business for goodall donations stay in the Calder Valley micro-economyHebden Bridge · Calder Valley · since 2024DBS checked · fully insured · GDPR compliantpatient · plain English · at your paceAI-enhanced, teacher-led, never jargonbusiness for goodall donations stay in the Calder Valley micro-economyHebden Bridge · Calder Valley · since 2024DBS checked · fully insured · GDPR compliantpatient · plain English · at your paceAI-enhanced, teacher-led, never jargon

business for good · all donations stay local · Calder Valley CIC

safety scams phishing passwords internet beginners tips

How to Stay Safe Online

By Joe ·

The internet is an enormous, mostly friendly place. But just as in the real world, there are people trying to trick others into giving away money or personal information. The good news: a few simple habits make you very hard to fool.

Here’s what to watch out for and how to protect yourself.

Recognising scam messages

Scammers contact people by email, text message, phone call, and sometimes social media. They almost always create a sense of urgency, something is wrong and you need to act immediately. Common examples:

  • “Your Amazon account has been suspended, click here to restore it”
  • “HMRC: you owe £800 in unpaid tax. Pay now to avoid prosecution”
  • “Your parcel couldn’t be delivered, pay a £2.99 redelivery fee here”
  • “We’ve noticed unusual activity on your bank account, call this number urgently”

The goal is to make you panic and act before you’ve had time to think.

Red flags to look for:

  • Urgent language (“act now”, “your account will be closed”, “final warning”)
  • Requests for payment via bank transfer, gift cards, or unusual methods
  • Links to websites with slightly wrong addresses (e.g. amazon-support.co.uk instead of amazon.co.uk)
  • Poor spelling and grammar (though scams are getting more polished)
  • Unexpected contact from a company or organisation you don’t deal with

The golden rule: if something feels off, stop and verify. Don’t click any links, instead, go directly to the company’s official website by typing the address yourself, or call the number on the back of your card or on a previous genuine letter.

Phishing emails and texts

Phishing is when someone sends a message pretending to be a trusted organisation (your bank, Royal Mail, HMRC, Amazon) to trick you into entering your username and password on a fake website.

Signs of a phishing email:

  • The sender’s email address looks strange, hover over the name to see the actual address. A genuine Amazon email comes from @amazon.co.uk, not @amazon-help.net or similar.
  • The link in the email doesn’t go where it claims, hover over it (without clicking) to see the real destination in the bottom of your screen.
  • It asks you to “confirm your details” or “log in to your account” via a link.

What to do: don’t click the link. If you’re genuinely worried about your account, open a new browser tab and go to the website directly by typing the address yourself.

Report phishing emails to the National Cyber Security Centre: forward them to report@phishing.gov.uk.

Strong passwords

Weak passwords are one of the most common ways accounts get broken into. A strong password is:

  • Long, at least 12 characters
  • Unique, not used on any other website
  • Unpredictable, not a name, date of birth, or word from the dictionary

A good trick: think of a phrase and use the first letters. “I love walking in the Calder Valley in spring” becomes ILwitCVis, easy to remember, hard to guess. Add a number and symbol to make it stronger: ILwitCVis7!

Don’t reuse passwords. If one website is hacked and your password leaks, criminals will try it on other sites immediately. Using a different password for each site means a breach on one site doesn’t affect the others.

A password manager (like 1Password or the password manager built into your iPhone) can remember unique, complex passwords for every site so you only need to remember one main password.

Two-factor authentication (2FA)

Two-factor authentication (also called two-step verification) is an extra security layer on top of your password. After entering your password, you’re asked for a second piece of proof, usually a code sent to your phone by text message.

Even if someone steals your password, they can’t log in without also having your phone.

Turn it on for your most important accounts:

  • Email (especially Gmail or Outlook, your email is the master key to everything else)
  • Online banking
  • Apple ID and Google Account

Look for “Security” or “Two-step verification” in your account settings.

Keeping your phone and apps updated

Software updates often include security fixes for newly discovered vulnerabilities. When your iPhone asks you to update to a new version of iOS, it’s worth doing, especially for security reasons.

The same goes for apps. Enable automatic app updates in Settings → App Store → App Updates to keep everything patched without having to think about it.

A note on public Wi-Fi

Free Wi-Fi in cafés, libraries, and hotels is convenient but less secure. Avoid logging into your online banking or entering payment details on public Wi-Fi. Save those tasks for your home network or your mobile data connection.

Most reputable websites use HTTPS (look for the padlock in your browser’s address bar), which encrypts your connection, but it’s still good practice.

What to do if you think you’ve been scammed

Don’t be embarrassed, scams are sophisticated and catch smart, careful people. If you think you’ve been caught out:

  1. If you’ve given bank details: call your bank immediately on the number on the back of your card. They can block your card and start a recovery process.
  2. If you’ve given a password: change that password immediately on the affected site and on any other site where you use the same password.
  3. Report it: to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040.

Want to feel more confident online, or not sure whether a message you’ve received is genuine? Get in touch with Hebden Tech Tutors, we’re happy to help you check.