Cybersecurity: Guide to Secured Online Shopping

Online shopping or eCommerce has been around for ages, and in the past couple of years, more and more businesses have seen the online appeal shopping has on the buying public. It is a convenient and easy way for people to shop for what they need, whenever they need it.

One of the biggest reasons online shopping draws millions of shoppers daily is the guarantee of finding better prices. Primarily, this is because most online stores offer prices much lower than what you will see at a physical store. Another reason customers flock online is the convenience it brings. There is no need to dress up and drive to your favourite shops. All you need to do is go online, browse through websites, find the product you need, and have it delivered straight to your house. Variety is also another reason people have embraced online shopping with open arms, and this is why it has become a part of people’s everyday life. Shopping online has allowed people to find whatever product they need, no matter where in the world that product may come from, and have it delivered right at their doorstep.

Online shopping has become a great way of connecting people and businesses that would otherwise never have had the chance to cross paths with each other if the market remained traditional. While there are a lot of benefits and advantages to shopping online, we must not forget that cyber criminals are on a constant lookout for vulnerable individuals to take advantage of their compromised IT security.

Threats When Online Shopping


Phishing is the number one concern for most retailers. Fraudsters sometimes send emails to unsuspecting people pretending to be from reputable companies to trick them into divulging personal information such as passwords and credit card numbers. There’s also something that’s called spear phishing. These are emails tailored to appear like it’s from a family member, friend or favourite retailer. 

Another common thing these criminals do is set up a fake page that completely resembles a genuine shop website. Once the buyer inputs their personal or financial details, they become a victim of phishing.

Data Theft

Online shopping brings convenience and ease to the way we live these days. At the same time, when you visit an online shop and make a purchase, the credentials you entered are up for grabs by online attackers. 

From phishing, hacking the server of a genuine site to steal information is another way for cybercriminals to get their hands on your details. Once a hacker has in-depth knowledge about your name, date of birth, contact details, address and more, they can cause a substantial financial dent on the victim.


The most common cause of data loss includes malware. These enter malicious software enter infected websites and devices, downloads, and email attachments. Once inside the system, attackers can spy on your activities, track what you input in your computer, and redirect you to malicious websites. Remember that these malware authors target victims during times of high traffic, so make sure that you have trusted end-point security installed on your devices.

Do’s and Don’ts

Do Your Homework

As much as possible, only buy from well-known brands and cross-check information on their page to ensure that you’re making a deal with the official seller.

Check reviews, take the time to carefully read the fine print, including warranty, return and refund, customer service, and privacy policies, to know how the company will use your information.

You also need to beware of fake sellers who create fake websites that look precisely like genuine shop, and social media profiles with the intent to steal your personal information or your money. To verify if you’re on the right site, search other pages or accounts by that seller and compare logos, business names, URLs and contact details. If they don’t match up, then stay away. Another thing you can do is type in the web address directly in the search box to make sure you don’t get redirected to a fake one.

If you’re shopping on Facebook or Instagram, be wary of accounts that are recently created and have little to no followers or engagement. These may be indications that they are fake. Also, make sure that the pages are public, and look out for the blue tick next to the page’s profile name.

After knowing your seller, it is also essential that you know what you’re buying. Carefully read the description, and check the size, colour, value and safety of the item. Also, if the price is too reasonable to be true, it probably is. 

Use Secure Payment Methods

After ensuring that the product and seller are genuine, you also have to make sure that you use secure payment methods such as PayPal, Bpay, or your credit card. Never pay using direct bank deposits, money transfers or other unusual techniques such as BitCoin, as it is unlikely you’ll get your money back if you’ve sent money to a scammer.

If you’re going to use PayPal, make sure to select the ‘payment for goods and services option. If a seller instructs you to select ‘to friends and family, it will violate PayPal’s policies and void your buyer protection. If you decide to pay using Bpay, use a legitimate biller code and customer reference number.

The easiest yet one of the most important things to check is to make sure the website is reputable. Look for the padlock symbol and ‘HTTPS’ at the URL’s start, and not ‘HTTP. Remember not to send any financial detail via email or SMS and only to do it over secure connections and not public Wi-Fi.

