We see customers every week who've been caught by fake online stores. They find a deal that looks incredible — a Dyson for $89, an iPhone for $199 — and a few days later they're sitting in our shop wondering where their money went and whether their identity has been compromised.
The store looked real. It had product photos, a checkout page, even a returns policy buried somewhere. But the products never arrive, the "customer service" email bounces, and the domain disappears within a month.
Fake online stores are one of the fastest-growing scam categories in Australia. They're getting more sophisticated every year, and they're not just stealing your money — they're harvesting your card details, passwords, and personal information.
This guide covers exactly what to check before you buy from any unfamiliar online store. These are the same things we tell our customers after they've been burned — and the things we wish they'd checked beforehand.
Red Flags to Check Before You Buy
1. Inspect the URL Carefully
This is the single fastest check you can do. Scam stores often use URLs that look almost right but aren't quite — think n1ke-australia.shop instead of nike.com.au, or jbhifi-clearancesale.com instead of jbhifi.com.au.
Watch for:
- Misspellings — swapped letters, extra characters, missing letters
- Unusual domain extensions — .shop, .store, .top, .buzz, .xyz instead of .com.au or .com
- Recently registered domains — legitimate retailers have domains that are years or decades old; scam stores pop up days before a "sale"
- Hyphens and numbers substituted for letters — h4rvey-norman.com is not Harvey Norman
2. Too-Good-to-Be-True Prices
If every single product on the site is 70–90% off, that's not a clearance sale — it's a scam. Real retailers discount specific items. They don't slash everything by 80% across the board.
Compare the price to the same product on well-known Australian retailers like JB Hi-Fi, Officeworks, or Amazon AU. If the "deal" is dramatically cheaper than every legitimate store, there's your answer.
3. No ABN or Physical Address
Under Australian Consumer Law, online businesses selling to Australians are required to provide a way for consumers to identify the business. Legitimate Australian retailers display their ABN (Australian Business Number) and a physical address. If you can't find either, that's a serious red flag.
Some scam stores will list a fake ABN or a random address. You can verify any ABN in seconds at abr.gov.au — if it doesn't exist, or it belongs to a completely different business, walk away.
4. Suspicious Payment Methods
Legitimate stores offer multiple payment options — credit card, PayPal, Afterpay, sometimes even bank transfer alongside other methods. Scam stores often push you towards payment methods that are hard to reverse:
- Cryptocurrency only — once it's sent, it's gone
- Direct bank transfer only — no buyer protection
- Gift cards as payment — no legitimate business accepts iTunes cards as currency
- Wire transfer services — Western Union, MoneyGram
If PayPal and credit card aren't available, don't proceed. These payment methods give you chargeback rights if something goes wrong.
5. No Returns Policy or Vague Terms
Every legitimate Australian retailer has a returns and refund policy. It's not optional — consumer guarantee rights under the Australian Consumer Law apply whether the store acknowledges them or not.
Scam stores either have no returns page at all, or they have a page full of vague, contradictory language that was clearly generated by a template. If the policy doesn't make sense or contradicts itself, the store isn't real.
6. Stolen Product Images
Fake stores steal product images directly from legitimate retailers or manufacturers. The photos look professional because they were — they just weren't taken by the store claiming to sell the product.
Right-click any product image and select "Search image with Google" (or use Google Lens). If the exact same photo appears across dozens of unrelated sites, the store didn't photograph their own stock — because they don't have any.
7. Fake Reviews
Some scam stores display reviews directly on their site. These are almost always fabricated. Common giveaways:
- Every review is 5 stars with generic praise ("Great product! Fast shipping!")
- Reviewer names that don't match the country (all American names on an "Australian" store)
- Reviews posted within a few days of each other
- No negative reviews at all — every real store has at least a few
- Identical phrasing across multiple "different" reviewers
Search the store name on independent review sites like Trustpilot, ProductReview.com.au, or even Reddit. If no one's ever heard of it, that tells you everything.
8. No Social Media Presence (or Dead Accounts)
Real businesses maintain active social media accounts. Fake stores either have no social presence at all, or they have accounts with almost no followers, no engagement, and posts that started a week ago.
Check whether the Facebook or Instagram links on the site actually work and go to real, active pages. A "social media presence" that consists of three posts and two followers is not reassuring.
9. HTTPS Alone Doesn't Mean Trustworthy
This is one of the biggest misconceptions we hear. "But it had the padlock!" The padlock icon (HTTPS) only means the connection between your browser and the website is encrypted. It does not mean the business behind the website is legitimate.
Free SSL certificates are available to anyone in minutes. Scammers use them routinely. HTTPS is a basic technical requirement, not a trust signal.
Tools You Can Use to Verify a Store
You don't need to be a cybersecurity expert. These free tools can help you check a suspicious store in under five minutes:
Watch out for social media ads. A huge number of fake store scams now start with Facebook and Instagram ads. Scammers buy targeted ads showing unbelievable deals, often impersonating well-known brands. The ad looks professional, the "store" looks polished, and you're three clicks from handing over your card details. Just because an ad appears on Facebook or Instagram does not mean the platform has verified the business. Always research the store independently before buying — no matter how legitimate the ad looks.
What to Do If You've Already Paid
If you've already handed over money to a store you now suspect is fake, act quickly. The faster you move, the better your chances of getting your money back.
- Contact your bank or card provider immediately. Request a chargeback on the transaction. If you paid with a credit card, you have strong protections under Australian banking regulations. If you used PayPal, open a dispute through the Resolution Centre. The sooner you do this, the more likely you are to recover your funds.
- Report the scam to Scamwatch. Go to scamwatch.gov.au and file a report. Your report helps the ACCC track scam operations and issue warnings to other Australians. You can also report to ReportCyber.
- Change your passwords. If you created an account on the fake store, change that password immediately. If you used the same password on any other site — especially your email or banking — change those too. Our guide to checking if you've been hacked can help.
- Monitor your accounts. Watch your bank statements and credit card transactions closely for the next few months. Scam stores often harvest card details for later use or sell them to other criminals. If you see any unfamiliar transactions, report them to your bank immediately.
- Contact IDCARE if you shared ID documents. If the fake store asked for and received copies of your driver's licence, passport, or other identification, call IDCARE on 1800 595 160. They're Australia's national identity and cyber support service and can help you protect your identity.
Paid by bank transfer or crypto? Recovery is much harder. Banks can sometimes trace and recall transfers if you act within hours, but there are no guarantees. Cryptocurrency transactions are essentially irreversible. Report to Scamwatch regardless — your report still helps authorities shut down the operation.
Quick Reference
Do
- Check the URL for misspellings and weird domain extensions
- Verify the ABN at abr.gov.au
- Compare prices across multiple known retailers
- Use a credit card or PayPal for buyer protection
- Search the store name + "scam" or "review" before buying
- Run the URL through Google Safe Browsing or URLVoid
- Check for a physical address and real contact details
Don't
- Assume HTTPS means the store is safe
- Pay by bank transfer, crypto, or gift cards
- Trust on-site reviews — they're easily faked
- Click "buy" just because a social media ad looked professional
- Reuse passwords when creating store accounts
- Ignore your gut — if it feels off, it probably is
- Share ID documents with an online store
If it seems too good to be true, it is. This advice has been around for decades because it still works. No legitimate retailer is selling a $2,000 laptop for $199. Every single time a customer brings us one of these stories, the "deal" that caught their eye was the first red flag they ignored.
Already Been Caught? We Can Help.
If you've purchased from a fake store and you're worried about malware, stolen credentials, or identity theft, bring your device in. We handle scam recovery every week — checking devices for malware, helping secure compromised accounts, removing suspicious software, and making sure your personal data hasn't been further exposed.
Services include: virus and malware removal, password and account recovery, security checkups, and identity protection guidance.
Book a Security CheckupRelated Scam Guides
Frequently Asked Questions
How can I tell if an online store is legitimate in Australia?
Check for an ABN and verify it at abr.gov.au. Look for a physical address, a proper returns policy, and multiple payment options including PayPal or credit card. Run the domain through a WHOIS lookup to check when it was registered — legitimate businesses rarely operate from domains registered days ago. If the prices seem too good to be true, they almost certainly are.
Is a website safe just because it has HTTPS and a padlock?
No. HTTPS only means the connection between your browser and the server is encrypted — it does not verify who owns the site or whether the business is legitimate. Free SSL certificates mean scammers can add HTTPS to a fake store in minutes. You need to check other factors like domain age, ABN, contact details, and return policies.
What should I do if I paid a fake online store?
Contact your bank or card provider immediately and request a chargeback. Report the scam to Scamwatch. If you created an account on the fake site, change your passwords — especially if you reused the same password elsewhere. Monitor your bank statements for further unauthorised transactions.
Are Facebook and Instagram shopping ads safe?
Not automatically. Social media platforms do not thoroughly vet every advertiser. Scam stores routinely buy ads on Facebook and Instagram, targeting Australians with too-good-to-be-true deals. Always research the store independently before purchasing — check reviews outside the site, verify the ABN, and look for a returns policy before handing over payment details.
Can I get my money back after being scammed by a fake store?
If you paid by credit card or PayPal, you have a reasonable chance of recovering your money through a chargeback or dispute. Contact your bank within 24 hours for the best outcome. If you paid by bank transfer or cryptocurrency, recovery is much harder — report to Scamwatch regardless, as your report helps authorities track and shut down scam operations.