One in 10 spend £8,000 a year online
A record 39 million people are now shopping online, according to official statistics.
It is estimated that some 76% people have made online purchases in the last year, equivalent to one million more people than last year.
Typically people spent between £100 and £500 in the past three months, though 9% of people spent over £2,000, equivalent to at least £8,000 a year, the Office for National Statistics (ONS) reported.
Consumers were most likely to buy clothing and sports goods, followed by household items and making travel arrangements.
Some 90% of under-35s made purchases through the web, though half as many pensioners (42%) did so.
The main reasons for avoiding internet shopping were a preference for buying from a person (56%), worries about security or privacy (27%) and not knowing how to shop online (19%).
Online banking is still growing at a steady rate, rising 3% for each of the last four years. The ONS estimates 29 million adults banked online in the past three months, but one in seven people (14%) still have safety concerns about banking online.
Online security expert Ryan Wilk, of NuData Security, said: "Online and mobile banking is among the most attractive targets for cybercriminals and hackers, and face constant assaults. We have witnessed it escalate over the past couple years tremendously and seen attack vectors change almost monthly.
"While online banking is becoming more and more convenient, all of this exposes banks and customers to a whole new breed of fraud."
According to the ONS, 3% of people have been affected by 'phishing' scams - where users are tricked into giving out their details - and 2% of people have had their debit and credit cards used fraudulently.
Phishing scams are typically fraudulent email messages from seemingly legitimate sources (your internet service provider, mobile phone provider, bank etc). These messages usually direct you to a counterfeit website or ask you to divulge private information (password, PIN, credit card numbers, or other account updates), which is then used to commit identity theft.