Cyber SOS: Shop Online Safely

How to Avoid Getting More Than You Bargained For

It’s that time of year again! Whilst we always need to stay vigilant, we often see spikes in targeted activity at specific times of the year – and now it’s the turn of shopping online. So how can we protect ourselves, both whilst shopping and selling online?

The Global Cyber Alliance got together on 10 November with a number of partners in a Twitter Chat (#GCAchat) to discuss key considerations for individuals and organisations who either buy or sell on the internet (so let’s face it there is advice here that applies to all of us!). The responses were phenomena with several recurring themes shining throughout the chat. 


  • Access websites by typing the name into the browser, instead of clicking on links in emails – if the deal is that good it will be featured prominently on the official website!
  • Be sceptical of ‘too good to be true deals’ or products that are proving difficult to get find elsewhere
  • Check carefully the website (domain) name and be wary of ‘lookalike’ names (an r and n together (rn) can look very similar to m when you’re rushing to secure that deal)
  • Using credit cards to make purchases online often provides additional protection against fraud – avoid direct bank transfers and advance payments
  • Report any suspicious activity immediately to your bank and the appropriate authority where you live – your payment details may be cloned and used to withdraw money or buy goods elsewhere
  • Never use public Wi-Fi when making a purchase online (unless you access the website via a VPN) and make sure you have antivirus and DNS protections in place 
  • Check that the seller has a physical address listed, contact details, terms and conditions, and a return policy 
  • Check seller reviews across different platforms, check the age of the website and that it uses SSL (https:// and the padlock sign – the “s” stands for secure but this still does not guarantee the seller is good)
  • Type the company/website name and “scam” or “fake” into a search engine to see what comes back 
  • Contact the seller via telephone, ask to see a video or meet in person if buying from auction sites
  • Slow it down, there is no need to rush into anything, and if you’re not sure don’t do it –  trust your instincts


  • Ensure your website and systems are up to date with the latest patches (use a platform if you do not have in-house IT skills)
  • Use a firewall and security software, monitor logs, conduct penetration tests, and regular scans
  • Use encryption for secure communication (SSL certification https:// padlock)
  • Limit access to customer data by third parties
  • If you think a fraudster may be impersonating your website, take screenshots and report it to the relevant authorities

This is just a snapshot, the full transcript is available here: where you will find verified information and resources from Get Safe Online, Take Five (to Stop Fraud), Scamadviser, APWG.EU, EC3 Europol, Scottish Business Resilience Centre, Cyber Readiness Institute, Cybercrime Support Network, Retail & Hospitality ISAC and Quad9 and ourselves to help implement many of the recommendations.

The author, Gill Thomas, is the Community Manager at the Global Cyber Alliance. You can connect with her on LinkedIn.