How to stay safe whilst online shopping

How to avoid getting more than you bargained for when shopping online

With over 3 billion people worldwide expected to shop online in 2026, shopping online has become second nature for many of us. Online platforms can now reach a vast number of customers, making it easier than ever for businesses to expand their audience. 

Although the convenience and variety are unmatched, the rise in e-commerce has also attracted an increase in cybercrime, leaving consumers vulnerable to:

• Identity theft
• Fraudulent websites
• Payment scams

Global e-commerce trends:

• The Asia-Pacific region remains the largest e-commerce market
• Latin America is noted as the fastest-growing region
• India’s e-commerce industry is projected to grow at 27% annually to reach $163 billion this year

As more people opt for the ease of buying from their devices, cybersecurity concerns grow. According to recent reports, cyberattacks on e-commerce platforms are steadily climbing, creating an urgent need for increased awareness and protection. 

With hackers constantly evolving their techniques, it’s essential to stay one step ahead by recognising common online threats before they compromise your safety. Scammers often use attractive promotions to lure customers into fraudulent schemes, so be cautious of deals that seem too good to be true.

That’s why MoneyHub has decided to share actionable tips and strategies for staying safe when shopping online. 

From recognising phishing scams to ensuring your payment information is secure, you’ll learn what to watch out for and how to better protect yourself whilst enjoying online shopping.

The Estonian situation: fraud on the rise

Estonia has not been immune to the global surge in online fraud. Recent data paints a concerning picture:

2023 fraud statistics:

• Fraud cases surged by 25%, contributing to a 4% overall rise in crime
• 18,300 incidents of card fraud using Estonian bank cards 
• €2.6 million lost to card fraud criminals 
• 5,800 payment order transactions affected by fraud, totalling €10.6 million 
• Over €3 million lost in the first six months alone 

2024 trends:

• During the first ten months, cyber incidents reached 4,950—an 88% increase 

Evolving threats:

The methods criminals use are becoming increasingly sophisticated. 

Police now warn that scammers use artificial intelligence to make phone calls in Estonian, imitating people the victims know and using local phone numbers. The risk is particularly high on platforms like Facebook Marketplace, where fake advertisements, fake profiles, and money extortion schemes under the pretext of “reservation” or “courier delivery” are common.

Estonian authorities emphasise that being careful and checking seller reviews remains critically important in combating this growing threat.

Is it possible to be 100% safe when shopping online?

Whilst online shopping offers convenience, it’s important to recognise that no system is completely foolproof. 

The reality is that being 100% safe when shopping online is impossible. 

Cybercriminals are continually finding new ways to exploit vulnerabilities, and even the most secure websites can be targeted. 

There are, however, best practices to make your online shopping experience much safer.

By following good security practices, you can significantly reduce your exposure to potential threats. Using strong, unique passwords for each of your online accounts is essential—never use the same password across multiple accounts, as this increases the risk if one password is compromised. Enabling multi-factor authentication, especially two-factor authentication (2FA), adds an extra layer of protection by requiring you to confirm your identity with a secondary code, such as one sent to your mobile device. 

Shopping on reputable websites with secure payment methods is just a few steps that can minimise your risk. It’s also wise to regularly monitor your accounts for suspicious activity and ensure your devices are up to date with the latest security patches.

The key to staying safe online is finding the right balance between convenience and security. 

Whilst it might seem easier to reuse passwords or save payment information for future purchases, using the same password for multiple accounts can — in many cases — open the door to cyber threats. Being proactive with your security measures may require a little extra effort, but it will protect your sensitive information and give you peace of mind during your online shopping experience.

Am I more likely to be scammed online during holiday periods?

In short, yes. 

You are more likely to encounter scams during the holiday shopping season. It should be noted that this doesn’t mean you’re necessarily safer shopping online during non-holiday seasons; it just means malicious actors typically increase their attempts and the number of targets during periods when more people are shopping online. Simply put, as e-commerce activity surges around the holidays, so do online scams.

