The expert guide to safe shopping and avoiding fake websites in 2024

Join our crack team of F‑Secure cyber security specialists as they provide expert advice on how to spot fake web­sites and shop securely online.

The expert guide to safe shopping and avoiding fake websites in 2023

In this guide to safe shopping and avoiding fake web­sites we’ve enlisted the help of F‑Secure’s crack team of cyber security experts. *Cue voiceover*: If you have a problem. If no one else can help. And if you can find them… maybe you can hire — the F‑Team!

In this bumper collection of tips and advice, our team has covered a host of topics, such as: sticking with trusted shopping web­sites with a good reputation; paying attention to user reviews; avoiding the temptation to fall for the fancy ads in social media; being mindful of outdated advice; and many more!

And whilst our security specialists might not be able to build a tank from an old Renault and some farm equipment we can guarantee that they absolutely love it when a cyber security plan comes together.

(Once you’ve digested these tips on spotting fake web­sites and shopping securely, why not check out one of our previous guides? In these articles we’ve covered tips for safe online shopping, uncovered the best ways to spot online shopping scams, and revealed how to check website safety.)

Check new shops with F‑Secure’s free Online Shopping Checker

A new enticing shop, but can you trust it to be safe? Before you buy, check it with F‑Secure’s free web­shop checker. The results are based on very thorough security analyses that look into many aspects, such as how new the shop is, who hosts it, and so many more. It even goes through online reviews and comments about the shop.

So, before you buy, get a free safety check with F‑Secure Online Shopping checker.

Stick with known shopping sites with a good reputation

Top shopping sites are usually well‑known and trusted by many users, and they will have a large user base and positive reviews from those users, explained Sarogini Muniyandi, Senior Manager, Threat Protection Engineering at F‑Secure. So, sticking with the trusted retailers that you have made a purchase from before is always a good start. Also, be aware of the misspelling or typo-squatted sites to avoid landing on the wrong/scam website by checking the page’s URL address. And always ensure you know it’s a legitimate shopping website before placing an order, as a little research about the website could potentially safe you from falling victim to an online scam.

Don’t fall for fancy ads on social media

An ad on Facebook with good comments from users does not necessarily mean the shopping site is trustworthy, warned Abdullah Al Mazed, Senior Technical Product Manager at F‑Secure. On social media scammers can impersonate someone else to create fake product ads. Better to do a little bit of research online if it’s a shop you are ordering from for the first time.

If in doubt, use virtual payment cards

Virtual credit/debit cards are becoming increasingly popular, said Ash Shatrieh, Threat Intelligence Researcher at F‑Secure. And it is strongly recommended to use them when shopping online, especially for less-known web­sites, as they contain disposable information (like card numbers) which can be used only once, which means fraudsters can’t use them for fraudulent trans­actions later on.

Fresh store? Browse with caution

If you are visiting an online shop that was established recently, or it is your first time making a purchase on this particular store, be extra cautious, said Khalid Alnajjar, Threat Data Researcher at F‑Secure. Creating new web stores, including fake ones, is getting easier and can be done in a few hours — especially with the aid of AI. To reduce the risks of falling for fake web­sites, search for any warning cues. If the company does not provide details about them­selves, does not exist in official governmental registrars, or the domain has been created in the past few months, you should be suspicious.

Lie more, share less, save nothing, delete every­thing

You cannot control what each legitimate shop will do with your data, nor how well they will protect it, Fennel Aurora, Product Management Community Lead at F‑Secure cautioned. “The only way to truly avoid annoying leaks is by never giving them the data in the first place. The three key tools for this are:

  1. Lie where it is safe to do so, deliberately misspell things like your name (it will still arrive in the post but will be hard to find in leak dumps) or give fake information where it doesn’t matter.
  2. If you don’t need to share information to complete your trans­action, don’t share it — if the field is optional, don’t fill it.
  3. Don’t save your information, especially home addresses and card details, or delete them after you finish if the shop allows that.”

There’s no silver bullet

It used to be relatively easy to spot fake web­sites: just look out for bad grammar or the missing lock icon in the address bar. However, this advice — while still commonly shared — is outdated, said Joel Latto, Threat Advisor at F‑Secure. Criminals are able to create very convincing fake stores, and they are using every trick in the marketing playbook to promote them through ads and social media posts. There’s no one thing to look out for anymore. Instead, we have to stay alert (and have a healthy amount of suspicion) throughout the purchase journey, from the moment you see an ad to the point of making a trans­action.

If it is too good to be true, it probably is

If the online shop’s prices are too good to be true, they probably are, explained Mika Lehtinen, Director, Research Collaboration at F‑Secure. Legitimate shops tend to sell products at competitive prices. Whereas fake shops may offer products at prices that are noticeably lower than the prices of legitimate shops, in order to lure people in to make a purchase. If you encounter a shop with exceptionally low prices, pay extra attention to other potential indications of a scam.

It’s not just about fake web­sites

With the rise of shopping apps, keep in check the apps you down­load and remove them when they are no longer needed, said Calvin Gan, Senior Manager, Protection Strategy at F‑Secure. Always ensure that the apps are down­loaded only from the official store (such as Play Store, App Store, Huawei Gallery). Any shop which requires you to down­load their app beyond official stores should be treated as suspicious and it is recommended not to install them.


Avoid scam shopping sites with Total

F‑Secure’s Browsing Protection (included in F‑Secure Total) enables you to evaluate the safety of shopping sites and prevents you from unintentionally accessing harmful URLs.

  • Quickly identify safe sites in your search results

  • Block scam web­sites automatically

  • Get feed­back on potentially harmful sites with safety ratings

Read more about Total