When is it safe to shop online?Always check you are on a secured webpage if you want to buy things online, do banking, set up an email account or networking account, or give personal information.
If an address bar begins 'https' (instead of the usual 'http'), the connection between your computer and the site will be encrypted making the site more secure. You still need to check that the security is valid and up-to-date by checking the digital certificate.
Only type credit card details into websites where the address of the page starts with https:// (instead of the usual http://). Or use a secure method like PayPal or BPay.
Also, make sure you print and keep a copy of the transaction.
What are online auction or shopping scams?It is possible to buy almost anything over the internet these days. Unfortunately, scammers can use the anonymous nature of the internet to rip off unsuspecting shoppers.
Scammers can pretend to be selling a product—often very cheaply—just so they can steal your credit card or bank account details. Similarly, they may take your money but send you a faulty or worthless product instead—or even nothing at all.
Most online auction sites put a lot of effort into spotting scammers, which is why scammers will often try to get people to make a deal outside the auction site. They may claim that the winner of an auction that you were bidding in has pulled out, and then offer the item for sale to you. Once they have your money, you will never hear from them again and the auction site will not be able to help you.
Another common trick is for an online auction to be rigged by the scammers. If you are selling a product, the scammer can enter a low bid followed by a very high bid under another name. Just before the auction closes, the high bid will be withdrawn and the scammer's low bid will win. If you are buying a product, the scammer can arrange for 'dummy bidders' to boost the price up.
Other online shopping scams involve the sale of a product —such as a miracle cure or weight loss product—that does not live up to its claims. It can be very difficult to get your money back in these situations, especially if the other party is based overseas.
If you buy or sell online, you should also be aware of cheque overpayment scams.
Are there warning signs for a shopping scam?A product is advertised at a very low price.
The seller and any initial bidders have a very poor rating on an auction site.
The other party wants to complete the sale outside of the auction site (if you do this, you lose any protections that the site operator offers to their users).
The other party insists on immediate payment, or payment by electronic funds transfer or a wire service.
The online shopping website does not provide adequate information about privacy, terms and conditions of use, dispute resolution or contact details.
When is it safe to give personal information online?Always check you are on a secured webpage if you want to set up an email account or networking account, or give personal information.
If an address bar begins 'https' (instead of the usual 'http'), the connection between your computer and the site will be encrypted, making the site more secure. You still need to check that the security is valid and up-to-date by checking the digital certificate.
If you can't see the cybersecurity clues, don't give any personal details. No cybersecurity clues mean the page is not secure. It may also mean the page has been faked, to scam people.
How can I tell if a webpage is secured?A secured webpage will have the two cybersecurity clues: a locked padlock on the top or bottom of the browser window, and https:// in the address bar.
Click the locked padlock, and check that the digital certificate is valid (up-to-date). These clues mean that data will be encrypted, making it extremely unlikely that it can be used illegally, so it's safer for giving personal information like credit card details. If the padlock is open or the URL reads http://, the website is not secure.
What should I do if a site asks for personal information?If you can't see the cybersecurity clues, don't give any personal details. No cybersecurity clues mean the page is not secure. It may also mean the page has been faked, to scam people.
Does a padlock on the browser mean a site is secured?A browser padlock is a symbol to show that a website has a digital certificate.
You still need to click the closed padlock to check that it has an up-to-date (valid) digital certificate—that the dates in the 'valid' line have not expired.
Does 'https' mean that a site is secured?No, because 'https' can be present even if a site's digital certificate is not valid. This can happen for example if a digital certificate has expired (it's no longer up-to-date). That's why it is still important to also check the certificate itself.
What is a digital (security) certificate for?Sites with digital certificates have a locked padlock on the top or bottom of the browser window. Click the locked padlock to look at the digital certificate. You will know a site is secured if the digital certificate is valid (up-to-date) and has not expired.
Digital certificates are used on websites where you need to enter a password or give personal information. They are the way for you to find out the true identity of a site, or to know if a site is authentic.
A valid (hasn't expired) digital certificate means that data between your computer and the site will be encrypted.
What if the bank asks me to email personal information?Never message or email your personal details, password, account or credit card number to anyone.
Hoax or phishing emails usually seem to come from banks, Internet Service Providers, government agencies, web mail providers, and even universities, but they are fakes trying to trick you. Always delete them.
Where else can I get help?It's a really good idea to install the cybersafety Help Button on your computer at home or school.
The Help Button is free, and it's easy to download (just check first with your parents or teacher). The button icon will sit on your desktop or you can place it on the taskbar. Then, you can just double click it if ever you need help or advice about something that's happened online, or you want to report something you've seen that's gross.
You can use the Help Button to find out more about how to report online threats including cyberbullying, nasty or gross content or people behaving badly on social or game sites, or online scams.
Download the Cybersafety Help button
Scams can be reported online at SCAMwatch
You may also report a scam by calling 1300 795 995.
Where can I find out more about safe & secure transacting?
Check out the security advice on the website of your bank (or other financial institution). This will include information about the latest hoax emails.
You can find out more about safe & secure transacting by clicking these links:
Smart transacting at Stay Smart Online
Consumer rights and online shopping
SCAMwatch - Online Auction and Shopping Scams
Digital certificates and why it is important to check, Factsheet 9
MoneySmart, Australian Securities and Investments Commission