Essential guidance: protect yourself online
- Figures from ActionFraud reveal that reports of online shopping fraud have surged by 30% over the pandemic as many of us continue to shop online in light of current restrictions.
- You can read the latest Government advice on staying safe online hereLink opens in a new window.
- And you can access the latest edition of ActionFraud's online newsletter, shared by the West Midlands Police Economic Crime Unit hereLink opens in a new window.
Follow these top tips to stay safe online during the Lockdown and always be vigilant when shopping and sharing online.
Choose carefully where you shop
It's worth doing some research on online retailers to check they are legitimate. Read feedback from people or organisations that you trust, such as consumer websites.
Some of the emails or texts you receive about amazing offers may contain links to fake websites. If you're unsure, don't use the link, and either:
- type a website address that you trust directly into the address bar
- search for it, and follow the search results
Use a credit card for online payments
Use a credit card when shopping online, if you have one. Most major credit card providers protect online purchases, and are obliged to refund you in certain circumstancesLink opens in a new window. Using a credit card (rather than a debit card) also means that if your payment details are stolen, your main bank account won’t be directly affected.
Debit card payments and purchases are not covered by section 75 of the Consumer Credit Act. But you might be able to make a claim for a refund under a voluntary scheme called ‘chargebackLink opens in a new window’.
Also consider using an online payment platform, such as PayPalLink opens in a new window, Apple PayLink opens in a new window or Google PayLink opens in a new window. Using these platforms to authorise your payments means the retailer doesn’t even see your payment details. They also provide their own dispute resolution should anything go wrong. When it's time to pay for your items, check there's a 'closed padlock' icon in the browser's address bar. It will look like this:
The padlock icon doesn’t guarantee that the retailer itself is legitimate/reputable (and that their website is secure). It means that the connection is secure. If the padlock icon is not there, or the browser says not secure, then don’t use the site. Don't enter any personal or payment details, or create an account.
Only provide enough details to complete your purchase
Only fill in mandatory details on a website when making a purchase or signing up for information. These are usually marked with an asterisk (*), and will typically include your address and payment details. When the merchant's website transfers you to your card issuer to verify payment, you may get asked for further security details to confirm you're the cardholder. See this Visa page for typical details.
If possible, don't create an account for the online store when making your payment. You can usually complete a purchase without creating an account, or by using an online payment platform (such as PayPal). If you think you'll become a regular customer with the store, then you may want to create an account with them.
The store may also ask you if they can save your payment details for a quicker check-out next time you shop with them. Unless you're going to use the site regularly, don't allow this.
Keep your accounts secure
If you're using the same password for your online accounts (or passwords that could be easily guessed), then you're at risk. Hackers could steal your password from one account, and use it to access your other accounts. For this reason, you should make sure that your really important accounts (such as your email account, social media accounts, banking accounts, shopping accounts and payment accounts like PayPal) are protected by strong passwords that you don't use anywhere else.
This NCSC infographic explains how you can create strong passwords and store them safely (so you don't need to remember them).
You can further protect your important accounts from being hacked by turning on two-factor authentication (2FA). It's also referred to as 'two-step verification' or 'multi-factor authentication'. Turning on 2FA stops hackers from accessing your accounts, even if they know your password. It works by asking you to confirm that it's really you in a second way - usually by asking you to enter a code that's sent to your phone.
Watch out for suspicious emails, calls and text messages
You'll probably receive messages from online sources, as a result of 'opting in' to receive communications. Lurking amongst these genuine messages, there may also be fake ones (containing links designed to steal your money and personal details) that can be very difficult to spot.
Of course, not all messages are bad, but if something doesn't feel right, you can report it to the Helpdesk, or during the holidays, follow the NCSC guidance on dealing with suspicious emails, phone calls and text messages:
If you have received an email which you’re not quite sure about, again, forward it to the Helpdesk or to the Suspicious Email Reporting Service (SERS) at firstname.lastname@example.org.
If you've received a suspicious text message, forward it to 7726. It won't cost you anything, and allows your provider to investigate the text and take action (if found to be a scam).
If you come across an advert online that you think might be a scam, report it via the Advertising Standards Authority (ASA) websiteLink opens in a new window. This allows ASA to provide online service providers with the details they need to (if appropriate) remove these from websites.
If things go wrong
- If you think your credit or debit card has been used by someone else, let your bank know straight away so they can block anyone using it. Always contact your bank using the official website or phone number. Don't use the links or contact details in the message you have been sent or given over the phone.
- If you think you have responded to a suspicious email or text message, or visited a scam website, don't panic. In a work context, report it to the Helpdesk; in any case, read the NCSC’s guidance on dealing with scam emails, phone calls and text messages.
- If you've lost money, tell your bank and report it as a crime to Action FraudLink opens in a new window (for England, Wales and Northern Ireland) or Police ScotlandLink opens in a new window (for Scotland). By doing this, you'll be helping to prevent others becoming victims of cyber crime.
- If you don't receive the item (or it doesn't match the description given), Citizens Advice has some useful information about getting your money back if you paid by credit card, debit card or PayPalLink opens in a new window.
- Stay connected, stay safe online.
Security & Information Management is Everyone's Responsibility
- Read and share these ten key points to ensure you are working as securely as possible.
How to get help
If you think you detect any unusual online activity, please report it immediately.
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.