Shopping online with confidence and minimising digital risks

We interviewed Cybersecurity expert Susan McLean for Real Home and Contents Insurance. 

Online shopping is a convenient way to get the things you need, when you need them – all without leaving the house. With the entire internet at your fingertips, you can find unlimited selections, incredible bargains, and faster shipping than ever before.

So it’s no wonder that 82% of Australian households are making an online purchase every year.

Unfortunately, the rise in e-commerce has brought with it an increase in cybercrime such as online scams and fraud. According to our Real Digital Risk Report, this is being reflected in the data – close to 7 in 10 Australians admit being highly fearful of online risks.

Here’s how to maintain digital privacy and improve cyber safety when you’re shopping online:

Understanding the risks: Exploring potential threats of online shopping

Online shopping payment scams are one of the most common types of fraud targeting Australians – making up 38% of all scams, according to our Real Digital Risk Report. That’s why it’s important to understand the risks of online shopping, so you know how to best protect yourself against them.

Protecting your financial security: What happens when someone gains access to your credit card?

When someone steals cash from your wallet, you only lose money once. But if they gain access to your credit card, they can drain your savings and rack up debt – by making purchases over and over again. In 2022 alone, Australians lost $577 million to fraud on payment card transactions.

Using your card numbers, scammers may be able to create duplicate credit cards, withdraw money from your bank account, or even open unauthorised loans or lines of credit under your name. All these actions can be very damaging to your credit score, taking a lot of time and effort to repair.

Safeguarding your identity: Dealing with the consequences of identity theft

Online shopping doesn’t just expose you to credit card risks – it’s also possible for a scammer to access other personal information and use it to steal your identity. In fact, almost one-third of Australians have experienced online identity theft.

Using your identity, cybercriminals could gain access to your welfare and health care benefits, open new bank accounts, file for your tax refund, or rack up speeding and parking tickets in your name.

If your passwords are weak, scammers might even be able to hack your email and take over your social media accounts – sending malicious links to people in your network or searching for sensitive information they can use to blackmail you.

But the impacts of online scams and identity theft are not just financial. They can also result in a wide range of negative emotions including psychological harm, emotional stress, fear and worry, and a loss of control.

Protecting your personal information online

While most of us use online shopping in our day-to-day lives and seldom think of the consequences, this is something we proactively need to change.

Cybersecurity expert Susan McLean provides her top tips when it comes to protecting your personal information online:

  1. Make sure all your accounts are locked down and secure. 
  2. Do not use the same password across accounts and always use two-factor authentication where possible. 
  3. Keep passwords safe and secure by using a password manager, this can help you remember them, so you don’t have to write them down. 
  4. Do not log into apps via any social media accounts. 
  5. Always log in and out with an email and password. 
  6. Make sure passwords/passphrases are strong and long and not shared. 
  7. Act immediately if you think there is a problem.

Minimising digital risks: Essential tips for secure online shopping

Here are our top tips to ensure that your online shopping experience is a safe one:

  • Always use a secure connection: Only buy from websites that have SSL encryption installed – look for the padlock icon on the left side of your browser and ‘https’ instead of ‘http’ in the URL. 
  • Buy from shops you trust: You can shop confidently at the online stores of major retailers – but beware of misspellings in the website name as this is one way that scammers can try to trick you.
  • Check sellers you don’t know: If you need to shop from an unfamiliar store, do your due diligence by looking at online reviews – and make sure the seller can be contacted in case of any issues.
  • Avoid offers that seem too good to be true: When prices seem too low, it may be that the seller got hold of the items illegally or they don’t actually exist.
  • Don’t provide more information than necessary: While you can expect to enter your address, email and method of payment, you should never be asked for things like bank account information, date of birth, and driver’s license number.
  • Create strong passwords: You may need to create an account to make a purchase, so make sure your password is unique and as strong as possible with a combination of characters, numbers, and letters – and that you change it regularly.
  • Use credit card or PayPal: Debit cards don’t offer the same protections that credit cards and PayPal do and may give scammers access to your bank account. Consider designating one card for online shopping so you can quickly shut it down if compromised without impacting other transactions.
  • Check your statements regularly: Instead of waiting for your credit card bill to arrive, you can review your transactions online and look out for any charges that you didn’t authorise.
  • Don’t shop in public: If you’re using your laptop somewhere like a cafe, prying eyes could be watching as you enter your credit card details. It’s also safest to use a virtual private network (VPN) when connecting to public Wi-Fi.
  • Pay with your mobile phone: You can set up mobile payment apps like Apple Pay or Google Pay to require your fingerprint, face biometrics, or passcode for each purchase – so even if your phone is stolen, a thief won’t be able to use them.

What to do if you've been scammed: Exploring your options and seeking resolution

According to Cybersecurity expert Susan McLean, if you’ve been the victim of an online scam, you need to act fast.

If a scammer has got hold of your personal identity information, you’ll need to take some additional steps:

  1. Let your financial institutions know, including your bank and super fund right away.
  2. Contact IDCARE on 1800 595 160 (weekdays between 8am and 5pm) – they can advise you on how to limit the damage.
  3. Update all your account passwords with new, stronger ones.
  4. Cancel and replace any compromised identity documents – such as your bank cards, driver’s license, or passport.
  5. Watch your bank account for any unauthorised transactions.
  6. Request a temporary ban on your credit report to prevent the scammer from taking out loans or credit cards.

For more assistance and support, you can contact Scamwatch or phone the Australian Cyber Security Hotline on 1300 292 371 (open 24 hours, 7 days a week). 

If the scam is causing you problems with debt, you can also speak to a financial counsellor – a free and confidential service to help get your finances back on track.

To further protect yourself and your family, it’s always a good idea to review your home and contents insurance policy, to make sure you are covered for any new online purchases that come through your door. Find out more about Real Home and Contents Insurance