Go to top of page

Shopping safely online this Christmas

5 December 2017

Avoiding the crowds at busy shopping malls is just one of the reasons many of us prefer to shop online at Christmas time.

But be warned: Christmas is also a time when online cybercriminals go to work!

Scammers can create fake retailer websites that look like legitimate online retail stores. They can use sophisticated designs like stolen logos, '.com.au' domain names and even stolen Australian Business Numbers.

The big give away is that cybercriminals will typically ask you to pay by money order, pre-loaded payment card or wire transfer. Be warned: if you pay this way, it’s highly likely you’ll never see your money again or the item you just ‘bought’.

Be wary when buying products from online auction websites. Don’t deal with people who ask to negotiate or complete a transaction outside the website—no matter what the reason. Check seller reviews, typically shown by scores and comments, before closing any deal.

This advice extends to online classified websites. These offer goods and services but allow sellers and potential buyers to negotiate on a price outside the website. Scammers may pretend to be genuine sellers and post fake ads that advertise products far more cheaply than similar items advertised on the same site.

Remember: If it seems too good to be true, it probably is!

Shop safe

  • Look for a closed padlock icon and ‘https://’ in the address bar at the top of the page. The safest way to access any website is to type the web address directly into the browser. This will help ensure you don’t get directed to fraudulent websites that pretend to be shopping sites.
  • When shopping online only use secure payment services such as your credit card or PayPal. Don’t use wire or account transfers or other unusual payment methods.
  • Always log out of any shopping session when you finish and close the browser.
  • Create strong passwords—at least 12 characters long, using a ‘passphrase’.
  • Keep your operating system, web browser and anti-virus software up-to-date by ensuring automatic updates are enabled or installed as soon as they are available. 
  • Always enable two-factor authentication whenever it’s offered; it simply means there are two checks in place to prove your identity. An example is when you enter a password and a code is sent to your mobile phone. PayPal and most banks offer it.
  • Avoid doing any online shopping using public Wi-Fi networks. These public networks can be prime spots for phishing where a criminal steals sensitive information for malicious reasons.
  • Be extremely cautious in dealing with new or unknown retail websites, particularly if they’re advertising products and services at extremely low prices. These may be scam websites set up to steal your money or identity details.
  • Check the store’s refund or returns policy. The better online shopping and auction sites have detailed complaint or dispute handling processes in case something goes wrong.
  • Only pay for goods from online classified websites when you have seen or received them.

What to do if you get scammed

Contact your bank straight away and discuss the best option, which is often replacing cards or resetting online access.

Most big banks offer guarantees that they’ll cover any loss due to unauthorised transactions on your account, as long as you didn’t contribute to the loss, you protected your devices and passwords, and you let them know as soon as it happened.

Find out more about shopping safely during the festive season at selling and shopping online, online scams and browsing the web safely.

You can report a cybercrime to the Australian Cybercrime Online Reporting Network (ACORN) and a scam to the Australian Competition and Consumer Commission’s SCAMwatch