Online Shopping Scams

Did you purchase goods or services that never arrived or didn't arrive as promised? Find out how to recognize, report and recover from an online shopping scam.

Step 1:Recognize

Red Flags of an Online Shopping Scam

If you are shopping online, there are some red flags to look for that may indicate that it’s a scam, such as:

  • The website or ad looks unprofessional or “sketchy.” This can be anything from typos and poor grammar to a generic web design.
  • The seller is asking for personal information before you even make a purchase. This includes things like your Social Security number, birthdate or phone number.
  • You can’t find any contact information for the website or business. A legitimate website should always have easily accessible contact information.
  • The website is offering a deal that’s too good to be true. Be especially wary of deals involving designer items, weight loss products and vacation packages.
  • You’re redirected to a different website during the checkout process.
  • You don’t receive a confirmation email after making a purchase.

Step 2:Immediate Actions

If you think you are the victim of an online shopping scam, it is important to take action right away to protect yourself and your finances. Here are some steps to take if you think you have been scammed:

  • Keep all documentation related to the scam, including any emails, messages or receipts. You may need to provide this information to law enforcement if you file a report.
  • Submit a complaint with the seller. If the seller doesn’t resolve the issue, you can contact a government agency or consumer protection organization for help, such as your local consumer protection officeBetter Business Bureau or your state attorney general.
  • Report the incident to the website or social media platform where the transaction took place.
  • If you provided financial information, like your credit card number or bank account information, contact your bank or credit card company right away. They may be able to help you cancel the transaction or get your money back.
  • If you paid using gift cards or a money transfer, contact the issuer. They might be able to help you stop the transaction.
  • If you provided personal information, like your Social Security number, you may be at risk for identity theft. Contact the three major credit reporting agencies – Experian, TransUnion and Equifax – and place a fraud alert on your credit reports. This will make it harder for the scammer to open new accounts in your name.

Step 3:Report

Reporting any type of cybercrime, including online shopping scams, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Step 4:Recover

Learn the Three Golden Rules to Spot a Scam

Scammers often utilize tactics to encourage you to act quickly and will use false information to persuade you to send money or personally identifiable information (PII). When faced with a questionable situation online, always follow the three golden rules to spot a scam:

Slow it down — don’t let the deal of a lifetime cloud your judgment. It’s important to take a step back and really evaluate an offer before you commit to it. Ask yourself questions like, “Is this too good to be true?” If the answer is yes, then it’s probably a scam.

Spot check — Do your research. A quick internet search can often reveal a lot about an offer or deal. If you’re unsure about something, it’s always best to err on the side of caution and do a bit of digging.

Stop! Don’t send — Before paying for the item or service, be sure to double check that the website or company is legitimate. If there are any red flags, such as an incomplete website or contact information, don’t proceed with the purchase.

Take 5 Steps for Better Online Security

Along with making sure you follow the three golden rules to spot a scam, it’s important to strengthen your online security to help avoid all types of online scams. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Use a Password Manager or Create Strong Passphrases: A password manager is a software tool that securely stores all of your login credentials in one place, allowing you to create and manage strong, unique passwords for all of your accounts. If you are unable to afford a password manager, use strong passphrases. A passphrase is a combination of random words or a sentence that is much longer and more complex than a typical password. Using a passphrase instead of a password makes it much harder for hackers to guess or brute-force their way into your accounts.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN