Fraudproof online shopping: 4 ways to secure yourself against scams

Interested in all the Black Friday deals available online? So much to buy! So much to save! With the endless choices of purchasing online comes the risk of being fooled, but here's how to stay safe from scams and fraud when online shopping.

By Alex Brooks

Online shopping has changed our lives. And increased our rates of being scammed.

Australians lost more than $3 billion to scams last year, and the Australian Government has now set up a National Anti-Scam Centre to co-ordinate police, governments and regulators to prevent more losses.

A Queensland University of Technology 2022 report into online shopping scams found 32% of 1011 people interviewed for the study had lost money in online shopping fraud.

The 2 most common ways you’ll be ripped off online shopping are usually

  • Fake websites: which can look like genuine online retailers. Many of these offer luxury items at very low prices but shoppers receive a fake item or nothing at all.
  • Fake sellers: scammers can use fake reviews, classifieds and photos to pose as genuine sellers on classifieds websites like Gumtree or Facebook marketplace. The scammer may claim they are travelling and have someone deliver the goods to you once you have paid, but you probably won’t receive the goods.
    Read more on Scamwatch about product and service scams.

The big warning signs of a scammy online shopping site include:

  • A badly designed website with spelling mistakes. The links and the back button are broken or disabled.
  • Products are advertised at unbelievably low prices. If it looks too good to be true, it probably is! Selling discounted “luxury” goods is always a big warning, and items like designer sunglasses or bags can be counterfeit (or not even real). Be especially careful when shopping for popular or difficult-to-find items.
  • Payment by electronic funds transfer, a wire service, gift cards, or digital currencies such as Bitcoin.
  • The website provides no contact information - like a phone number, email or address - or publish information about privacy.
  • If a website does not allow payment through a secure payment service such as PayPal or a credit card transaction, then click away.
The new National Anti-Scam Centre says everyone should stop, think and protect when using online services for anything from shopping through to banking.

Tip 1: Buy local, buy Australian and check the URL

The Australian Government recommends shoppers check the credentials of a business before entering payment details on a shopping website.

Some shopping sites may look legitimate (or even mirror a legitimate site), but they’re designed to steal your sensitive information and credit card numbers or sell you counterfeits.

Only make online purchases on websites that have SSL (secure sockets layer) encryption. You can check in the browser bar that the URL begins with "HTTPS" instead of "HTTP" and displays a locked padlock icon, usually to the left of the URL or in the browser's status bar.

Secure connections are standard even on non-shopping sites, and a lack of SSL can be a red flag.

checking the Australian Business Number (ABN) listed in the contact details against ABN Lookup ( to verify that the business is legitimate.

Trusted brands usually have quality websites that include an About Us page, a Privacy Policy and terms and conditions.

Be wary of social media online stores that are new and selling products at very low prices.

Tip 2: Use secure payment and check your statements

Pay for your shopping using PayPal, PayID, PayTo or a Visa, Mastercard or Amex.

Consider using mobile payment apps like Apple Pay and Google Pay, which generate one-time-use authentication codes for added security.

Legitimate and big=brand payment systems usually offer another level of protection if something goes wrong.

Use the same card or payment system for all your online shopping. This way, it's easy for you to check the bank statement for this card regularly for any unusual transactions and contact your bank immediately if there's a problem.

Never use direct bank deposits, money transfers, or digital currencies like Bitcoin. It's rare to recover money sent this way.

One of the biggest red flags that you’re dealing with an online shopping scam is if the website asks for payment via wire transfers, gift cards, money orders, cryptocurrency.

Never use direct bank deposits, money transfers, or digital currencies like Bitcoin. It's rare to recover money sent this way.

One of the biggest red flags that you’re dealing with an online shopping scam is if the website asks for payment via wire transfers, gift cards, money orders, cryptocurrency.

Avoid sharing unnecessary personal details, like your date of birth, when shopping online. Providing too much information increases the risk of identity theft. Keep your data minimal whenever possible.

You'll never be asked for your card PIN (Person Identification Number) when you pay for something online, but you could be asked for the following details from your debit or credit card:

  • the 16-digit card number on the front of your card
  • the expiry date on the front of your card
  • the 3 digits on the back of your card, known as the security number, or 'CVV', 'CVC' or 'CVV2' (Card Verification Value).

Be cautious when entering sensitive payment information, like credit card details, while sitting in a public place or using a library computer. Try to always do your online shopping from the comfort of your home.

Tip 3: Have secure pass phrases on all your banking and email accounts

When purchasing something online you often need to set up an email-based account with the retailer. Make sure to use a different password for each account, and always use a strong password.

Better still, use 'passphrases' as passwords to create longer and stronger passwords.

Google suggests creating long passwords that are easy to remember by choosing:

  • A lyric from a song or poem
  • A meaningful quote from a movie or speech
  • A passage from a book
  • A series of words that are meaningful to you
  • An abbreviation: Make a password from the first letter of each word in a sentence
  • Avoid choosing passwords that could be guessed by people who know you (so don't use a pet's name or children's birthdays)

Even better - invest in a secure password vault or manager like LastPass or 1password so you don’t have to think about passwords and your device keeps everything secure.

Tip 4: Don't get caught in a gift card scam

If buying gift cards, buy them directly from reputable sources to avoid scams. Be cautious of gift card auctions and always check the gift card expiry date and guarantee policy.

Under Australian Consumer Law, businesses who sell gift cards must outline:

  • the conditions of gift card use, along with any restrictions
  • the expiry date (including the activation expiry date if the card needs to be activated before use)
  • any limitation on the number of transactions
  • whether or not the card can be topped up or reloaded with value.

Treat gift cards like cash - If you lose it or it is stolen, in most cases you will not be able to replace it.

Getting 'change' from a gift card will depend on the terms and conditions. If stated in the terms and conditions, the retailer is required to give you the rest of the money back in cash. If the terms and conditions do not state a cash back option for your change, the retailer can insist on leaving the remaining credit on the gift card or giving you a credit note instead.

Stay safe offline and online

Phishers also like to come out at Christmas time, so be wary of suspicious emails and SMS messages from well-known retailers - especially fake parcel delivery notifications or too-good-to-be-true offers encouraging you to get in quickly or risk missing out.

Don't respond to suspected phishing emails, text messages or phone calls, even if you think it would be fun to tease or trick them. It's best to avoid responding in any way.

Read Citro's guide to avoiding scams and how to avoid romance scams.

Citro offer

All Citro members can get a secure Visa debit card to shop online. Download the Citro App (iPhone only but Android will come soon) and link your Citro Card.

Back to feed
Not yet a cardholder?

Start earning cashback today
with a Citro Card

It's easy:

1. Download the Citro App on the App Store or Google Play
2. Apply for your Citro Card
3. Link to your bank account and activate your Citro Card
4. Earn cashback to spend on whatever you want, whenever you want.

For a limited time only, enjoy the premium Citro membership for free!

Get more out of life.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Learn how we collect and use your information by visiting our Privacy policy