An opened combination lock sits on top of a laptop keyboard.

Scams online: how to stay safe

While you may be eager to embrace technology, it’s important to protect yourself in the digital world.

Top tips

Here are the top 10 best practices for you to follow:

  1. Passwords. Use hard-to-guess, unique passwords. Secure your accounts with your phone number. 
  2. Logins. Store your login information by using a passphrase or password manager. 
  3. Social media. Be a savvy social media user by selecting higher privacy settings and thinking twice before sharing personal information. 
  4. Devices. Protect your devices by setting a PIN or password and making sure your devices aren’t left unattended. 
  5. Banking. Keep your online banking information private. 
  6. Emails. Delete emails requesting personal information or urgent money transfers. 
  7. Locations. Only login to your accounts on computers you trust. Use your own devices when you can. 
  8. Privacy. When using shared computers, browse privately and log out of your accounts. 
  9. Virus protection. Restart your browser or computer if you're told it has a virus, and don't click on any virus alert messages. 
  10. Ad blocking. Use ad blocking tools for safer Internet browsing.

Each strategy is explained below.

Passwords: make them strong

Having a strong password is probably the most important thing you can do to reduce your risk online. These basic dos and don'ts can go a long way.

Password dos:

  • Do log out of your accounts when you're finished using them—ALWAYS.
  • Do consider using a password manager or app and two-factor authentication.
  • Do use long passwords with symbols, since they are more secure.
  • Do have a different password for each account.
  • If you do write your passwords down (although this is not advisable), keep them in a safe space that's far away from your computer/device.

Password don'ts:

  • Don’t use obvious passwords, like password, 123456, qwerty, letmein, dragon, shadow, abc123, master, sinatra, etc.
  • Don’t use passwords that someone who knows you can easily guess: birthdays, home towns, pets, relatives, etc.
  • Don’t share your passwords with anyone, and don’t let anyone see you type them in.
  • Don’t carry your devices and passwords in the same bag.
  • Don’t log in to your accounts on computers you aren’t sure are secure.

When deciding on your password, keep in mind that it shouldn’t be so difficult to remember that you need to write it down or tell someone about it. Age UK says a strong password should not be too short and should include a combination of letters, numbers and punctuation marks. The ideal password would be some obscure nonsense word that only has meaning to you.

It is always good practice to find out how strong your password is. You can use the online password Strength Test from Rumkin.com if you'd like to check this for yourself.

Logins: use a passphrase or password manager

If memorising a password is too difficult, you may want to try using a passphrase. A different sequence of words (like "Fido is a good dog") for each account can be written down and stored somewhere safe. Passphrases are especially helpful if you have the option for a longer password.

Another helpful option is a password manager. This tool stores encrypted and protected versions of all of your passwords in one place. Ideally, the password you use for your password manager will be the only one you need to remember!

Social media: be selective

A breach of privacy can sometimes cause more damage than a financial loss. You might feel like you have nothing to hide, but at the same time, you might not want all your affairs to be public knowledge.

To protect yourself from identity theft, here are some good habits for Facebook, Twitter and Instagram:

  • Don’t share things on social media that you don’t want associated with you. Your posts might live forever on the Internet.
  • Be careful about photos you share, particularly those that relationship scammers might use to trick you into revealing private information or sending money.
  • Adjust your privacy settings to restrict who can view your posts.
  • Don’t share everything online. Information such as your birthday, address history, likes and dislikes can easily be used to impersonate you.

If you do store photos, videos and important documents online through social media, you may want to plan what will eventually happen to this information when you pass away. The Digital Legacy Association suggests that you download a copy of all of your photos and videos from social media accounts and share them with a person you trust. You may also want to assign administrative access of your social media accounts to someone trustworthy. You can download a template Social Media Will from the Digital Legacy Association.

Devices: protect them with PINs

Preventing others from hacking into your electronic devices is an important part of staying safe online. You can safeguard your devices (and your information) by taking the following steps:

  • Turn on the screen lock from your security settings.
  • Don't use a pattern lock (PINs and passwords are safer).
  • Don’t leave your device unattended in public spaces.
  • Don’t write your access codes on the case of the device or keep them written down anywhere near the device.
  • Use anti-malware software if possible.

Banking: take care with financial information

The most common online banking scams typically happen when criminals trick you into proving information that opens the door to your account. Money transfers through job adverts, prepayment requests, false charitable donations, medication scams and other fraudulent actions can be avoided if you investigate before you send money or provide credit or debit card details for payment. And remember this: your bank will never email you or send you messages through the Internet.

