Staying Safe Online

Be aware of online threats 

As our world becomes increasingly reliant on the internet, the number of potential fraud victims continues to grow. This offers criminals greater opportunities to steal both our money and personal details.

Fraudsters are constantly evolving their tactics to exploit our trust and vulnerabilities. In this document we will show you ways you can reduce the risk of online fraud.

Stay alert with these three steps: Stop. Challenge. Protect. 

• Stop: pause and think before sharing money or personal information with anyone online. 

• Challenge: ask yourself, ‘Could this be fake?’ It is okay to ignore or refuse suspicious requests. Fraudsters will typically create a sense of urgency to deter potential victims from challenging them. 

• Protect: if you think you have been scammed, contact your bank right away. 

Be cautious with what you share online. Think twice before clicking links or replying to unexpected messages. If something feels wrong, stop and check.

Artificial Intelligence (AI) has made it easier for fraudsters to create convincing emails. While some messages may appear genuine at first glance, there are usually small details that reveal a phishing email. Learning to recognise the warning signs can help you avoid falling victim to a scam:  

• Poor grammar: mistakes in grammar, punctuation, and spelling is often a red flag.
• Design and quality: check the layout, fonts, and company logos. Phishing emails may look inconsistent or poorly designed.
• Urgency: be cautious if the email pressures you to act quickly or creates a false sense of urgency.
• Generic greetings: emails addressed with ‘Dear Customer’ or similar are usually suspicious. Legitimate emails usually use your name.
• Sender’s email address: look closely at the sender’s name and email. Small misspellings or unusual domains (the domain is what comes after the ‘@’ symbol) can indicate a spoofed or cloned email.
• Links in the email: hover over links before clicking to see where they really go. Make sure the URL matches the official website and is not a disguised download which could give fraudsters access to your device or install malware.
• Unexpected attachments: be cautious with attachments, especially if you were not expecting them. These may contain malware or harmful downloads.
• Requests for sensitive information: legitimate organisations will rarely ask for passwords, PINs, or full personal details via email. Treat such requests as highly suspicious.

Check for a secure connection

Look for a padlock icon in the URL bar and/or ‘https’ at the start of a website address. 

• Click on the padlock (), to check if the website has a valid certificate from a trusted authority.
• The ‘s’ in https stands for ‘secure,’ meaning your connection is encrypted, so an information you enter is protected.
• If there is no padlock icon or the website address is not secure, it is safer to leave the website.

Look for trust seals on payment pages 

Look for trust seals on payment pages of ecommerce websites. There are different types of trust seals, this includes security seals (indicate SSL encryption and malware protection) and payment badges (show accepted and secure payment methods).

Verify these seals by clicking them to check the authenticity of the site. Not all ecommerce websites show trust seals or have made them clickable. However, if you are visiting an ecommerce site you have never used before where it is not reputable and lacks trust seals, it is recommended to shop elsewhere.

Checking the authenticity of a trust seal: 

• Real trust seals are a clickable button, not just pictures, therefore, clicking it should trigger one or all these reactions:

1. A verification page
2. Certificate details which match the website name
3. A valid date

• Fake seals usually look pixelated or blurry and when clicked, it just flashes or reloads the page. If the seal fails to prove it is legitimate when clicked, do not type your card details into that site.

Hover over links before clicking 

Always hover over/inspect links before clicking them. Check email sender addresses carefully. This allows you to check the links and emails are not spoofed, and that you will be directed to a safe page and not install malicious software. Never click on links in unexpected emails requesting credential verification.

Check domain registration 

Look up domain registration to confirm the legitimacy of business partners or suppliers. The domain is what follows ‘www.’ in the URL and ends at the next ‘/’.

• Use ICANN Lookup to check domain ownership information. Look for:

1. Registrant name – should match the business or organisation. 

2. Creation date – ideally at least 6 months old.

3. Registrar – ensure it is from a reputable domain provider; unknown or suspicious registrars would be a red flag. You can spot this by checking if the website has HTTPS at the beginning of the URL, clear contact details, and is listed with trusted registries, such as ICANN.

4. Contact email - should reflect the domain name, such as @Arbuthnot.co.uk. Generic addresses like @gmail.com or @yahoo.com may indicate a fake or less trustworthy website. 

Check website design and content

Well-designed, legitimate websites usually have no grammatical errors and use simple language. Frequent errors or confusing wording might indicate a fraudulent site.

Look for reviews

Search for reviews about the website in a separate browser tab. Website like: Trustpilot, Feefo, or Tripadvisor provide insight into the reputation of the business or the service. 

Check Google Safe Browsing 

Copy and paste the URL into Google Safe Browsing – Google Transparency Report. This tool can help detect fake websites and will tell you if the website is safe or not.

These indicators are intended to support your judgement, not to serve as the sole basis for evaluating a website. Use them as part of your broader assessment in determining whether you feel comfortable browsing a particular website.

Antivirus software helps ensure that your device is not infected by malware. It is one of the most important software components that protects against malware. 

