As the holiday season fast approaches, online shopping is booming and the .au domain name system (DNS) is working overtime responding to .au nameserver queries and connecting consumers to local online shops.
According to Australia Post, more than half of all households across the country have spent time shopping online in recent months, and more than two-in-five Australian shoppers are planning to buy their Christmas presents online in November.
While online shopping provides people the opportunity to stock up on gifts from the comfort of their own homes, scammers see this as an opportunity to take advantage of unsuspecting victims.
To help you keep your personal information safe and avoid losing money via scams, we’ve compiled a list of 12 ways to shop online securely this holiday season.
1. Support local organisations that use trusted and validated .au domain names
When shopping online, look out for com.au, net.au and org.au domain names.
- com.au and net.au are the dedicated namespaces for commercial businesses in the .au. To be eligible for a com.au or net.au domain name, organisations need to be registered to do business in Australia, including companies that have an Australian Business Number (ABN) or Australian Company Number (ACN), and Australian trademark holders.
- org.au is the dedicated namespace for charities and non-profit organisations registered in Australia. Some charities and non-profits also operate online stores.
auDA accredited registrars validate that these businesses and organisations have a connection to Australia and meet the .au licensing rules, which helps keep .au trusted.
2. Be cautious of offers that seems too good to be true
Scammers often try to lure shoppers with unbelievable discounts. If an online shopping offer seems too good to be true, it probably is. With Black Friday and Cyber Monday sales in full-swing in the lead-up to Christmas, avoid clicking on advertisements promoting unlikely sales. Instead, make purchases through websites you trust.
3. Inspect the online shop for suspicious details
Spelling errors, poor grammar, missing contact details and no returns policy are all signs that an online shop may not be legitimate. If in doubt, move on to a trusted website instead.
4. Navigate directly to websites via your browser rather than clicking on links from emails, text messages or social media posts
Scammers use website links that are easily mistaken for those of legitimate and well-known brands. Avoid being directed to a malicious website by searching for retailers in your Internet browser.
5. Search online reviews to verify if an online store is legitimate
If you are unsure whether an online store is legitimate, search online reviews to check other customers’ experiences.
For online retailers using .au domain names, you can also search selected registration data on the WHOIS tool. This allows you to check who has licensed the .au domain name before you decide to make a purchase from them.
6. Check a seller’s profile before making a purchase on a social media marketplace
Social media profiles can be set up to resemble legitimate businesses or real people. Check the profile of the seller before you purchase an item and consider whether they have a sales history and when their profile was set up. A profile that has been set up very recently should be treated as suspicious.
7. Choose strong passphrases and enable multi-factor authentication
Prevent scammers from hacking into your accounts by using passphrases with a mix of letters (upper and lower case), numbers and symbols. Regularly update your passphrases and don’t use the same passphrase for all accounts – this could give scammers easy access to many of your accounts if one is compromised.
Where possible enable multi-factor authentication. This makes is harder for cybercriminals to access your account if your passphrase has been compromised. Multi-factor authentication requires steps in addition to your passphrase (such as a token or one off code) to access your accounts.
8. Use verified payment methods
Only use secure online payment methods. Look for and URLs that start with HTTPS (e.g. https://www.auDA.org.au). HTTPS (as opposed to HTTP) indicates that the website is operating over a secure connection and that the data between the user and the server is encrypted. You will also notice the padlock icon next to the domain name when you’re on the page.
Also look for trusted payment services such as PayPal and never make a payment via irregular methods such as bank transfers or gift cards. Cryptocurrency scams are also on the rise so be cautious of anyone requesting payment via virtual currencies.
9. Beware of fraudulent shipping notifications
Scammers are making use of increased package deliveries to send fraudulent text messages and emails claiming to be from delivery services. Be cautious of notifications about deliveries, especially if you are not expecting a package. If in doubt, do not click the link. Instead, manually check the status of your delivery by navigating to the delivery service website through a search engine.
10. Be alert to fake customs scams
If you are buying gifts from overseas this holiday season, be alert to fake customs scams. These scams may arrive via text message or email and include a link requesting you pay a customs duty or tax before your goods can be delivered.
Generally, goods valued less than AUD $1,000 are not subject to duties, taxes or charges. However, if your goods are valued more than AUD $1,000, you will receive a notice from Australia Post advising you to lodge an Import Declaration and pay associated fees.
If in doubt, do not click any links and visit the Australian Border Force website for more information.
11. Report suspicious domain names
Thanks to strict registration and validation requirements, the .au domain experiences significantly lower levels of DNS abuse (such as phishing or malware) than the global average. Only around 0.04 percent of .au domain names are associated with DNS abuse.
However, if you come across a suspicious .au domain name, lodge a complaint with the registrar that issued the domain name licence. The registrar will review the domain name in line with the .au licensing rules. Where fraudulent information is used to register a domain name, the licence can be suspended or cancelled from the registry.
If you do not know who the relevant registrar is, you can look up the name of the registrar in the WHOIS tool and then contact them to lodge your complaint. More information about complaints in the .au is available here.
12. Help others be scam aware
Being aware of scams is one of the best ways to protect yourself and others. Read a summary of our discussion with the ACCC and IDCARE to learn more about the psychology of scams and how speaking up on scams helps protect the community. Then, share this blog with a friend or loved one who you know will be online shopping this Christmas to help them stay secure online, prevent them losing their hard-earned money to scammers, and ensure everyone can have a very merry Christmas.
If you think you have been the victim of a scam, report it at www.scamwatch.gov.au. The website also has a range of information about to help you identify the latest scams. Victims of scams can also access support services at www.idcare.org.
