Internet and email security guidance

With working patterns and communication channels evolving due to recent world events, people are relying more heavily on online resources for many of their everyday transactions, both for business and personal reasons.

Although it has revolutionised the way in which we are able to communicate, the internet has increasingly become a breeding ground for trick links, scams, and viruses, leaving unsuspecting users more vulnerable than ever. There are countless types of cyber fraud and online scams circulating so it is important to know how to spot them.

Since the start of the COVID-19 pandemic, and the corresponding lockdowns that we have seen, email, phone and text message scams have been the most common. Research from Which? found 62% of people have been targeted by online scammers in the last 12 months. Sometimes all you must do is glance at your 'junk' emails to see the many attempts being made.

Additionally, email accounts can be susceptible to hackers. If an email account is hacked, it can allow the attacker to access personal, sensitive or confidential information which can be very harmful for the user of the account. Anybody can be susceptible to hacking, particularly if that individual's data has been breached previously. Sophisticated hackers are able to identify passwords that may have been used elsewhere, either on email accounts or other online accounts which require a password such as internet banking, travel companies or online shopping services.

Please find below some advice to help keep your data safe while reducing the chances of security breaches which may affect you, your business, other organisations you are associated with, your work colleagues or your friends and family.

What to look out for

Make sure that any links you click on come from a trusted source. Just because it looks as if it has come from a friend or member of your family, it does not mean its legitimate. They may have forwarded a chain email without knowing.

If you're unsure why you have received a certain text or email, and it has come from an unknown contact, it may be a scam:

• If this is an email, you can hover over or click on the sender's name to reveal their email address;
• If you do not know it, or it looks to be a fake email address, delete the message immediately;
• If you are concerned about an email that appears to be fake, contact your provider or report it as 'spam';
• DO NOT click on any links contained within the email.

Scammers are becoming more and more sophisticated in the way that they contact you. They may pose as a familiar contact, perhaps with a slight variation of their name, to trick you into opening malicious links that could do one – or more – of the following:

• Divulge important information about you, including bank details;
• Get you to open software that will infect your computer or laptop system with a virus.

Some of the key signs to look for when it comes to online and email scams are:

• Unfamiliar senders;
• Email or web addresses that are too long and look unbelievable;
• Obvious grammatical errors.

Neighbourhood Watch has produced an incredibly helpful guide on their website which focuses specifically on what to look out for when it comes to email and online scams.

Precautions to take

Email passwords -

If you haven't changed your email password recently or have any concerns that your email account may have been compromised, change your password immediately using the following guidance:

• Create a separate password – or pass phrase – for each of your email accounts;
• Always choose a strong password, preferably one using three random words and containing a combination of upper- and lower-case letters, numbers and special symbols, for example: TvLorryDog_2021%;
• Do not use words or phrases that may be easy to guess, such as the names of spouses, children, pets or house names;
• Never re-use the same password, even for different accounts;
• Turn on two-factor authentication;
• Protect your email password; don't store it in your email draft folder or somewhere it can be accessed;
• Add an extra phone number and alternative email address for a password recovery if your account gets hacked and the password is changed;
• Add security questions related to password recovery so you can recover a hacked password later on.

It is quite possible for an email account to be hacked without the account holder ever realising that their email account could be the source of leaked data or security breaches.

General online security tips -

• Always set strong passwords for all other online accounts and use a two-factor authentication if it is offered to you. This applies to desktops, laptops and mobile phones;
• If you do need to change your password, always do it from your account and not via an email;
• Make sure that you have a 'junk' or 'spam' folder set up for your emails, this will usually catch the majority of email scams or spam-like messages in a filter so that you don't see it in your inbox;
• Password protect your files and if sharing the documents, do not share the passwords via email as well, send them by other methods, such as WhatsApp;
• Install verified anti-virus software on your computers;
• Never connect to suspicious wi-fi networks, especially if you're using a shared computer;
• Check your privacy settings on social media accounts - close down what is published/disclosed so that people are unable to gain information from your profile and use that data in any way;
• If you have access to email and document storage on your mobile phones or tablets, ensure you also have a secure PIN number in case the phone is lost or stolen and activate any settings which enable the data to be wiped remotely if the PIN number is entered incorrectly too many times – if you don't want to lose any data stored on the phone in the event of this happening, ensure the data is backed-up regularly;
• Think about using different email accounts for different purposes. If you want an email address to leave on networking sites, for example, use a separate one and consider it less secure so that you don't leave anything personal on it;
• If you log on at a cyber cafe or similar, always remember to log off when you're finished and be aware of who is around you when you key in your password;
• If possible, avoid checking your social networking accounts on anything but your own devices;
• Never click "keep me logged in", or similar long-term access checks, when entering any site.

Other signs to look out for

Email and text message campaigns are not the only ways in which scammers operate. Other things to look out for include:

• Fraudulent wi-fi connections in public places such as restaurants, cafes, and retail centres;
• Websites offering fake goods;
• Internet pop-ups on secure sites such as online banking;
• Phone calls claiming to be from organisations which can request immediate payment, offer you a refund or become threatening.

Always remember, if something seems too good to be true, it usually is!

Why not take this simple online quiz to find out if you are scam-savvy.

Useful links for internet security

Infographics at the National Cyber Security Centre (NCSC)
Information for individuals & families
Information for the self employed & sole traders
Information for small & medium sized organisations