Stay vigilant after you’ve made a purchase
Once you’ve made a purchase you still need to remain vigilant. Cybercriminals can target you even after you’ve made a purchase on a legitimate website.
If you think you’re a victim of a scam, act now.
Follow our advice on what to do if you find yourself a victim of a scam.
Read the following tips to learn what to look out for after you’ve bought something online.
Watch out for scam messages
Legitimate websites will not ask you to click on links in emails to verify your order
If you are asked to do this, contact the buyer directly from details on their website. Do not reply to the email or click on any links.
Check the sender's address on emails about online orders
Scammers try to impersonate brands or sellers by copying details of their email branding. What can give them away is their email address. Check the name of the email address to see if it matches up with the contact details on the online store’s website.
Look out for suspicious messaging
Be cautious if an email order confirmation:
- Doesn’t use your name
- Doesn’t have many details about your order
- Includes details about an order that is different to yours
- Asks you to click on a link to verify or change your order
- Uses a currency different to yours
Ignore and report suspicious messages
Be aware of any strange phone calls, messages or emails you get about online orders. It might be spam, or it could be someone trying to get you to share your personal or financial details.
Do not follow instructions from someone who contacts you saying there are problems with your online order. If you think the contact isn’t legitimate, you can follow up. Stop contact and use the organisation’s official contact methods on their website.
If someone has sent you an SMS, instant message or email that you think is strange ignore it.
Visit ‘If things go wrong’ to learn how to report suspicious messages.
Be careful saving your payment details
Be careful letting your online shopping accounts or browser save your payment details. This includes your credit card or bank account details, or financial accounts such as PayPal.
If you let your accounts or browser save your payment details, you increase your risk of someone being able to access them.
If you do save your payment details in an account or on a browser, ensure that your accounts are protected by multi-factor authentication or a strong passphrase.
Monitor your online presence
Make sure you know what information other people put online about you.
Don't put all your personal details online when using social media, blog sites or public forums. Check the privacy settings for your account to make sure you know who can see your information. Privacy settings sometimes change so you should check them frequently.
Fake delivery scams
Don’t let your guard down while you're waiting for your goods to arrive.
Cybercriminals can send fake parcel delivery notifications asking you to click on links to verify your delivery details. They might trick you into downloading malware or giving away your personal details.
You might get an email or text message pretending to be a parcel delivery service. It could say you have an ‘undelivered package’ waiting for pick up.
- Be cautious if the message:
- Doesn’t use your name
- Doesn’t have many details about your order
- Threatens to charge you more than you’ve already paid
- Think before you click. Australia Post will never ask you to click a link for parcel collection. Nor will they ask you to update or verify your information.
- If you’re unsure, call the organisation. Remember to use contact details from a verified website or other trusted source.
Scamwatch has examples of what these fraudulent text messages may look like.