Shopping online safely
While shopping online has price and convenience advantages, it can also come with online security risks.
Safe online shopping involves establishing enough trust that the online vendor:
- is who they say they are
- will deliver exactly what you ordered in good time
- has measures to keep your personal information and payment details secure, and
- is contactable, should there be a problem with your online shopping order.
At CERT NZ, we have seen a rise in websites operating from overseas that make it look like they are a legitimate New Zealand business. They might use a .co.nz URL, a New Zealand phone number, an image of a New Zealand flag, or state that they are New Zealand based, when in fact, they’re not. This leads people to believe that they are buying a product from a NZ-registered online shopping site because it ends in .co.nz, rather than a foreign scam site.
A common example that we’ve seen recently is foreign scammers setting up a website that claims to sell big brand shoes for very low prices, with a .co.nz web address. When people made the purchase, they received imitation shoes, or an entirely different product. In some cases some people did not receive anything.
If an online shopping site is not registered in New Zealand and something goes wrong with your order, you do not have the same legal recourse to set it right. New Zealand authorities will have little scope to investigate and there’s often no criminal footprint to follow.
Establish if the website is genuine
Establish whether an online vendor is genuine. You can check whether the owners of domain names are registered in New Zealand by visiting the New Zealand Domain Name Commission register. Check if they are a registered New Zealand companies in the Companies Register. Both databases include contact and ownership details.
Be wary of websites that:
- don’t list a physical address or have unusual contact information
- don’t display terms of trade (including return policies) or fully disclose costs (such as shipping and delivery). They may be bogus and should be treated with caution
- have significantly lower-priced goods. This should raise your suspicion that you might not get what you expect. If a deal is too good to be true it probably is.
Secure your sensitive information
When making payments online, check that you’re using a reputable retailer to make sure that only the people who should see you credit card details can. Some sites offer encryption services to protect your payment details, email and personal addresses, passwords, and other personal information.
The following tips will help you check the connection is secure:
- Look for a padlock symbol next to the URL in your browser. Alternatively, check the start of the URL starts with https:// rather than http://. This means that the connection from your browser to the web server is encrypted and no-one else can copy information you send. Don’t submit any personal information, such as passwords and payment information on a page that doesn’t have this.
- Use trusted payment systems, like PayPal, and avoid supplying payment details in an email.
- As best practice, it’s good to keep an eye on your bank or credit card statements for unusual activity.
Reduce your online shopping risk
Keep an eye out for certain signs that can indicate whether an online store is legitimate or not. If a site appears suspicious, try to verify whether it is genuine another way or avoid buying from them. Some signs that a website is suspicious are:
- poorly constructed sites, which can include bad spelling, grammar or design. These are often a tell-tale sign that something is amiss.
- sites that have an odd combination of brands or goods, such as trampolines and coffee plungers
- sites where the URL doesn’t seem to match what they’re selling. For example, if Bob’s Sporting Goods (bobssportinggoods.co.nz) was selling women’s high heel shoes.
- negative online consumer feedback and reviews. These offer clues about a company’s reputation.