COVID-19 has triggered a fundamental shift in consumer shopping behaviour. 76% of online shoppers named convenience the most significant driver for buying on the net, even if that means higher prices, and confirmed that they were buying online at least once a month. 84% have sustained increased online shopping activities or even bought more frequently this year.  

These are some of the findings of the Australian eCommerce Report 2021, conducted by the Interactive Advertising Bureau (IAB) and Pureprofile with 1,000 Australian online shoppers. 

Ecommerce has also become a source of inspiration for finding new brands. Social media plays a significant role in exploring new products and making purchase decisions, especially for millennial shoppers.  

At the same time, 54% of online shoppers raised some concerns about the use of their personal data provided via loyalty or reward programs. And 30% of loyalty cardholders did not know whether their data was given to third parties.  

How to prevent holiday shopping scams 

With holiday shopping in full swing, it is more important than ever for online shoppers to brush up on their cybersecurity best practices to avoid phishing emails, social media scams or fake reservation confirmations for holiday travels.  

It is common practice to receive booking confirmations or order processing and shipping updates via email, text or social media. As many people still work remotely and access eCommerce sites with company devices outside the corporate network, there is a high possibility for holiday-themed phishing emails.  

Brand exploitation on the rise 

Top brands, such as Amazon, Apple, Microsoft, Facebook, or PayPal, with an international audience, are the main targets for cybercrime. Hackers insert malicious links disguised as tracking numbers into emails that look like legitimate correspondence. 

The 2021 Mimecast State of Brand Protection Report (SOBP) revealed that organizations of all sizes face the risk of losing customer trust, business continuity, and holiday sales to brand scams. What started with a triple-digit increase in 2020 has become a major threat this year, the SOBP report warns.  

For example, Mimecast Threat Intelligence security researchers discovered that over 5,000 domains that included the name “Amazon” were registered globally on a single day in October, with the bulk of them suspect. They also reported that 1,491 brands sustained over two attacks each, while 87 were attacked over 100 times. 

What to look out for when shopping online 

The challenge is to work out whether your seller is legitimate or a disguised scammer who published a fake advertisement or is offering items that are not theirs. Especially if the deal sounds too good to be true, think again before you hit the “Buy Now” button. Scammers will send pictures of items stolen from legitimate advertisements or pictures of themselves taken from stock images databases. Another warning sign is that the communication stops once you’ve paid, and you will never hear from them again, let alone receive your product.  

These are some of the red flags that online shoppers need to be aware of:  

  • You get asked for identification documents such as your driver’s license, passport or Medicare card number. 
  • You receive fake emails from eCommerce sites such as eBay or Gumtree. 
  • The online shop requests to use payment methods with limited protection, such as gift cards, money wiring services or PayPal’s ‘Family and Friends’ method, or cryptocurrencies. 
  • You receive emails with excuses for why the payment or item is delayed. 
  • You receive messages from buyers or sellers claiming they are on deployment in the armed forces, overseas, travelling, or unwell, and, therefore, can’t call, video call, or speak in person.  

What to look out for when selling online 

When selling online, be aware that scammers also often disguise themselves as legitimate buyers. As the National Australia Bank advises, they might:

  • Falsely claim that they have paid or overpaid you and request that you return some funds to them. 
  • Send you an email with falsified or altered receipts or money transfer confirmations, claiming to be from companies such as PayPal, eBay or your bank. 
  • Request you to pay upfront for shipping costs (or other expenses), promising to reimburse you at a later date.
  • Cease communication after you send the item, so that not only have you have lost the item, but also the money paid for postage and other services. 

In summary, we recommend strengthening your decision-making to stay alert and cyber safe this holiday season. And think twice before you click the order button.  


If you liked this article, you may also like:

Cyber Security Operations: it's not not about the tools alone

How cyber security impacts your SEO strategy

The challenges of running a modern day SOC


Taylor Cheetham

Campaign Manager