Ideally, antivirus software will scan files, e.g., email attachments, and the entire device for signs of infection. However, it is important once you install this software to keep it up to date.

A popular scam used by cybercriminals is to create fake antivirus software. Then deceive individuals into purchasing it to obtain credit card details and/or download it to infect devices with malware. We recommend: 

• Using an antivirus program from an official provider and activate the automatic update function
• Only obtaining antivirus software from reputable providers via the manufacturer's website
• Carrying out a complete system check regularly. 

See section 4 for advice on finding and downloading antivirus software from an official and reputable provider.

A VPN encrypts your data and masks your Internet Protocol (IP) address, offering an extra layer of privacy. It is advisable you use a VPN especially when using public Wi-Fi.

VPNs are available through reputable providers online or in app stores, and some devices may include a built-in VPN functionality.

See section 4 for advice on finding and downloading a VPN from an official and reputable provider.

Your email address is a prime target for criminals. It is the key to many of your accounts. If criminals get your email password, they can access private information, impersonate you, or reset other account passwords. Use a strong unique password that you do not use anywhere else. 

Making passwords strong and secure:

• Avoid reusing passwords across accounts
• Avoid commons passwords like ‘password’ or personal details (birthdays, pets names) – these are easy to guess
• Try the three random words trick (e.g., “Apple/Pen/Bike”) to create a password that is strong but memorable.
• Use a password manager to generate and store unique passwords. If you write passwords down, keep them hidden and safe.

• Lock your phone when you’re not using it and set the auto-lock to activate itself after a short period of time.

A password manager securely stores all your passwords and generates strong, unique ones for each account. 

You only need one strong “master” password to access it and for extra protection use Multifactor Authentication (MFA).

Many devices have built-in password managers like Apple Keychain. You can download reputable apps from app stores or use trusted services from well-known online companies. See section 4 for more guidance on how to find a reputable software.

Multifactor Authentication (MFA) adds an extra layer of protection to your accounts making them much harder to hack. Even if someone has your password, they cannot log in without the second step. 

For important accounts like email, banking, and social media, switch MFA on. The extra step is usually a code sent to your phone number or email. It is quick to set up and boosts your safety instantly. You will only be asked to complete MFA new or unusual logins, so it will not slow you down day to day.

To turn on MFA:

• Sign into your account and go to settings
• Look for options like, ‘Two-Factor Authentication’, ‘2FA’ or ‘Login Verification’
• Follow the instructions to set it up.

Most major services, such as Google, Apple, and Microsoft will have the option to use MFA. Not all accounts offer it but enabling it wherever possible greatly improves your security.

• Search for reviews about the product and provider on sites such as Trustpilot, Feefo, or Tripadvisor, and read other users’ experiences
• Ask friends and family for their reviews
• Always check that reviews are not part of a paid partnership as this can influence the review
• Be mindful of overly positive or repetitive reviews, as this is a sign they could be fake reviews trying to make the product or service seem more popular. Look for verified reviews, this means that the individual has bought the product, so the review is less likely to be fake, but it is not guaranteed.

• Try to choose products from well-known and established providers
• Watch videos explaining the product and read the product description on the official website thoroughly to ensure you are buying a product which covers your needs
• Examine the software publisher or developer's reputation
  • Check a publisher or developer’s reputation by reviewing their website or app description.
  • Check their domain registration, guidance on this can be found above on page 5.
• See how long the software has been available. Longevity can indicate its effectiveness, stability, and how well it has adapted to user and expert feedback. It is recommended to avoid software that has only recently been released.

• Always download software from the official website of the developer or trusted app stores such as Apple’s App Store and Google Play
• Be wary of unofficial or third-party download websites, as they may distribute malware
• Do not choose the free option, especially for antivirus software and VPNs. If you try to download free software, you are more likely to fall victim to a scam and download malware
• Trust your intuition. If something seems off about the product or provider move on to a new option

If trying to find all these different cybersecurity tools feels overwhelming, there are reputable providers that offer all three cybersecurity tools in the same package to make the user experience simpler and easier to manage.

• Install updates for devices, apps and software as soon as they are ready. They include security fixes to block viruses and malware.
• Enable automatic updates so you do not forget. Updates may take time and need a good internet connection. Use your home Wi-Fi with your device plugged in.
• Older devices stop getting updates eventually. If your device has stopped receiving updates, consider replacing it. Check the manufacturer’s website for update help. 

Backups save your photos, documents, and more from loss. 

• Regularly back up data you value to cloud storage (e.g., iCloud, Google Drive) or removable media (USB, external drive). Set up automatic backups if you can.
• Secure cloud backups with strong passwords and MFA.
• Disconnect removable media when not in use to avoid malware.
• Backups need a reliable internet connection for cloud storage. If yours is slow, use removable media instead.
• Check your backups to confirm they include everything important. Backups let you restore data if it is lost, stolen, or deleted. 

• Review your privacy settings and limit what you share online
• Be careful on social media, forums, and dating apps
• If something seems odd, stop and double-check.