Be Careful When Joining Online Auctions

Online auctions are exciting and fun and can help you find good deals. And as much as they attract auctioneers, they also attract cybercriminals. One common auction scam is when criminals claim that the winner of the auction you bid on has pulled out. They will then offer the item to you and ask you to pay outside the auction site. After you’ve paid, you won’t hear from them again, and the auction site will not be able to help you.

To protect yourself, only make transactions inside the auction site and avoid contacting buyers and sellers privately. Also, make sure that you document all bids, item descriptions, transaction records and receipts, and emails to and from the seller or buyer. Once you’ve decided to make a purchase, use the services of a reputable third-party escrow to hold the funds until the goods have been delivered. You can also check reviews and rating scores left by other buyers if there’s any. And lastly, be sure to read terms and conditions before using any online auction site or entering into any contractors. Etsy, eBay, CarSales and other established marketplaces offer dispute resolution processes that you can take advantage of if you encounter concerns regarding your transactions.

Delivery Scams

 I know that you’re excited to get your hands on your orders but never let your guard down. Ensuring that you shop securely is an excellent practice, but you should also be on the lookout for fake parcel delivery scams.

What cybercriminals do is send fake email or SMS delivery notifications to trick you into downloading malware or divulging personal and financial information. These notifications typically pretend to be from legitimate parcel delivery businesses like Australia Post, DHL or FedEx and claim that you have an ‘undelivered package’ that’s waiting to be collected.

Suppose the message doesn’t address you personally, have few to no details about your order, or threatens to charge you for holding an undelivered item. In that case, that message is most likely from a cybercriminal. Also, remember that Australia Post will never ask you to click any link to print our receipts for parcel collection, nor will they ask you to update any of your personal or financial details. 

If you’re still unsure after taking the first two measures, call the organisation but remember to use the contact details from verified websites or trusted sources.

Giving Tech Gifts To Your Kids

Toys, games, and devices connected to the internet are usually at the top of children’s wish lists, especially during birthdays and Christmas holidays. While they can have significant benefits, they may also potentially expose your child to security risks.

Some tech gifts may reveal your child’s location and personal details and allow others to contact your child without you knowing. So before choosing tech gifts for children and young people, check out eSafety Gift Guide. This guide informs carers and parents about what to watch out for with tech gifts and provides practical advice on keeping your kids safe, including setting up strong passwords, turning off location tagging and limiting the amount of personal information shared.

Poor Logistics and Long Delivery

Aside from security, long delivery times is another problem that many customers experience. Delays have been happening even before the pandemic started, and it has become an even bigger problem now that establishments, including couriers, need to reduce staffing due to social distancing.

You can expect things to get a lot busier now that the holidays are coming up. To avoid the rush of online shoppers and make sure that there’s plenty of time for your gifts to arrive before Christmas, do your shopping in advance and enjoy the season with your friends and family!

Be Careful of What You Share

Many of us prefer shopping online, especially during the holiday season to avoid the crowds at busy shopping malls. And just like that, cybercriminals have also shifted their focus on taking advantage of online shoppers. They will do everything to trick you into handing them your money or personal information through legitimate-looking websites or social media stores. They rely on you being busy when purchasing various items, so make sure never to let your guard down.

Remember to be smart about purchasing processes and trust your instincts when you shop online. When signing up for sale alerts, loyalty programs or creating shopping accounts, remember to protect all valuable personal information you use.

The retail sector is now one of the top five sources of data breaches based on the notifications the Office of Australian Information Commissioner (OAIC) has received. These breaches are caused by phishing and can have serious consequences, including identity theft. So be sure to be on the alert for suspicious emails or texts, make sure to use strong passwords, and be aware of the personal information you share online.

What to Do If Things Go Wrong

If you think you’ve sent your banking details to a scammer, immediately contact your bank or financial institution. They may be able to help you limit the damage by stopping a money transfer or cheque, investigating fraudulent credit card transactions or closing your account if your personal information has been compromised.

Another thing that you can do is report crimes like fraud to the Australian Cyber Security Centre’s ReportCyber, scams to the Australian Competition and Consumer Commission’s Scamwatch, or contact IDCare on 1800 595 160. Alternatively, head to the free Cyber First Aid Kit to help you work out what to do in case of identity theft. 

Also, always remember that you will be covered by the Australian consumer law as long as you’re dealing with Australian companies.

More Articles