Cybercriminals take advantage of the rush, knowing that consumers are more likely to overlook suspicious activity whilst hunting for the best deals.

Holiday-related scams are diverse and are becoming increasingly sophisticated. 

• Fake websites that mimic legitimate retailers can trick shoppers into entering payment details or personal information, only for their money to disappear. 
• Phishing emails offering “exclusive” discounts often contain malicious links that, once clicked, can compromise your devices. Scammers also use fake promotions to lure victims, so be wary of deals that seem too good to be true, as these promotions may be part of fraudulent schemes. 

In addition to phishing emails, cybercriminals frequently send suspicious links through messages and text messages, including SMS and social media posts, to deceive shoppers and steal personal information or money. Then, there are the all-too-familiar “too good to be true” deals, which lure shoppers with steep discounts on high-demand products, only for the goods to never arrive.

To stay safe during the holiday season, be cautious with unfamiliar websites, avoid clicking links in emails from unknown senders, and always verify the legitimacy of deals before making a purchase. By staying vigilant, you can protect yourself from holiday scams and still enjoy stress-free online shopping.

How social media ads manipulate you with FOMO tactics

Social media advertising has become one of the most powerful tools for online retailers—and unfortunately, for scammers as well. 

Platforms like Facebook, Instagram, and TikTok are flooded with advertisements that use fear of missing out (FOMO) tactics to pressure you into making immediate purchases.

You’ve likely seen them: 

“Only 3 left in stock!” “Sale ends in 2 hours!” “Limited time offer—buy now!” 

These urgent messages are designed to bypass your rational decision-making and trigger an emotional response.

The problem runs deeper than just pushy marketing. 

Many of these advertisements promote products from companies that claim to be based in Europe, lending an air of legitimacy and quality to their offerings. However, the reality is often quite different. These “European” businesses frequently operate as drop-shipping operations, selling cheap products manufactured in China that bear little resemblance to the polished images shown in the advertisements.

When the package finally arrives—often weeks later than promised—customers discover low-quality items that don’t match the description, are poorly made, or sometimes don’t work at all. 

The advertised “premium leather handbag” turns out to be plastic. The “designer watch” stops working after a few days. The “high-tech gadget” is a cheap imitation with none of the promised features.

Making matters worse, many of these companies make returns nearly impossible. 

They may require you to ship items back to China at your own expense (often costing more than the product itself), or they’ll offer a partial refund on the condition that you keep the faulty item. Some simply stop responding to customer complaints altogether.

Before clicking “buy now” on that tempting social media advertisement, take these precautions:

• Check Trustpilot and other review platforms for honest customer feedback about the company
• Search for the company name along with words like “scam,” “fake,” or “complaint”
• Look carefully at the website’s “About Us” and “Contact” pages—legitimate businesses provide real addresses and contact information
• Be suspicious of prices that seem impossibly low compared to similar products elsewhere
• Read the returns policy thoroughly before purchasing
• Consider whether the urgency is real or manufactured to pressure you
• Reverse image search product photos to see if they’ve been stolen from legitimate retailers

Remember: if an advertisement is pressuring you to buy immediately, that’s often a red flag. Legitimate businesses don’t need to use high-pressure tactics because they stand behind the quality of their products.

How do I know if my online payment is secure?

One of the most important steps in ensuring your payment is secure when shopping online is to verify that the website uses SSL/TLS encryption. 

This technology protects the information you send, such as your payment details, from interception by cybercriminals. To check whether a website is secure, look for “HTTPS” at the beginning of the URL and a padlock or a lock symbol in the address bar. If you see these indicators, the site is encrypting your data, providing an additional layer of security.

Using secure payment methods is another crucial aspect of staying safe online. 

Credit cards and trusted payment processors offer protections that are not available with other forms of payment. Most credit card companies provide fraud detection and allow for chargebacks if something goes wrong with your purchase. Payment platforms like PayPal also offer buyer protection, adding peace of mind.

On the other hand, it’s always wise to avoid direct bank transfers, debit cards, or cash for online shopping. These methods offer limited recourse if you fall victim to fraud, as your money is instantly withdrawn directly from your bank account or handed over with fewer protections. If your debit card is compromised or used fraudulently, contact your bank immediately to report unauthorised transactions and seek guidance on recovering your funds.

Here’s an excellent discussion explaining why debit cards should be avoided when making online purchases.

When checking out, only fill in the mandatory details required, such as your address and contact information, to streamline the process and reduce risk. 

Avoid sharing unnecessary bank details, as cyber criminals may use fake websites or malicious links to trick you into revealing sensitive information. Sticking to credit cards or established payment processing platforms is a smart way to keep your financial information secure whilst shopping online.

For more information on protecting yourself from online fraud, or to learn more about spordiennustused, visit MoneyHub’s guide to online fraud prevention.

Should I use a VPN when shopping online?

Virtual Private Networks, or VPNs, are becoming much more common in the consumer world. 

A VPN is a tool that helps secure your internet connection by encrypting the data you send and receive online. When you connect to a VPN, it creates a secure “tunnel” between your device—such as your computer or phone—and the website or service you’re using, making it much harder for hackers or other third parties to intercept your personal information. This can be particularly useful when shopping online, as it adds an extra layer of protection to your transactions, especially if you have no option but to use a public Wi-Fi network to make a purchase.

One of the main benefits of using a VPN is that it encrypts your entire connection, which can be crucial when shopping on unfamiliar networks, such as at coffee shops or airports. 

Public Wi-Fi is notoriously vulnerable to cyberattacks, and a VPN can help protect your sensitive data, like credit card numbers and login credentials, from being stolen. This risk is even higher when using shopping apps on your phone or computer over unsecured networks, as these apps often store personal and payment information.

Although a VPN is a valuable tool, it’s not a cure-all for online shopping safety — remember, there’s no such thing as being 100% secure. 

VPNs cannot protect you from scams, phishing emails, or insecure websites. Even with a VPN, it’s essential to check that the website you’re shopping on uses SSL/TLS encryption (look for “HTTPS” and the padlock or tuner symbol that we discussed above) and to follow other good security practices. 

A VPN adds security to your connection, but it won’t shield you from malicious websites or fraudulent transactions.

What are the most common online shopping scams?

Scammers are constantly finding new ways to trick people and unsuspecting online shoppers. Some of the most common online shopping scams target both your money and personal information, so it’s important to know what to watch for and stay vigilant. 

Scammers often focus on popular items like jewellery and clothing, making these products frequent targets in fraudulent schemes.

One major scam involves fake websites that are designed to look like legitimate retailers. 

These sites may offer popular items at unbelievable prices, but once you place an order, either counterfeit products arrive, or nothing shows up at all. Always verify a website’s legitimacy by checking for “HTTPS” in the URL, reading third-party reviews on platforms like Trustpilot, and avoiding deals that seem too good to be true.

Another common threat comes from phishing emails that appear to be from reputable retailers. These emails, as well as other types of messages such as texts and social media posts, often contain suspicious links to fake login pages or malicious sites designed to steal your personal or financial information. 

Before clicking any links, examine the sender’s email address and the message content for inconsistencies, and visit the retailer’s official site directly instead of clicking a link in the email if you’re unsure.

Finally, non-delivery and non-payment fraud are frequent during high-demand shopping periods. These scams often occur during fake sales, where a shopper makes a purchase but never receives the item, or sellers ship goods but never get paid. To protect yourself, use secure payment methods that offer buyer protection, such as credit cards or trusted payment platforms.

Note: Even legitimate-looking sales can be fraudulent, so always double-check the details before making a purchase and consult Trustpilot for independent customer reviews.

Is it safe to use public wifi to shop online?

Shopping online whilst connected to public Wi-Fi can pose significant risks and should be avoided unless absolutely necessary. 

Public wifi networks, such as those in coffee shops, libraries, airports, or hotels, are often unsecured — making them prime targets for cybercriminals. One of the biggest threats when using public networks is data interception, in which hackers can capture the information you send over the network, including your payment details and personal information. 

