Buyers beware: ‘Tis the season of online shopping scams


Written by:

While consumers were already shopping more online, the COVID-19 pandemic accelerated this trend even more. But cyber thieves abound, and online shopping can come with various risks.

According to a new report from the Better Business Bureau (BBB), nearly 3 in 4 (74.8%) consumers lost money in an online purchase scam in the first eight months of 2021. Further, the median amount lost continues to rise yearly, from $76 in 2019 to $96 in 2020 to $102 in 2021.

Online purchase scams among the most risky

Online shopping scams reported to the BBB Scam Tracker have accounted for 35.3% of all scams reported so far in 2021, down from 38.3% in all of 2020 but up from 24.3% in 2019.

Per the BBB Risk Index, which evaluates schemes based on exposure, susceptibility and monetary loss, online purchase scams ranked among the three most risky from 2017 to 2020. So far in 2021, it’s the riskiest.


SPONSORED: Find a Qualified Financial Advisor

1. Finding a qualified financial advisor doesn't have to be hard. SmartAsset's free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes.

2. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you're ready to be matched with local advisors that can help you achieve your financial goals get started now.





RELATED: What Is Credit Fraud?

While consumers 65 and older have reported a higher number of scams so far in 2021 than in 2020, their susceptibility dipped — from 73.3% in 2020 to 64.4% in 2021.

But younger consumers report losing more money on these scams. So far in 2021, shoppers ages 18 to 24 say they’ve lost a median of $125, compared to the next-highest group (65+) at $108.

Meanwhile, a larger percentage of women are likely to report losing money to online purchase scams in 2021 than men (76.8% versus 72.6%, respectively). But men say they’ve lost quite a bit more money than women (medians of $140 and $100, respectively).

Credit cards are most common payment method reported in online purchase scams

Apparently, those pulling out the plastic have experienced a higher number of scams online. Credit cards are reported as the most common payment method (38.2%) so far in 2021. That’s followed by online payment systems (35.4%) and debit cards (11.6%).

Among the other payment methods cited by consumers:

  • Prepaid cards (3.1%)
  • Wire transfers (1.7%)
  • Cryptocurrency (0.6%)
  • Cash (0.5%)
  • Money orders (0.2%)
  • Checks (0.2%)

Another 8.5% cite “other.”

As for the top payment system types involved in online purchase scams, PayPal was reported the most, accounting for 45% of tracker submissions. Zelle (29%) and Cash App (19%) came in next. A far smaller percentage of online purchase scams were made on Venmo (3%), Apple Pay (2%) and Google Pay (2%).

In some instances, the lost money was recouped. Respondents who used PayPal or a credit card reported the highest ability to get their money back. On the flip side, those who used Cash App, a wire transfer or Zelle appear to have had a less likely chance of getting lost money back.

According to the BBB Scam Tracker, here’s the median dollar loss for online scams among payment system types:

  • Apple Pay ($750)
  • Zelle ($750)
  • Venmo ($700)
  • Cash App ($650)
  • Google Pay ($645)
  • PayPal ($90)

As you can see, the median loss for online purchases conducted over PayPal is far lower than the other payment systems. However, the greatest percentage of online purchase scams reported were made over PayPal.

To protect yourself from online scammers while shopping this holiday season, know the risks and protection policies in place from the payment methods you’re using.

If using a credit card, consider setting transaction alerts when a purchase is made online or over a certain amount. You can also sign up for a LendingTree account to monitor your credit.


The BBB pulled data from more than 55,000 online purchase scam reports submitted in the BBB Scam Tracker between 2015 and 2021. In addition, a survey was conducted from Aug. 11-20, 2021, that included respondents who reported online purchase scams in 2020 and 2021.

This article originally appeared on and was syndicated by

More from MediaFeed:

50 ways you can avoid getting scammed on Black Friday

50 ways you can avoid getting scammed on Black Friday

The holiday season is the most wonderful time of the year for scammers. And like everything else in 2020, these next few weeks promise to be a disaster. With this in mind, all eyes should be on Black Friday.

According to Adobe Analytics’ recent holiday forecast, online sales are projected to surge 33% year over year to a record $189 billion as “Cyber-week turns to Cyber-months” amid the ongoing COVID-19 pandemic.

This prolonged season of online shopping (and stress) will provide ample opportunity for phishers, smishers, vishers and identity thieves to pilfer your valuable personal and/or payment information. So, whether you plan to shop on the web or a brick and mortar store, extra vigilance is warranted. Here are 50 ways to avoid getting scammed on Black Friday — and beyond.

AntonioGuillem / istockphoto

Credit cards offer markedly better fraud protections than debit cards, which connect directly to your bank account. Many credit cards also offer ancillary protections, like purchase protection, price protection and extended warranties.

    Farknot_Architect / istockphoto

    Mobile payment platforms, like Apple Pay and Google Pay, use advanced technology, like fingerprint authentication and tokenization (in which credit card account numbers are replaced by randomly generated numbers) to provide brick-and-mortar shoppers with an added layer of security. Virtual credit cards similarly allow online shoppers to mask their financial accounts.

      No matter your payment of choice, check bank and credit card statements daily for suspicious or erroneous charges.

        artisteer / istockphoto

        Many financial institutions offer free transaction alerts that notify you when charges hit your account. These alerts can help you quickly spot fraud.

          If you notice something that shouldn’t be on your bank or credit card statement, call your bank, credit union or credit card company immediately to dispute it. Immediately cancel all compromised cards and request replacements.


            Never provide your payment information to anyone who calls you. Instead, hang up and contact the company directly to handle all transactions.


              Be similarly wary of turning over your address, phone number or, worse, Social Security number, to unsolicited callers. (It’s worth noting that there’s no reason a legitimate retailer would need that last one — the skeleton key to your identity — to process a purchase.)


                Make sure your smartphone, tablet and laptop are password-protected, particularly if you’re in the habit of carrying them around wherever you go.


                  Popular browsers, like Safari or Firefox, frequently issue updates to protect against scams. (Think of Google Chrome blocking you from visiting a suspicious website.) Make sure you have the latest version to protect yourself against new or emerging threats.


                    Protect yourself from malware by purchasing, updating, and upgrading antivirus software. Malware is malicious software designed to harm devices or glean data to commit identity-related crimes.

                      Stick to shopping when connected to your private Wi-Fi network as public Wi-Fi is a hotbed for criminal activity any time of year.


                        If you have to connect to the internet using a public network, do so with a virtual private network. VPNs encrypt data, making it much harder to intercept when transmitted through a shared or suspect internet connection.


                          Keep purchases concentrated to a one-to-two week window, if possible. Shop at reputable and recognizable retailers.


                            If you’re shopping at a retailer that is new to you, research the company’s standing on the Better Business Bureau website. You can also check a site’s status via Google’s Transparency Report tool.


                              Scammers aren’t exactly known for their five-star ratings. If a purported company has a bevy of bad reviews — or no reviews at all — consider that a cue to take your business elsewhere.


                                Minimize the odds of getting price-gouged by legitimate and illegitimate retailers alike by comparison-shopping across trusted websites before making a purchase.


                                  While shopping, check that a website url starts with “HTTPS” (vs. HTTP). This designation signifies that the site has a Secure Sockets Layer (SSL) certificate. SSLs ensure all data is encrypted.


                                    A green or gray padlock icon in your browser’s address bar also indicates that information, like credit card numbers, is encrypted when transmitted.


                                      Typos are a surefire sign of fraud. Check urls for slight modifications to a popular retailer’s name. (Think “” or “”.) You can hover your mouse over links in emails to see full urls without having to click on them.


                                        A strong password contains a random collection of uppercase and lowercase letters, numbers and symbols or a series of disassociated words, numbers and characters.

                                          filistimlyanin / istockphoto

                                          Never use duplicate usernames or passwords across any of your online accounts to limit your exposure in case of a data breach.


                                            Conduct a password audit before you start your holiday shopping — and after, to decrease the odds of getting hacked after the holiday season is over. 

                                              Credit: Tero Vesalainen / istockphoto

                                              Most online accounts allow users to enable two-factor authentication, or 2FA, which requires someone to login in with a password and a secondary credential, like a one-time code sent to a cell phone. Consider 2FA the equivalent of a lock on your front door: It won’t guarantee protection for your possessions, but it will provide a fair amount of security with minimal effort.


                                                Online auto-pay options or auto-fill settings are certainly convenient — but they’re also risky, leaving your credit or debit card information vulnerable to thieves if they compromise whatever protections you have in place.


                                                  This fine print can provide valuable information regarding the data a site collects, how it’s protected, how they use it and who else has access to it.


                                                    Malvertising occurs when criminals hide malicious code in ads on legitimate websites. Common schemes include pop-ups advertising free goods or services in exchange for filling out a survey or warnings that your device has been infected.


                                                      You can minimize exposure to malvertising by using an ad blocker, disabling Flash and Java and keeping all software systems updated.

                                                        Alina Rosanova / istockphoto

                                                        If you walk into a store, keep your purse and/or wallet close. Never leave it in your shopping cart, car or even a back pocket.

                                                          TongTa // istockphoto

                                                          Be equally vigilant about traveling light: Carry one card for charging your holiday purchases. Leave cash, your checkbook and your Social Security card at home (in a secure location, of course).


