The minefield of buying and selling online

Online marketplaces have transformed over the past decade. While it’s never been easier to buy or sell, it’s also never been riskier. Artificial intelligence, mobile-first commerce, and peer-to-peer platforms have created new opportunities and new threats. Whether you’re an occasional user or an online trader, staying safe in 2025 means understanding modern risks and adopting secure behaviours. This article highlights some of the essential areas for both buyers and sellers. I also refer to some older security awareness articles that are still relevant today.

How online threats have evolved

Online scams have evolved far beyond basic phishing and fake listings. Fraudsters now use AI-generated content to impersonate people, automate conversations, and create fake websites that closely mimic trusted brands. At the same time, there are many new entries to the market. Amazon and eBay were the pioneers, but they no longer dominate the marketplace.

• Threat actors use AI to create convincing fake profiles, listings, and customer service chats. It is harder to spot fakes because tell-tale signs such as poor spelling and grammar are becoming a thing of the past.

• Traditional auction sites are now part of a much larger, more fragmented ecosystem.

• Email protection and spam filtering have evolved, but so have fraudsters with more convincing emails, social media profiles, text messages, instant messaging, and in-app messages.

• Scammers now behave like real users, mimicking platform language, branding, and interfaces with ease, making scams harder to spot than ever.

• The Website Credibility Test (5^th March 2018) – Not all websites deserve your trust, even if they look professional. This article explores how poor design choices, such as fake search boxes (containing links), pop-ups, and sneaky opt-out purchases, often indicate dishonest business practices. It reminds readers that site behaviour directly reflects the people behind it, and you may be unable to trust it with your payment information.

Staying safe as a buyer

Buyers today must navigate deals across dozens of platforms, some offering little or no protection. Many scams involve off-platform communication or payment, which can void any dispute rights. Even when a transaction appears secure, scammers may attempt to use urgency or fear to push buyers into quick, irreversible decisions.

• Stick to platforms with formal buyer protection and avoid off-platform transactions.

• Use credit cards where possible, as they offer the strongest consumer protection.

• Enable Multi-Factor Authentication (MFA) on shopping and payment accounts.

• Be cautious with deals that seem urgent, emotional, or unusually cheap.

• Always double-check the seller ratings, the age of the account, and listing consistency.

• Confirm shipping costs and return policies before you buy. Consider the item’s location carefully as returning a low-cost item from overseas may cost more than the item itself.

• Deviation from the Norm (29^th June 2019) – Scammers don’t always ask for your money directly. They often ask you to behave in ways that feel unusual. This article highlights how fraudsters push victims into unorthodox payment methods like cash or bank transfers, offering excuses that sound urgent, emotional, or even official. Deviating from established norms, like not using a credit card, removes your safety net. The key message is simple: if the process feels off, it probably is.

Protecting yourself as a seller

Sellers face increasing pressure to provide a fast, friendly, and reliable service but also face rising risks from fraudulent buyers and chargebacks. Verifying payment, understanding platform rules, and setting boundaries are key to staying protected.

• Never dispatch items until you’ve confirmed cleared payment.

• Avoid off-platform messages that could void your ability to raise a dispute.

• Watch for overpayment scams and never refund a mistake before verifying the original payment in cleared funds.

• Understand how your platform handles refunds, chargebacks, and seller disputes.

• If in doubt, cancel the sale and report the user.

• Document what is available for the transactions, such as photographs, messages, proof of postage, and receipts.

• Unsafe financial transactions (16^th July 2019) – Despite years of warnings, unsafe transactions are still commonplace. This article explains why bank transfers, upfront fees, and cheques expose buyers and sellers to avoidable risk. It also describes how fraudsters manipulate trust by creating fake emergencies, fake job offers, and fake loans to trigger emotional decisions. Recovery is difficult or impossible once money is sent, especially outside of regulated systems.

• Reducing fraud with virtual cards (6^th March 2022) – Virtual cards act like a firewall between your real bank details and the internet. This article introduces how they work, why they matter, and where they’re most effective, especially against subscription traps, stealth auto-renewals, and websites that refuse to remove your card details. By generating a disposable card number for each transaction, you can cancel future payments instantly without exposing your real account details. It’s an innovative process in today’s risk-heavy digital economy.

Trust and transparency

Trust still matters, but it is getting harder to gauge. Reviews, profiles, and trust signals are now easily faked. Scammers often impersonate legitimate businesses or flood their accounts with fake reviews to seem credible.

• Look for account age, detailed feedback, and a history of similar transactions.

• Check for signs of review manipulation, such as the same comments across multiple sellers, and be suspicious of vague or overly glowing feedback.

• Use official company registers to validate business identities.

• Providing visible contact details and policies demonstrates transparency and builds trust.

Modern Security Hygiene

Cyber hygiene has become a baseline expectation for all users. Relying solely on strong passwords isn’t enough. Buyers and sellers must adopt multi-layered security measures to protect their money and personal information.

• Use a password manager to create and store strong, unique passwords. Don’t reuse passwords across multiple sites.

• Enable Multi-Factor Authentication (MFA) on every account that supports it.

• Avoid clicking on links in unsolicited emails or instant messages and go directly to the platform.

• Keep mobile apps updated and install only from trusted sources.

• Log out of platforms after transactions. Don’t rely on closing the browser tab.

• Time for some digital housekeeping (25^th February 2024) – The sheer number of online accounts we create has grown beyond what most people can realistically manage. This article looks at the long-term risks of account proliferation, from weak password habits to privacy exposure and an ever-expanding attack surface. It also critiques common website behaviours like blocking password managers (preventing the cut and paste of complex passwords) and unnecessarily requiring logins. With practical advice on using password vaults, enabling MFA, and deleting old accounts, it serves as a modern guide to cleaning up your digital footprint and regaining control.

• More on passwords (21^st January 2019) – This article revisits the basics of password security and why those basics still matter. It covers weak PINs, social media oversharing, and the risk of password reuse across multiple sites. It also touches on modern hacking tools that guess passwords based on personal information. Strong, unique credentials remain part of a solid defence.

What to do when something goes wrong

Even when you’re careful, things can still go wrong. Acting quickly and documenting everything improves your chances of recovering lost money or resolving disputes successfully.

• Save all messages, screenshots, emails, receipts, and postage confirmations.

• Report issues directly through the dispute resolution process.

• Understand payment protection options like PayPal Buyer Protection or credit card chargebacks.

• Monitor your financial accounts for unauthorised transactions after purchases.

• File complaints within the time limits mandated within the platforms.

• If necessary, escalate to consumer protection bodies or regulators.

Concluding thoughts

Online marketplaces are no longer just the domain of digital natives. While younger generations have grown up with e-commerce, many people who previously avoided online transactions are venturing into digital marketplaces for the first time. Whether out of necessity, convenience, or curiosity, this growing wave of new participants includes individuals who may be less familiar with the risks. That’s why messages around online safety, fraud awareness, and secure practices need to keep circulating.

The technology may change, but the underlying tactics of scammers remain the same. To paraphrase P.T. Barnum, “There is a victim born every minute”. Here are a couple more articles that remain relevant today.

• Caught in the Net (29^th January 2019) – Phishing is still a leading cause of online fraud, and it’s not going away. This article explains how phishing emails work, why they’re effective, and how they prey on urgency, fear, or empathy to trick people into clicking links or sharing sensitive data. It also explains how even experienced users can fall for realistic scams and why a cautious, verification-first approach to email is essential in today’s environment.

• Hit with the Spear (22^nd July 2019) – Spear phishing is phishing with precision. This article explains how scammers gather personal details from social media, CVs, and online profiles to craft highly believable messages. Unlike random spam, these messages are tailored to the recipient and often bypass spam filters entirely. The article breaks down the process, from initial research to final action, and shows why oversharing online can open the door to persuasive attacks.