Shopping online

When you shop online, be smart about the purchasing process and trust your instincts.

If the website looks suspicious and you're not confident about how they’ll use your information or that you’ll get what you pay for, don’t make the purchase.

So how can you stay safe?

Check out our handy PDF icon online shopping checklist (PDF)

Know who you’re buying from!

Where possible, stick to well-known trusted brands and cross-check information on their website to make sure you’re dealing with the official seller and not a scammer trying to impersonate the brand.

  • Search reviews from other customers.
  • Read the fine print including warranty, refund, complaints handling, as well as privacy policies, to find out how your information will be used.

Beware of fake sellers

Scammers can create fake websites and social media profiles to try and steal your money or personal details. They copy the designs and logos from legitimate businesses to appear more genuine.

  • To verify a site you’re looking at, do a browser search for other web pages or profiles by that seller. Compare logos, business names, URL addresses and contact details – if they don’t match up, steer clear!
  • Type the web address directly into your browser, rather than clicking on a link provided in an email or in an advertisement. This will help ensure you don’t get directed to a fake website.
  • Be cautious of sellers offering unbelievably low prices — if it looks too good to be true, it probably is!
  • Know what you’re buying. Read the description of the product carefully and check the size, colour, value and safety of the product.
  • Install and maintain the latest anti-virus software to flag untrustworthy sites.
  • Social media pages that have only recently been created or only have a few followers may be indications that they’re fake. And look out for pages where the conversation is one-way by the page owner only, with little or no engagement from the page’s community.
  • When shopping on a Facebook page, look for the blue tick next to page’s profile name. This indicates the page has been verified by Facebook.
  • When shopping on Instagram, check to make sure the page is public – a true seller is unlikely to make their page private if they’re out to maximise sales!

Learn more about fake online shopping site scams.

Pay securely

Ready to make your purchase? Use secure payment methods like PayPal, Bpay or your credit card – and never pay by direct bank deposits, money transfers or other unusual methods (such as Bitcoin), as you're unlikely to get your money back if you've paid a scammer.

  • Check to make sure it is a reputable site with a padlock symbol and ‘https’ at the start (not http).
  • If paying by PayPal, select the ‘payment for goods/services’ option. If a seller instructs you to make the payment ‘to friends and family’ rather than ‘payment for goods’, this violates PayPal’s policies and voids the buyer protections.
  • If using BPay, use a legitimate biller code and customer reference number, and don't pay by direct transfers to bank accounts.
  • Never send your bank or credit card details via email.
  • Don’t click on a link received via SMS to pay – and never provide payment details over SMS.
  • Avoid doing any financial transactions when connected to public Wi-Fi.
  • Check your bank statements regularly for unusual transactions.

Online auctions

Online auctions can be a lot of fun and can help you find good deals, but they also attract scammers.

A common auction scam: Scammers claim that the winner of an auction that you bid on has pulled out, and offer the item to you for payment outside the auction site. Once you have paid, you won’t hear from them again and the auction site won’t be able to help you.

  • Always make your transactions within the auction website and avoid private contact with buyers or sellers.
  • Keep printed and/or electronic records of all bids, item descriptions, emails to and from the seller, and transaction records or receipts.
  • If making expensive purchases, consider using a reputable third-party escrow service to hold the funds until you receive your goods.
  • If the website uses a feedback rating system, check reviews and rating scores left by previous buyers.
  • Read the terms and conditions before using an online auction site or entering into any contracts. Established marketplaces like eBay, Etsy and CarSales offer dispute resolution processes if things go pear-shaped.

Watch out for fake parcel delivery scams

So you’ve shopped securely online and are now eagerly awaiting your goodies! Don’t let your guard down. Scammers send fake parcel delivery notifications to trick you into downloading malware or giving away your personal or financial details.

These notifications are typically emails or SMS messages that pretend to be from a legitimate parcel delivery business like Australia Post, DHL or FedEx, and claim that you have an ‘undelivered package’ awaiting your collection.

  • Be wary of messages that don’t address you personally, have few or no details about your order, or threaten to charge you a fee for holding an undelivered item.
  • Think before you click – remember Australia Post will never ask you to click a link to print out a receipt for parcel collection, nor will they ask you to update or verify your personal information.
  • If you’re unsure, call the organisation you suspect the message is from, but remember to use contact details from a verified website or other trusted source.

What to do if things go wrong

If you think you’ve been scammed there are steps you can take to limit the damage and protect yourself from further harm.

  • Contact your bank or financial institution. If you’ve sent money or your personal banking details to a scammer, contact your bank or financial institution immediately. They may be able to help stop a money transfer or cheque, investigate a fraudulent credit card transaction, or close your account if the scammer has your details.
  • Report to authorities. If you have been a victim of a crime (such as fraud) report it to the Australian Cyber Security Centre's ReportCyber.
  • Report scams to Scamwatch. Report the scam to the Australian Competition and Consumer Commission’s Scamwatch.
  • Contact IDcare. If you think you’ve been the victim of identity theft, act quickly. Contact IDCare on 1300 432 273 or use their free Cyber First Aid Kit to help you work out what to do.

And remember, if you deal with Australian companies, you’re covered by Australian Consumer Law and in a better position to solve any potential problems.