                                                            Thieves are known to install skimmers, devices intended to pilfer payment information and PIN codes, wherever and whenever possible. To mitigate risk, avoid non-bank ATMs, particularly if they’re outside or in areas with little foot traffic, and scan all machines for signs of tampering.


                                                              Memorize your PIN number instead of writing it down on your card or keeping it in your wallet. Never let a store clerk enter your PIN code for you. Do it yourself. Place a sticker over your credit card’s CVV code, that tiny three-digit number on the back of your card at the end of the signature box.

                                                                Deposit Photos

                                                                Compare the totals to the charges that appear on your credit card statements.

                                                                  industryview / istockphoto

                                                                  Criminals often steal account codes from gift cards that are easily accessible, so look for signs of tampering before purchasing one. It’s advisable to purchase gift cards close to Christmas and encourage recipients to use them right away.


                                                                    There’s a chance the unsolicited offer in your inbox is a “phishing” scheme. “Phishing” occurs when a scammer poses as a legitimate company or website in an attempt to get their targets to click on a link that prompts them to enter personal information or downloads malware onto their devices.


                                                                      Retailers will never send an unexpected attachment. If you receive an email from a seemingly legitimate retailer that contains an attachment, close the email and call the retailer directly.


                                                                        Phishing schemes don’t only travel by way of email. Avoid clicking on links in unsolicited texts, especially if the deal they’re touting seems too good to be true.


                                                                          In one of the tried-and-true scams of Christmas, fraudsters phish by sending their targets texts or emails about “delivery issues” or false-shipping notifications. Contact the sender directly if you get one of these communications.


                                                                            Avoid delivery issue scams by tracking your shipments via confirmation emails or password-protected online accounts.


                                                                              Dissuade porch pirates from stealing deliveries by installing a security camera or smart doorbell.


                                                                                Security cameras are a deterrent, but not a failsafe. Thwart thieves by having items shipped to a nearby store that offers contactless curb-side pickup. You can also have packages held at your local post office or, for example, stored in an Amazon Hub Locker.


                                                                                  Steer clear of freebies, discount codes, e-vouchers and sweepstakes making the rounds on social media. They’re often designed to harvest valuable personal information.


                                                                                    Back in 2016, hundreds of fake retailer apps flooded Apple’s App Store just in time for the holiday shopping season. The apps were ultimately removed, but scammers are still known to slip into the App Store or Google’s Play Store from time to time. You can avoid downloading a counterfeit app by checking the developer’s or company’s name for misspellings or typos, reading reviews and accessing the app via the company’s official website.


                                                                                      They are a scammers’ modus operandi. Be equally dubious of any sellers or resellers asking you to pay via a gift card.

                                                                                        BrianAJackson / Getty

                                                                                        Scammers will tug at your heartstrings via charity scams at all times of the year, so pause before giving. Instead, visit the organization’s website by manually typing in its URL or using search to find the link. You can also use Charity Navigator to confirm an organization’s authenticity.

                                                                                          LemonTreeImages / istockphoto

                                                                                          It bears emphasizing: You can skirt most online shopping scams by ignoring unsolicited links and verifying any deals, steals and promotions directly with the retailer.

                                                                                            Choreograph / istockphoto

                                                                                            Identity thieves make a living piecing together profiles or figuring out passwords by looking at photos, geolocational data or other seemingly innocuous information shared via social media platforms.


                                                                                            Online wish lists are designed to let your friends and family know what you want for Christmas, but they also provide scammers with an aggregate of your interests. Resist the urge to create one — or, if you must, adjust your privacy settings so that only particular people can see it.


                                                                                              A best practice any time of the year, never discard full bank or credit card statements in the trash. Identity thieves go through garbage in the hopes of obtaining payment or personal information.

                                                                                                PhotoBlink / istockphoto

                                                                                                Unfamiliar accounts on your credit report could be a sign of identity theft. You’re entitled to a free credit report from each major credit reporting agency every twelve months — and due to the COVID-19 pandemic, the bureaus are offering free weekly online reports through April 2021. You can request these reports from


                                                                                                Spread awareness by reporting any scams you encounter to the Federal Trade Commission. If you fall victim to fraud, file a police report and register a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).

                                                                                                Identity-related crime doesn’t have to ruin your holidays or your life. Many insurance companies, financial services organizations and employers offer cyber and identity protection products and services as a perk of your relationship either for free or at a deep discount.

                                                                                                Before you have a problem, it’s a good idea to contact your insurance agent, bank or credit card rep or the HR Department where you work to find out if they offer it, if you are already enrolled and if not, what you need to take advantage of it.

                                                                                                This article originally appeared on and was syndicated by

                                                                                                ismagilov / istockphoto

                                                                                                Featured Image Credit: