Safely Shopping Online

<  Back to Fact Sheets
Online shopping 

Online shopping has made the shopping experience more efficient and more accessible. Unfortunately, some websites are not as genuine as others. You may find you have been charged for a product you never receive, or that the vendor is asking you for identity documents in exchange for receiving your purchase. Low security on shopping sites means hackers can steal CC details. This fact sheet will provide some tips on how to safely shop online, and steps you can take if something goes wrong. 

Protecting yourself online 
  • Research the website/seller’s history and reliability. Reviews and comments from other buyers can help you ensure its authenticity 
  • Use secure payment methods like credit cards and PayPal. These may recover your money if things go wrong. Online shopping scammers will often ask to use money orders, wire transfers or a pre-loaded money card because they’re less secure. Scammers may also ask that you pay with gift cards from the genuine retailer. 
  • Check you’re on a secure web page. These pages begin with ‘https://’ and show a locked padlock symbol in the address bar. These will encrypt your data. 
  • Check if the company has complete, and verifiable, contact details, including street addresses. 
  • Be cautious of links to fake websites on genuine shopping websites and avoid clicking on pop-ups. 
  • Avoid shopping on public networks or Wi-Fi connections as your data is less secure on these networks. 
  • Don’t save CC details to websites. 

Protecting yourself online 
  • Unless you are signing up for a long term payment plan you should not need to provide identity documents as a part of the sale. 
  • Be aware of websites that advertise sales that seem too good to be true. Online shopping scammers may encourage you not to miss out on a particularly good deal. If you are unsure, research the website and find reviews. 
  • Read any refund or return policies, and ensure they seem fair. Genuine websites often have detailed descriptions on their policy. 
  • Ensure the website provides contact details for any customer enquiries. 
  • Don’t interact with sites that ask for too many personal details or ask for identity documents. They don’t need these. 
  • Keep track of your email confirmations, and make sure you receive one before you close your browser. Make a record of reference or receipt numbers. 
  • Make sure you understand the full cost of your purchase, including tax, shipping costs, and international transaction fees. 

Common online shopping scams 
  • Fake retailer websites: Scammers set up websites that look like the genuine retailer. The websites may advertise the same products at highly reduced prices and often charge you through unreliable payment methods. 
  • Online auction sites: Although online auction sites such as eBay are reliable, sellers may attempt to make a deal outside the website to scam you into giving them your money or details. Since these transactions happen outside their jurisdiction, the original legitimate auction site will not be able to help you. 
  • Online classified websites: Scammers may post fake ads on classified websites and you won’t receive what you purchased. Criminals may pose as buyers, and try and get your personal details, get you to refund money or pay advance fees for couriers etc. 

Responding to online shopping scams 

If you suspect your identity has been compromised, or if you have sent money to a scammer, there are steps you can take to limit damages; 

  • ‍If you have bought something online and you believe it may have been a scam, contact the retailer or auction service first. There may be a legitimate reason for your problem, or they may be able to help you recover from the scam. 
  • If you’ve sent banking details, contact your financial institution immediately and try to stop any possible transfers. If you paid by credit card, you may be able to arrange a charge-back through your financial institution. 
  • Assess any identity documents the scammer has access to, and contact the relevant agencies for advice. 
  • If you’ve clicked on any links or pop-ups, make sure to run anti-virus scans on any devices. 
  • Report any scam pages to ACORN. 
  • Be cautious of secondary scams that may attempt to use your details. 

Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.

  • The Services provided do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
  • The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.

While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the the Services or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440