Shopping more safely online: telling a scam from a legitimate business

Many of us are comfortable shopping online but we also need to understand the risks of doing so. We can check out our online shopping carts ok, but how do we tell the difference between a scam site and a legitimate business? A few quick tips below can help you surf and shop with more confidence.

Key takeaways

  • Identify a scam site by looking out for ‘too good to be true’ deals, a lack of reviews (or dodgy looking reviews) and a critical eye.
  • Whenever it’s optional to fill in certain personal details, like a phone number, consider not filling it in. Personal details you don’t supply also can’t be stolen.
  • Set up a plan for what you need to do in case your bank account ever gets compromised so you can act quickly.

Secure or scam?

Have you ever seen a clear or green lock, or perhaps the word ‘secure’ just before the website (URL) address in your browser? 

Those signs seem reassuring but in reality, they say very little about the security of a website you’re visiting. They in fact only say that the link between you and that site is secured from eavesdroppers (such as a hacker snooping on a café’s Wi-Fi) which by-and-large isn’t relevant when you are shopping at home or otherwise not connected to public Wi-Fi. 

Worse, even criminals can secure their sites against eavesdroppers and be awarded with one of the locks.

It is a much better indicator, yet still only partially reliable, to identify scam sites by their promises of heavy discounts and a lack of customer reviews. Social media is a good place to search for reviews.

Limit how much personal info you give

Key to a strong defence is limiting how much personal information you enter when you sign up to newsletters or websites. If a company asks you for personal details, but the field isn’t marked as mandatory, you might want to consider leaving it blank. 

For example, if you place an online order, not every company makes it mandatory to enter your mobile phone number, but they might still ask for it so they can send you delivery updates in SMS messages. Unless you really need SMS updates, you might consider not giving them your phone number. 

The main aim is to avoid entering your details where they’re not required because personal information that you didn’t supply also can’t be stolen.

Planning for the worst

Things can of course go wrong and so preparation is important.

Many major financial institutions offer to reimburse fraudulent credit card transactions, but not all banks are the same, so speak to your financial provider to understand if, and how, you are covered. Plan ahead by checking your terms and conditions today to ensure you are covered if fraud occurs down the track.

But in general terms, banks may reimburse fraudulent purchases made against credit cards provided the fraud is reported within a certain period, often within 30 to 60 days. Speed here is often key.

Direct payment transfers, such as sending money via BSB and account numbers, or PayID, are not necessarily protected and are often outright ineligible for reimbursement.

Check your bank's fraud policy

Below are a few examples of banks that offer reimbursement for fraud, but make sure you do your own research and always contact your bank directly when in doubt.

Other planning resources

The website ‘Finder’ has a good article on online fraud and purchase protection you may find helpful. Again, check with your financial provider about their fraud reimbursement provisions and exclusions before making decisions.

Other payment providers like PayPal also reimburse fraudulent payments similar to banks, but check with your financial providers to ensure you are covered.

Get help

Knowing your bank’s terms and conditions, checking your statements often, and acting fast are the best ways to minimise the risk and fallout of fraudulent online purchases. Reducing the number of places that hold your personal information helps reduce the risk that information may be stolen or exposed.

Victims of identity theft and other forms of hacking can find themselves in a difficult place. Reporting your loss is important for government crime prevention, as is reporting it to local law enforcement, so please ensure you report your experience. 

If your identity is stolen or you experience other forms of cybercrime, be sure to visit IDCare, a respected government service which specialises in assisting victims of identity theft and cyber attacks.

Building your digital skills

No matter what your skill level is right now, we’re here to help you build your digital skills through our Learning Digital program or through skill building sessions so you can thrive in the digital world.

Related articles

Cyber security

Cyber security and safety: the things you need to know

Online safety

Staying safe online – Tips to get started

Two-step verification

Protect your account against unauthorised access