Another similar method used by malicious actors on public Wi-Fi is a man-in-the-middle attack (MITM), in which a hacker intercepts communication between your device and the website you’re using, potentially altering or stealing your data. This risk is especially high if you are shopping on your phone or through an app whilst on public Wi-Fi, as these are common ways people access online stores and make purchases.

If you have no option but to shop online whilst connected to public Wi-Fi, there are ways to minimise the risks. One of the most effective methods is using the aforementioned tool, a VPN, which encrypts your internet connection and helps protect your data from prying eyes.

For maximum safety, the best alternative is to use your mobile data, if available, or shop whilst connected to a secured private Wi-Fi network at home or in another trusted environment. These options provide much stronger protection and reduce the likelihood that your information will be compromised during an online shopping session. 

By being cautious about the networks you use, you can better protect yourself from cyber threats whilst shopping online.

Is it safe to save my payment information on websites?

Saving your payment information on websites for future purchases can be convenient, but it’s important to weigh the risks and benefits before deciding whether it’s worth the time saved by not manually entering your payment details. 

Protecting your personal details is crucial, as a data breach could expose not only your payment information but also sensitive personal information stored in your online accounts.

One of the primary benefits is the obvious convenience factor. 

Storing your payment details allows for faster checkouts, especially if you frequently shop on the same site. However, this convenience comes with significant risks. 

Data breaches have become commonplace in recent years, with reports indicating that more than 3,200 occurred in the U.S. in 2023. To put this into perspective, the number of reported U.S. data breaches in 2012 was only 447. 

If the website where you’ve saved your payment information is compromised, your financial and personal details could be exposed. In addition to data breaches, account takeovers are another growing threat. If a hacker gains access to your account, they could make unauthorised purchases using your saved payment information.

A safer alternative is to use trusted payment wallets or services like Apple Wallet or Google Wallet, which use tokenisation — essentially, a form of encryption — to secure your information. These platforms replace your card details with a unique, encrypted code for each transaction, meaning your actual card number is never shared with the retailer. This added layer of security makes it much harder for cybercriminals to access your financial information, even if the retailer experiences a data breach.

Whilst saving your payment information might make online shopping easier, opting for a more secure method, such as a digital wallet, can provide stronger protection for your financial data.

Online shopping tips from the cybersecurity experts + free tools

MoneyHub experts discussed key tips for both individuals and organisations who buy or sell online, so let’s face it, there is advice here that applies to all of us. Here’s a summary of the most frequently touted tips:

Online shoppers:

• Access websites by typing the name into the browser, rather than clicking links in emails — if the deal is that good, it will be featured prominently on the official website.
• Be sceptical of ‘too good to be true deals or products that are proving difficult to find elsewhere.
• Carefully check the website (domain) name and be wary of ‘lookalike’ names. For example, an r and n together (rn) can look very similar to “m” when you’re rushing to secure that deal.
• Using credit cards to make purchases online often provides additional protection against fraud — avoid direct bank transfers, debit cards, and advance payments.
• Report any suspicious activity immediately to your bank and the appropriate authority where you live — your payment details may be cloned and used to withdraw money or buy goods elsewhere.
• Never use public Wi-Fi when making an online purchase (if you have no choice, access the website via a VPN), and make sure you have antivirus and DNS protection in place.
• Check that the seller has a physical address listed, contact details, terms and conditions, and a return policy.
• Check seller reviews on Trustpilot and across different platforms, check the age of the website, and ensure it uses SSL (https:// and the padlock or lock icon — the “s” stands for secure, but this still does not guarantee the seller is good).
• Type the company/website name and “scam” or “fake” into a search engine to see what comes back.
• Contact the seller by phone, ask to see a video, or meet in person at a public location if buying from auction sites.
• Slow it down — there is no need to rush into anything, and if you’re not sure, don’t do it — trust your instincts.

Note: Always read all terms and conditions before making a purchase to fully understand your rights and obligations.

Online sellers:

• Ensure your website and systems are up to date with the latest patches — use a well-known and trusted platform if you do not have in-house IT skills.
• Use a firewall and security software, monitor logs, conduct penetration tests, and perform regular security scans.
• Use encryption for secure communication (SSL certification).
• Limit access to customer data by third parties.
• If you think a fraudster may be impersonating your website, take screenshots and report it to the relevant authorities.
• Consider creating your own online store to have more control over your branding, customer relationships, and profit margins. Building your own store allows you to create and submit product listings directly, giving you flexibility and ownership over your business.
• Do not rely solely on third-party marketplaces; having your own store is vital for long-term growth and profit retention.
• Understand the cost and fees associated with each sale, including what you pay to the platform or marketplace. Note that fees can vary based on the platform, product category, and fulfilment method.

Free tools and services to help you stay safe when shopping online

Just as cyber criminals have a large set of tools at their disposal, so do you as a privacy-centric shopper or seller. If you aren’t already using the trusted platforms listed below:

• CyberFlex – Powered by the Global Cyber Alliance and sponsored by Amazon, CyberFlex provides a safe space to explore, learn, and share experiences around cybersecurity and online scams. CyberFlex is particularly aimed at Gen Z young adults (ages 18-25) and contains targeted information including free tools, interactive guides, and text alerts to prevent, mitigate, report, and recover from scams and other cyber risks.
• Global Cyber Alliance Toolkits – Offer an impressively large collection of free tools and resources for individuals, businesses, and IT professionals to strengthen their cybersecurity. GCA’s Toolkits are often lauded for their easy-to-follow, step-by-step guides that help users protect against online threats, manage vulnerabilities, and enhance digital security practices.
• Quad9 – Quad9 is a free, public DNS security service that protects users from malicious websites by blocking access to known threats. It enhances internet safety by helping filter out harmful domains and provides privacy by not storing users’ personal data.
• Take9 – This campaign encourages people to pause and take nine seconds to think before they click, download, or share.
• APWG – A global coalition focused on combating cybercrime, specifically phishing attacks and related online threats. It provides resources, research, and opportunities for collaboration for individuals, businesses, and governments to prevent and respond to phishing and other forms of cyber fraud.
• Europol’s Public Awareness & Prevention Guides – Europol provides resources and advice to help individuals and businesses protect themselves from various types of crime, including cybercrime and fraud. These free guides aim to raise awareness, educate the public, and offer practical tips to prevent becoming victims of criminal activity.
• Cyber Readiness Institute – This organisation empowers small and medium-sized businesses to improve their cybersecurity practices through free resources, tools, and training.
• Cybercrime Support Network – This resource hub provides practical guidance for individuals, families, and small businesses to defend against cybercrime. It offers step-by-step instructions for preventing, identifying, and recovering from various online threats, such as identity theft, fraud, and ransomware attacks.
• Get Safe Online – A UK-based organisation that provides free, expert advice to individuals and businesses on staying safe and secure online. It covers a wide range of topics, including online shopping, privacy, fraud prevention, and cybersecurity best practices.
• Secure Our World – The US’s Cybersecurity & Infrastructure Security Agency (CISA) provides information on four easy ways to stay safe online and offers resources in multiple languages.

If you suspect a scam involving cash or packages sent through the mail, contact the USPS Postal Inspection Service for assistance in intercepting or recovering items.

The takeaway | how to stay safe shopping online

Staying safe whilst shopping online is more critical than ever, as cybercriminals continue to target unsuspecting shoppers. 

Although no method can guarantee complete protection, following best practices such as using secure websites, trusted payment methods, and VPNs can significantly reduce your risk.

By remaining cautious, regularly updating your security habits, and using available resources, you can protect yourself from online threats and enjoy a safer shopping experience. With the right knowledge and tools, navigating the world of online shopping becomes a lot more secure.

For more personal finance advice and tools, visit MoneyHub Estonia. 

If you’re considering using a credit card for safer online shopping, check out MoneyHub’s credit card comparison guide. To protect yourself from scams, review the list of scam phone numbers and tips on avoiding financial fraud.