How to stay safe online

It’s easy to think you’ll never fall victim to an online scam, but cybercrime is becoming more common and more sophisticated every year.  

Make sure you know what the threats are, how to avoid them and what to do if you are scammed.  

Follow our internet safety tips to protect yourself online, and be sure to share with your friends and family to keep them safe too.

How common are online scams?

Online scams are very common around the world, including in the UK – and as generative AI becomes more accessible, they’re becoming more and more convincing.  

While you may think it’s only elderly or less tech-savvy people who are conned, more and more young people are falling victim to online scams too.

The UK Safer Internet Centre (UKSIC) has released research showing almost half of eight to 17-year-olds have been scammed online.  

What type of scams are most common?

Which? found that the most common scams in 2024 included phishing scams on social media, malicious QR codes, fake job postings, phony retail websites and WhatsApp scams.  

A lot of these scams involve some form of phishing, which we’ll talk about soon.  

How are online scams carried out?

There are some common scam methods to look out for so you can protect yourself.

Phishing

Phishing is one of the most popular online scam methods in the world. A typical phishing scam involves impersonating a trusted person or company to trick a victim into giving up sensitive information.  

Phishing scams can be carried out via email, text, social media message and even over the phone.  

A phishing scammer may be looking for something as simple as a social media password, but could also be looking to gather lots of personal information for a more serious crime like identity theft.  

A typical phishing scam looks something like this:

1. The scammer sends an email to a potential victim, pretending to be a trusted person like a social media staff member or from an organisation you trust, such as your bank.
2. They say you need to log into your account to check a suspicious sign-in from an unregistered device. This adds a sense of urgency.
3. You’re prompted to click on a link that seems to lead to the Instagram login page (for example), so you can log in to view the previous suspicious sign-in.  Thinking the email is real and trustworthy, you click on the link and enter your credentials.  
4. The URL given by the scammer actually leads to a malicious webpage designed to record everything you type. When you type in your username and password, the scammer records it and can now log into your account.  

Scammers can use phishing to steal further sensitive data, make payments, find more victims, and more.  

If you are suspicious of any message you’ve gotten, especially an unexpected message, contact the sender directly via a trusted method (e.g. a bank’s official customer service portal). Do not use contact information in the message to respond.

Fake and malicious websites

No matter how legitimate or trustworthy a website looks, there’s always a chance that it may not be.

Malicious websites are used to steal data and spread malware or viruses and are often designed to look identical to official webpages.  

By simply opening or interacting with a malicious website, you could be in danger.  

For example, the website may be fitted with a keylogger, which can record anything you type on your keyboard (either while on the website or all the time depending on the type of keylogger).

The website may be designed to load malware onto your device, sometimes without you even realising it.  

Malware and viruses  

Malware and viruses can do a lot of damage on our devices.

Both kinds of software are dangerous, but viruses can self-replicate and infect other devices on their own, while malware can’t.

Your device can be infected with malware or viruses in many ways, including:

• opening a malicious link or attachment
• inserting an infected USB drive
• malicious downloads (apps, videos, etc.)
• interacting with a malicious advert
• file torrenting

How to avoid online scams  

While online scams are very common, there are things you can do to lower the chance of falling victim to them.  

Run checks before clicking

Before clicking on any links or attachments, run a few checks before:

• enter the link URL into a link checker to see if it’s flagged as suspicious or dangerous
• use your antivirus’s attachment checker if it comes with this feature  
• use your browser to search for the name of the website you’re looking for instead of using a link someone gave you
• check to see if a sender’s email looks suspicious and oddly formatted (e.g. d0n0treply@ll0yds.co.uk instead of donotereply@lloydsbank.co.uk)
• run a browser search to find the support email of the company the email claims to be from to see if the two match

Block suspicious emails and use spam filters

If you think an email looks suspicious and it doesn’t match the official support email of the company it claims to be from, block the address immediately.  

Your email provider usually enables spam filters by default. These filters detect emails that are likely spam and move them to a dedicated inbox.

But if you don’t have a spam inbox active, head into your security and privacy settings and turn on your spam features there.  

Look after your passwords

We now have so many passwords that it’s easy to forget about keeping them secure. But your passwords’ security is important for keeping your accounts safe.  

To improve your password security and to help protect your accounts online, you should:

• use a different password for each account
• store your passwords securely (e.g. in a trusted password manager app)

Other tips

Along with the tips above, you should also consider:

• regularly updating your antivirus software
• never leaving your devices unlocked in public  
• avoiding public Wi-Fi networks  
• only using trusted USB drives

Keeping your children safe online

If your children spend time online, they can easily fall victim to scams. To keep them safe from cybercriminals, you should:

• have a chat about the risks of being online  
• set some rules about what they should and shouldn’t be doing online
• have regular check-ins to make sure they’re not using anything dangerous or inappropriate online
• turn on parental controls on your operating system and browsers
• check their devices occasionally to make sure they’re not visiting any dangerous websites

What to do if you think you’ve been scammed  

If you think you’ve fallen victim to an online scam, you should:

• Freeze your card immediately – also, notify your card provider about what’s happened if you’ve given over your card details.
• Change your username and password – and sign out of all devices, if you’ve given login details and still have account access.
• Contact the support team of the platform being used - if you’ve given login details and no longer have access to your account (for instance, Facebook, Lloyds Bank, Instagram).
• Delete any files that are automatically downloaded onto your device – plus, exit the website and run a scan with your antivirus software.

Admiral’s Personal Cyber and Identity Theft Helpline

If you have our Platinum home insurance or Family Legal Protection added to your policy, you have access to our Personal Cyber and Identity Theft Helpline.

This helpline can be used to get support and advice from experienced fraud and cyber specialists if you’ve fallen victim to an online crime. It can help you with many things, including documenting evidence, securing accounts and liaising with banks or financial service providers.

Our cyber specialists will also give you advice on how to protect yourself from any future attacks.  

Call 0333 7777 387 if you need support with identity theft or any kind of cyber crime.

To see if you have access to this feature, check your cover in MyAccount.