Skip to main content Skip to navigation

Essential guidance: protect yourself online

  • Figures from ActionFraud reveal that reports of online shopping fraud have surged by 30% over the pandemic as most of us continue to shop online
  • And you can access the latest edition of ActionFraud's online newsletter, shared by the West Midlands Police Economic Crime Unit here: ActionFraudLink opens in a new window
Follow these top tips to stay safe online during the Lockdown and always be vigilant when shopping and sharing online.

Choose carefully where you shop

It's worth doing some research on online retailers to check they are legitimate. Read feedback from people or organisations that you trust, such as consumer websites.

Some of the emails or texts you receive about amazing offers may contain links to fake websites. If you're unsure, don't use the link, and either:

  • type a website address that you trust directly into the address bar
  • search for it, and follow the search results

Use a credit card for online payments

Use a credit card when shopping online, if you have one. Most major credit card providers protect online purchases, and are obliged to refund you in certain circumstancesLink opens in a new window. Using a credit card (rather than a debit card) also means that if your payment details are stolen, your main bank account won’t be directly affected.

Debit card payments and purchases are not covered by section 75 of the Consumer Credit Act. But you might be able to make a claim for a refund under a voluntary scheme called ‘chargebackLink opens in a new window’.

Also consider using an online payment platform, such as PayPalLink opens in a new window, Apple PayLink opens in a new window or Google PayLink opens in a new window. Using these platforms to authorise your payments means the retailer doesn’t even see your payment details. They also provide their own dispute resolution should anything go wrong. When it's time to pay for your items, check there's a 'closed padlock' icon in the browser's address bar. It will look like this:locked padlock on a URL bar in browser

The padlock icon doesn’t guarantee that the retailer itself is legitimate/reputable (and that their website is secure). It means that the connection is secure. If the padlock icon is not there, or the browser says not secure, then don’t use the site. Don't enter any personal or payment details, or create an account.

Only provide enough details to complete your purchase

Only fill in mandatory details on a website when making a purchase or signing up for information. These are usually marked with an asterisk (*), and will typically include your address and payment details. When the merchant's website transfers you to your card issuer to verify payment, you may get asked for further security details to confirm you're the cardholder. See this Visa page for typical details.

If possible, don't create an account for the online store when making your payment. You can usually complete a purchase without creating an account, or by using an online payment platform (such as PayPal). If you think you'll become a regular customer with the store, then you may want to create an account with them.

The store may also ask you if they can save your payment details for a quicker check-out next time you shop with them. Unless you're going to use the site regularly, don't allow this.

Keep your accounts secure

If you're using the same password for your online accounts (or passwords that could be easily guessed), then you're at risk. Hackers could steal your password from one account, and use it to access your other accounts. For this reason, you should make sure that your really important accounts (such as your email account, social media accounts, banking accounts, shopping accounts and payment accounts like PayPal) are protected by strong passwords that you don't use anywhere else.

This NCSC infographic explains how you can create strong passwords and store them safely (so you don't need to remember them).

You can further protect your important accounts from being hacked by turning on two-factor authentication (2FA). It's also referred to as 'two-step verification' or 'multi-factor authentication'. Turning on 2FA stops hackers from accessing your accounts, even if they know your password. It works by asking you to confirm that it's really you in a second way - usually by asking you to enter a code that's sent to your phone.

Watch out for suspicious emails, calls and text messages

You'll probably receive messages from online sources, as a result of 'opting in' to receive communications. Lurking amongst these genuine messages, there may also be fake ones (containing links designed to steal your money and personal details) that can be very difficult to spot.

Of course, not all messages are bad, but if something doesn't feel right, you can report it to the Helpdesk, or during the holidays, follow the NCSC guidance on dealing with suspicious emails, phone calls and text messages:

If you have received an email which you’re not quite sure about, again, forward it to the Helpdesk or to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk.

If you've received a suspicious text message, forward it to 7726. It won't cost you anything, and allows your provider to investigate the text and take action (if found to be a scam).

If you come across an advert online that you think might be a scam, report it via the Advertising Standards Authority (ASA) websiteLink opens in a new window. This allows ASA to provide online service providers with the details they need to (if appropriate) remove these from websites.

If things go wrong

Security & Information Management is Everyone's Responsibility

How to get help

If you think you detect any unusual online activity, please report it immediately.

 Self-Service Online - make requests and report incidents through our web-based tool ServiceNow
Call us on 024 765 73737. We're open 9:00am to 5:00pm, Monday to Friday (excluding bank holidays).
Email us at helpdesk@warwick.ac.uk
Who needs to know this?

This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.