Protect yourself from online shopping scams

Online shopping events such as Black Friday, Cyber Monday and sales around Christmas, Boxing Day and the end of financial year can be a great time to find a bargain. Unfortunately, criminals see these shopping events as an opportunity to try and cash in for themselves.

In 2022, online shopping scams were in the top 10 scams by loss reported to Scamwatch with financial losses exceeding $9 million.

This article will help you understand how you can avoid common online scams by looking out for red flags.

Things to consider before you pay

Too good to be true

Even during special sales, it pays to be curious when offered an incredible bargain. If the price advertised for your purchase is just too good to be true, it’s worth investigating further. It’s a good idea to look at other websites to compare and investigate the store making the offer before making the purchase.

Is this a fake website for an online store? 

If you find an item being sold by an online store that you’ve never dealt with, do some checks before making a purchase to ensure they’re legitimate:

  • Do they have genuine social media pages? 
  • What is their refund policy? 
  • Consider doing a Google search and reading their reviews. 
  • Check the look and feel of their website including the resolution of branding and pictures. Lower quality images may indicate that the website isn’t legitimate. 
  • If you can’t determine if they’re genuine, it may be better to stick to a reputable store that you’re familiar with. This is especially true if the online store is overseas, as there’s no guarantee you’ll get your money back if it turns out to be a scam.

Pop ups, push messages and social media

Those bright and shiny ads that pop up on your screen when shopping online or using social media are clever and persistent marketing tactics looking to promote products or services. They can also be used to deliver malicious software, direct you to dodgy webpages, or fake sales. Check that your device’s virus protection is installed, working, and up to date, with a pop-up blocker.

Advertisements on many social media websites can also lead to fake offers, fake websites and cryptocurrency scams. To check out a deal, head to the genuine website or app independently to validate any offers that seem too good to be true.

Also be on the lookout for suspicious emails or text messages. If you receive an email or SMS with a sale campaign, go to the app or type the address into your browser to make sure you’re accessing the genuine online store. Criminals commonly use SMS and emails to direct people to fake websites looking to steal personal or financial information. Learn more about how to spot a phishing message.

Secure Wi-Fi

Data is a valuable resource, so it may seem attractive to save your own data and use the free Wi-Fi offered by many retail stores. Unfortunately, these connections are often unsecure and are targeted by criminals to gain access to devices and data being shared on that network. If you have to use public Wi-Fi, consider using a Virtual Private Network (VPN), opens in new window to create a secure connection. Avoid using free Wi-Fi to do any online banking or shopping, as this information may be exposed and misused.

How to protect yourself online

Follow these tips to help keep your identity and your money safe online. 

  • Make purchases directly through genuine online retailers, rather than through pop-ups, advertisements, email or SMS offers. Type the retailer’s website into your browser or download their official app from the Apple App Store or Google Play Store for Android.
  • Pay attention to the fine print - a lot of merchants will offer special rates as an introductory rate and increase the prices later or sign you up to a subscription service. Check the shipping amount and returns policy before you commit.
  • Remain vigilant for text messages about parcel deliveries that may be dodgy. Cyber criminals are known to send fake SMS posing as delivery companies like Australia Post or DHL to convince those who may be expecting a parcel to engage with them. If in doubt, contact the delivery company directly through their official channels.
  • Keep your receipts - they can be extremely helpful in resolving disputes down the track.
  • Use secure payment options that come with some protections, such as PayPal (not PayPal Family and Friends) or a credit card. Do not deal with sellers asking you to pay by gift cards or cryptocurrencies. 
  • Think twice about entering your credit card details into a website you’re unsure about. If it’s fraudulent, your card details could be used for fraud.
  • Do your own research and look for reviews. It is a good idea to check if the website you are researching has been associated with any scams. All you have to do is type “is this (website name) a scam” in your browser search engine.
  • Don’t use public Wi-Fi without a VPN if accessing or sharing confidential information.
  • Check your bank account regularly so that you can spot any unusual transactions and report them to your bank.

How we can help you

While personal vigilance is the best method of protection, our security teams work 24/7 to keep customers safe. If we spot suspicious activity with your cards or online transfers, we’ll take appropriate action and contact you to confirm if it’s genuine or not.

Read our buying and selling scams article for more information about staying safe while shopping online, or visit the ACCC Scamwatch, opens in new window website.

You can also stay up to date on the latest fraud and scam threats by regularly monitoring our security alerts page.

If you’re a NAB customer and believe you may have fallen victim to a scam, please call 13 22 65 immediately and ask for the Digital Fraud and Scams Team. If you want to report a phishing or scam attempt, please email or text 0476 220 003 (047 NAB 003).

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts


IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Related articles

Important information