would need to be emailed because of technical issues with the website’s shopping system. An alternate payment method was offered to Jamie to send funds via PayPal with the “friends and family” option as the website needed to ensure payment came quickly. They also asked Jamie to check out their other clubs on offer and to open the attachments and links within the email.

Jamie was suspicious, did not respond with her email address and did not open the attachment or links. She went back to the website and noticed the images of the golf clubs were the same images from a reputable golf website, and that every set of golf clubs were “the last set available”. Jamie also checked reviews of the website and found many complaints that it was a scam. Jamie deleted the email and bought the clubs from a known and reputable golf site. The next week Jamie tried to show a friend the website but it had been taken down and was no longer available.

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it