Computer software, operating systems and internet browsers can have security loopholes. Hackers can use these to access your personal data. Always ensure that all of your software is up to date - for instance, if you use Microsoft Windows, you should run Windows Update every day when you first connect to the internet. If you use other operating systems or browsers then check daily for patches or updates.
Scams, phishing and identity theft
'Social engineering' is a type of scam which does not use technical hacking menthods. Instead, fraudsters trick victims into sharing confidential information, for example through:
- fake emails (also called 'phishing' emails)
- phone calls
- texts or
For example, the victim may receive an email or text telling them about a special offer or refund. The message says you need to register to claim the offer or refund, but directs the user to a fake website. This provides an opportunity for criminals to steal email logins, passwords and personal details. Always check if a special offer or refund is genuine before you give personal details.
'Social engineering' scams frequently involve piecing together information from various sources - e.g. social media and intercepted correspondence - in order to appear convincing and trustworthy. Fraudsters use these personal details to steal the victim's money or identity.
Because it is often complex, it is extremely difficult to spot this type of scam before it is too late.
To stop more people falling victim to social engineering, the Get Safe Online campaign is urging people to ‘Think Twice Before You Act’.
- Never give out personal or financial data such as, usernames, passwords, PINs, ID numbers or memorable phrases.
- Check the people/organisations you supply confidential information to are genuine.
- If in doubt, end the call and phone your bank or card provider (using the number on your bank statement) – but use another phone or wait at least five minutes in case the line has been left open.
- Don’t open attachments or click on links in emails from unknown sources – they could contain malware. Delete them, and report the details if appropriate.
- If you get an email from someone you know, but it seems unusual, double check the email address – the sender may be a fraudster who’s spoofed the address. If in doubt, call (not email) the person to check.
- Don't send personal or financial information to anyone via email.
- Don’t connect external storage devices like USB sticks, hard drives, CDs, DVDs, etc. if you’re uncertain of the source – they may contain malware.
- Regularly log into your online accounts - don't leave it for as long as a month before you check each account. Scrutinise your bank, credit and debit card statements and ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers straight away.
- If you have been a victim of fraud, contact your bank straight away.
- Report any fraud to Action Fraud or by calling 0300 123 20 40.
- Also report fraud to any website or ISP (internet service provider) where you’ve been defrauded. This applies however large or small the amount - reporting it could protect others - the proceeds of fraud are often used to fund terrorism and human trafficking.
For more detailed tips to avoid online and phone scams and identify theft visit the Get Safe online website.
For children - Childline - Staying safe online has lots of useful online safety advice for children.
For parents and carers - It can be hard to know how to talk to your child about online safety. The NSCPCC has advice for parents and carers. From setting up parental controls to advice on sexting, online games and video apps, the NSPCC advice can help you to understand the risks and keep your child safe.
The Think U Know website has useful worksheets for families, to support children with online safety at home.