Here are some simple tips to help you stay safe and secure when you’re using websites and apps.
Unexpected SMS messages
If you’re not expecting an SMS message, for example you’ve not placed any online orders and you receive a delivery message, check it directly on the company’s website. Don’t interact with the SMS itself, such as clicking on any links.
Mobile application downloads from unofficial sources
Applications should always be downloaded from the official app store for your phone. This could be the Google Play store, Apple Store or other vendor-specific stores. If anyone asks you to download it from another website, or to change your settings to allow the install of unknown apps: close the website, delete any downloaded files and report the SMS message by forwarding it to ‘7726’.
Links in SMS messages
Just like with our advice on phishing emails, check the domain name in the link (i.e. our website domain is www.uw.co.uk) to see where it really goes. For example, if a message mentions tracking a delivery on ‘DHL’, but the domain name in the link has another unrecognisable reference in it - it is not a legitimate DHL SMS or website link. If you’re ever in doubt, you should visit the company website directly or by using a search engine rather than clicking on the link in the SMS.
If you believe you've been a victim of an SMS scam, please follow the advice from the NCSC here.
Especially if they ask you to give them any personal information, log into your online accounts, or make unexpected payments. Scams can happen over the phone, online, in emails or even face-to-face. If something doesn't feel right, don't take the gamble. Contact the company on a number you know and trust, or visit their website directly and log in.
Data from your profiles or posts – like email addresses, phone numbers, your date of birth and even your pet’s name – could be the key to your digital castle in the wrong hands. Never share your password or PIN, and make sure it's hard to guess. Avoid using your year of birth, or your date of birth.
Keep all your devices protected by using a reputable antivirus software. Some software will include licences for multiple devices, including mobile phones and tablets.
Wherever you can, enable two-factor authentication (sometimes known as 2FA or MFA) on your online accounts. This provides you with an extra layer of protection.
Avoid using the same password on multiple accounts. If you find it hard to remember all your passwords, use a password manager to keep track of them. Then you'll only have to remember the password for your password manager.
Be cautious when opening attachments or clicking on links in an email you aren't expecting. It's always safer to log in to your account via a trusted method to check any notifications.
Check your bank statements, accounts credit report regularly for suspicious entries or accounts you don't recognise. There are many free options available.
Be wary of anyone telling you've been a victim of fraud, either online or over the phone. Fraudsters may try this tactic to gain your personal or banking information and can sound very convincing. Fraudsters can even spoof telephone numbers; pretending to call or text from a number you trust. A legitimate business won't mind if you hang up and call a number that you trust or log into your account.
You should shred or destroy any documents that contain your personal details before you throw them away.
You can find news, updates and information on the latest scams here. And if you think you are or have been a victim of fraud, report it to Action Fraud as soon as possible. Other useful sites for information about staying safe online, include: