How to stay safe online

The internet is a fantastic place, but it also comes with risks. Hackers, scammers, shady websites and other bad actors can try to steal your information, trick you into scams, or spread harmful content.

This guide will help you stay safe and protect yourself online.

Please take a few minutes to read through the advice below.

1. Create strong, unique passwords

A weak password is like leaving your front door unlocked. Protect your accounts with strong passwords:

• Use at least 12 characters (longer is better).

• Mix uppercase and lowercase letters, numbers, and symbols.

• Avoid obvious words (like "password123" or your name or birthday).

• Use a password manager (like Nordpass or 1Password) to store and create strong passwords.

• Never reuse passwords across different accounts.

Example of a strong password: Jk$2!mNp4&9z

2. Turn on two-factor authentication (2FA) on your accounts

Two-Factor Authentication (2FA) adds an extra layer of security. Even if someone steals your password, they can’t log in without the second step.

How to enable 2FA:

• Go to your account settings on websites like Gmail, Facebook, or your bank.

• Turn on 2FA (also called multi-factor authentication).

• Use an authentication app (like Google Authenticator, Microsoft Authenticator, or Authy) instead of text messages if possible.

You can also enable 2FA for your Online Community account, to set this up please read through our how-to guide https://strokedigital.atlassian.net/wiki/spaces/MSGF/pages/478576647.

3. Watch out for scams and phishing

Scammers are crafty, they will try to trick you into giving away personal information. Phishing is when someone pretends to be a trusted company like your bank or delivery companies, friends even or your own email provider to steal your data.

🔴 Signs of a scam:

• Urgent messages like "Your account is at risk!" or "You've won a prize!".

• Emails or texts with bad spelling, grammar or strange looking email addresses like paypal1@usa.com.

• Links that don’t match the official website (hover over links to check).

• Requests for your password, bank details, or to “confirm” personal details.

✅ How to stay safe:

• Never click on links in emails or messages that you are unsure about

• Never send money or your bank details to anyone who asks, your bank and other companies will never ask for this information.

• Verify who’s contacting you - call the company directly.

• Check website addresses - scammers use fake sites that may resemble other popular and established websites.

• Ignore "too good to be true" offers - they are scams. If someone is offering to send you something but asks you to make a small payment in order to access the product they are offering, its most definitely a scam.

4. Reporting spam and scams

If you get a message, email or post that feels suspicious, you can report it. It will also help stop others from being caught too.

Text messages

• Forward suspicious text messages to 7726 (it spells “SPAM” on your keypad).

• This sends it straight to your mobile provider so they can block the number.

• Lastly, delete the text afterwards. Don’t click any links, even if they look genuine.

Emails

• Forward phishing or scam emails to report@phishing.gov.uk. That goes directly to the National Cyber Security Centre (NCSC) for investigation.

• If the email pretends to be from your bank, forward it to their fraud address too (check your bank’s website for the official one).

• Then delete the email from your inbox and your “Deleted Items” folder.

Fake websites or adverts

• If you find a fake shopping site, investment page or scam advert, you can report it to the Advertising Standards Authority at https://www.asa.org.uk/make-a-complaint.html.

• You can also use https://www.ncsc.gov.uk/section/about-this-website/report-scam-website to tell the NCSC about scam websites.

Report misleading or AI-generated content

If you spot a video, photo or post that looks fake because it is generated by AI:

• Use the “Report” or “Flag” button on the platform (Facebook, X/Twitter, Instagram, YouTube, TikTok).

• Choose a reason such as “False information” or “Scam or fraud.”

• Avoid sharing it further even to warn others as that spreads it wider.

5. Keep your devices and software updated

Out of date software is easy for hackers break into. Updates fix those security issues.

How to stay updated:

• Turn on automatic updates for your phone, computer, and apps.

• Update your browser (Chrome, Firefox, Edge, etc.).

• Use a supported operating system (Windows 10/11, MacOS, Android, iOS).

• Delete old apps you don’t use (they might be unsafe).

6. Browse safely

Your browsing behaviour affects your security. Not all websites are safe.

🛑 Avoid unsafe websites:

• Look for "https://" in the address bar (not just "http://"). The “s” means the connection is encrypted, which helps protect your data. However, this does not guarantee the website itself is trustworthy. Scammers can still create fake websites that use HTTPS and show a padlock, so always double-check the website address and who runs the site.

• Use a trusted browser (Chrome, Firefox, Edge, Safari or Opera).

• Avoid downloading random files or apps from unknown sources.

🔎 Search safely:

• Stick to trusted sources (Medical journals, major news websites, Gov.uk etc.).

• If something looks off, Google it with "scam" (e.g., "PayPal refund email scam").

7. Protect your personal information

It’s important that you don’t overshare online, scammers and hackers can use your details to scam or impersonate you.

Be careful with:

• Your full name, address, and phone number.

• Your birthday - it helps hackers guess passwords.

• Your workplace and travel plans - don’t announce vacations publicly.

• Your financial details - don’t share your card or account details online.

Privacy tips:

• Set social media accounts to private.

• Use a nickname or username instead of your full name on public sites.

• Don’t post sensitive photos (like Passports, IDs, boarding passes, or work badges).

8. Be cautious with public Wi-Fi

Public Wi-Fi is convenient but not secure. Anyone nearby can snoop on your activity.

Stay safe on public Wi-Fi:

• Avoid logging into bank accounts or shopping sites.

• Avoid auto-connect to open networks.

• Use a VPN (Virtual Private Network) if you need to access important accounts.

• If possible, use mobile data instead, but watch out for roaming charges if you’re abroad.

9. Check if your data has been compromised

Sometimes, you don’t know your information has leaked until it’s too late. Be proactive.

Here’s how to check:

• Use haveibeenpwned.com to see if your email or passwords have been leaked in known data breaches.

• Regularly check your credit report for unusual activity, signs someone may be using your details without your permission.

• If anything looks odd like accounts you don’t recognise, report it immediately.

You can check your credit history on:

• https://www.experian.co.uk/

• https://www.clearscore.com/

10. Secure your email and messages

Your email is a gateway to all your accounts. If a hacker gets into your email, they can reset your passwords and take over everything.

How to secure your email:

• Use 2FA on your email account.

• Don’t open suspicious attachments or links.

• Use separate emails for different things (e.g., one for banking, one for social media).

• Don’t forward chain emails (they often spread misinformation or scams).

11. Be smart about online shopping

Fake shops and scam websites are everywhere. Don’t hand over your card details without checking the site properly.

How to shop safely:

• Only shop from trusted sites.

• Check reviews before buying from a new store.

• Use secure payment methods (PayPal, credit card, not bank transfers).

• If a deal seems too good to be true, it probably is.

12. Recognise and avoid misinformation

Not everything you see online is true. Scammers rely on panic and confusion.

How to check facts:

• Cross-check with trusted news sources (BBC, NHS, Gov.uk, Reuters, etc.).

• Always check the date and who wrote the article/post/page.

• Be skeptical of viral posts with shocking claims or sensationalist headlines.

• Fact-check websites can help verify stories.

Useful sites for staying safe online

• https://www.staysafeonline.org/ - National Cyber Security Alliance

• https://www.ncsc.gov.uk/cyberaware/home - UK Government - National Cyber Security Centre

• https://www.getsafeonline.org/ - Practical online safety advice

• https://www.scamvoid.net/ - Check website reputation and safety

Need more help?

If you have any questions about the Online Community, please submit a request through our Service Desk.

 Related articles