Online banking and shopping can be used safely if you:

  • Discontinue any online transaction if your browser warns you that a website is not legitimate.
  • Be wary whenever someone requests money from you online; ask for advice from someone you trust if the request seems even the slightest bit questionable.
  • When checking out from an online store, be sure you are purchasing the things you really want (and not something that has ended up in your cart unintentionally).
  • Look up reviews, especially if you're planning to buy from a business you are unfamiliar with (a good source is uk.trustpilot.com for British businesses).
  • Never give others access to your bank account, PIN or banking apps. Protecting your identity is an essential part of staying safe online. (For more advice on this subject, visit the Protect your identity page from NI Direct.)

Your bank’s fraud helpline is a good place to start if you have any questions about online banking.

Emails: be cautious about requests for money

Citizen’s Advice offers these helpful tips on spotting signs of an email scam. They warn you to be careful if: 

  • Something comes out of the blue or from someone you don’t know.
  • Something sounds out of the ordinary, like you’ve won the lottery, or you’ve been invited to invest in an ‘amazing’ scheme but asked to keep it a secret. 
  • You receive an email message urging you to phone an expensive number (these start with 070, 084, 087, 090, 091 or 098) or make a quick purchasing decision (a trustworthy company will be happy to wait).

Since scammers may mimic familiar email addresses by changing a letter or two, always check to make sure the source is accurate. The email could look very official—it might claim to be from HM Revenue and Customs or come in the form of an invoice from someone you do know—but if it's unexpected, it's probably a scam. If in doubt, give the sender a call, but be sure use the phone number you have in your records (not the phone number included with the questionable email).

If you do receive an email that's suspicious or includes a request for your financial information, just delete it. Don't bother to respond. Even if you just request to be deleted from the email list, this signals to the scammer that your email address is legitimate. This can ultimately lead to a continued flood of unwanted emails in your inbox.

For more tips on how to Check if something might be a scam, visit the Citizen’s Advice website.

Locations: stick to places you trust

While it may be tempting to log in to your online accounts from an unfamiliar device or location, it's very important to avoid devices that are set up in places you don't trust. A computer in a public location like a library or store could be saving and storing your personal data without your knowledge.

Privacy: keep your details top secret

If you do decide to log on to a public device, try to follow these three tips:

  1. Use a private browsing mode (like Incognito) to keep your information safe.
  2. Make sure you don't save login information on a shared computer, and
  3. Fully log off when you are finished.

Virus protection: use software to stay safe

Antivirus tools and firewalls that come with your machine can protect you from computer viruses and other unwanted cyber intruders (like spyware, malware, worms and more). But even if you have virus protection on your machine, make it a habit not to open attachments or click on links in emails that come from suspicious sources.

Keeping your operating system, firewalls and antivirus tools up to date is good practice and should be part of your regular online routine. 

Ad blockers: avoid pop up ads the easy way

By installing ad blocker software on your machine, you can avoid clicking on messages designed to trick you into sharing information or making your machine vulnerable. Even if a message looks legitimate or seems urgent, it's more than likely some sort of scam.

If you're an advanced computer user, you may want to look into VPNs (or virtual private networks) for even more protection. These tools can block annoying ads, but they can also block scripts that track your online behaviour, prevent distracting banners and even speed up your web browsing.

    Other ways to protect yourself online

    Roughly half of all fraud crimes that happen each year take place online. Very often, these crimes go unreported.

    Being aware of the most common scams will help you avoid them. Here are few examples of scams that happen frequently:

    • Money transfer scams. These may be disguised as a transaction where you could be asked to provide information, such as your bank details, so that transfers can be made through a UK bank account and you will be paid generously for your trouble. This technique is used by fraudsters to launder money and could get you into serious trouble.  
    • Medication scams. You can be encouraged to buy some sort of wonder medication online that turns out to be fake or sometimes isn't delivered at all. 
    • Relationship scams. This happens when someone finds your details online, pretends to be interested in you and then tries to manipulate you into sending them money. 
    • Stranded traveller schemes. Scammers might pose as a friend or family member or pose as an authority figure and will then tell you that your friend or relative is in hospital or prison abroad. Using this information, the scammer will try to convince you to transfer money as soon as possible.

    For more information on common scams, visit the following pages:

    If you do suspect a scam, it’s a good idea to report it to an authority. That way you will help fight online crime and prevent others from being targeted by the same scammers. The following websites will give you more information on how to report a scam: 

    In summary, just exercise caution when you are online. Eventually it will feel as natural to you as any other daily activity. Visit this link for information on how to protect yourself from other forms of fraud.

    Listen to this page: