Tips

Some of the main takeaways

Red Flags

Use these to check against fake news and potential scam emails you receive, to help determine their credibility.

🚨 Fake News Red Flags 🚨

Warning signs:

  • 🚩 URL mimics real news (e.g., "bbc-news-daily.com" instead of "bbc.co.uk")
  • 🚩 Excessive spelling or grammar errors
  • 🚩 No "About Us" page or contact information
  • 🚩 Sensational headlines that don't match the story
  • 🚩 No author name or credentials
  • 🚩 Lots of pop-up ads
  • 🚩 "Share before it's taken down!" urgency

🚨 Scam Red Flags 🚨

Trust your instincts

  • 🚨 Urgency ("act now or lose out!")
  • 🚨 Too good to be true
  • 🚨 Request for payment or personal details
  • 🚨 Pressure or threats
  • 🚨 Emotional manipulation
  • 🚨 Poor spelling/grammar in "official" messages
  • 🚨 Unusual payment methods (gift cards, cryptocurrency)

Safe Browsing

Tips for staying safe when using the internet.

Keeping Devices Secure

Your devices can be the key to everything you do digitally, so keep them safe:

  • Always accept and install software updates.
    These fix known security problems, not just functionality.
  • Use a random 6-digit pin on your mobile devices, rather than 4-digits.
    Guessing these is manual, and much harder with more digits.
  • Biometrics (like fingerprint and face ID) are secure and prevent others seeing your PIN.
    You still have to have a good PIN and use it occasionally.
  • Most devices have good built in antimalware protection, especially mobile devices.
    There are extra paid products available, but research them carefully.
  • On mobile devices, always install apps through the App Store / Play Store.
  • On computers, exercise caution when installing software.

Public WiFi

Public WiFi networks can be dangerous. Here's how to stay safe:

  • Only connect to WiFi networks you know and trust.
    Ask the staff: "What's your official WiFi name and password?"
  • Look for the lock icon - secure networks require passwords.
    Password-protected networks are safer than open ones.
  • Avoid networks with names like 'FREE WiFi' or 'Public WiFi'.
    These generic names are often used by criminals.
  • Don't do banking or shopping on public WiFi.
    Wait until you're home or use your phone's data instead.
  • Use your phone's cellular data when possible.
    Your phone's 4G/5G data is much safer than public WiFi.

Safe Online Shopping

  • Stick to retailers you know, if you can.
  • If you need to use unfamiliar websites, look up reviews for the website (e.g. on trustpilot.com).
    Established businesses will have plenty of reviews - be sure to read the negative ones.
  • Pay with a credit card for extra fraud protection.
  • Only save card details on reputable sites.
  • Be very cautious following adverts on social media.
    You're much safer searching for products directly.
  • Be on the look out for AI-generated product images.
  • Avoid using public WiFi to do online shopping.
  • Consider using services like Paypal, Apple Pay and Google Pay to avoid sharing card details.
    These should redirect you to their own login page (e.g. paypal.com) or use your device's authentication to login.

Authentication

Keeping your accounts secure with strong passwords and additional protection.

Making Strong Passwords

  • Passwords should be strong and unpredictable.
  • Passwords should (ideally) be unique for every login you have.
  • Password strength relates to length and which characters you use.
    Aim for 12 or more characters using mixed case, adding numbers and symbols for extra strength.
  • Three or more random words combined can help create memorable, strong passwords.
    For example, Speller-Cherisher-Doorbell would be a strong password.
  • Don't use personal details or popular references.
    Aim for a password nobody has used before.
  • Never share your passwords with others.
    Legitimate services will never ask for your password.
  • Try using a password manager to help you generate and remember strong passwords.

Managing Passwords

  • It's very hard to remember many strong passwords!
    You will usually have to make a compromise somewhere.
  • Recording your passwords somewhere is safer than having weak passwords or reusing them.
  • Password managers are a recommended practice.
    These keep your passwords safe by encrypting them with one strong master password.
  • Password managers will help you generate, store, and fill in passwords.
  • You could try a single very strong password that is altered systematically for different websites.
    Be careful - if someone figures out your system, they could guess your other passwords.
  • Even writing passwords down is better than having weak and reused passwords.
  • Check if your passwords have been exposed in data breaches.
    Use haveibeenpwned.com to check if your email or passwords have been compromised, or use your password manager if it has these features.

Two Factor Authentication

  • Two Factor Authentication (2FA) protects your accounts even when attackers have the password.
    Also called Multi Factor Authentication (MFA) or Two Step Authentication.
  • Setting up 2FA on important accounts makes them far safer.
  • The logic: only you should have your device / only you have your unique biometrics.
  • Usually done only occasionally, like if you are accessing from an unfamiliar device.
  • Basic version: a code is texted to your phone number after entering your password.
    Entering the code indicates that you have your phone (though this can be circumvented by determined hackers).
  • Do NOT share your codes with other people.
  • Application-based 2FA is more secure.
    These generate codes on your device instead, or produce notifications for you to confirm that it is you.
  • Do NOT click confirm on notifications if you did not initiate the process.
  • When setting up 2FA, print or save any backup codes shown to you.
    These let you bypass 2FA if you lose access to your device.

Sharing & Digital Legacy

Tips for safely sharing files and information, and planning for the future.

Sharing Safely

Files

  • Smaller files can be sent over email.
    This is limited in terms of file size and security.
  • Cloud storage can support easy sharing and control over who can access.
  • Some devices support secure sharing directly with nearby devices.
    E.g. Apple AirDrop, Android Nearby Share, Samsung Quick Share.
  • USB sticks can be used to share files locally.
    Thumb drives with encryption functionality are common and can limit risks.

Accounts & Information

  • Where possible, avoid sharing account logins and opt for individual accounts.
    This is not possible for everything (e.g. some streaming services).
  • Be careful about what you share online.
    Attackers can gather data to make scams more believable.
  • Most social media platforms allow users to limit who can view posts.
  • Never share passwords or one-time codes with people you don't know and trust personally.
    E.g. banks and customer service agents will never ask for these.

The next section discusses planning for serious illness or death.

Securing accounts and devices prevents others from accessing them — but what happens in the event of serious illness or death? Unfortunately, there is no one-size-fits-all solution at present, and UK law is underdeveloped. Often, being prepared for these scenarios realistically means making compromises to security or privacy.

Making things easier for others when you die is a generous thing to do, but can be time-consuming and an emotional burden. If it seems like a lot, just take care of the most important things for you.

Digital Legacy

Files

  • Some files with organisational or sentimental value can be shared while living.
  • Consider backing up meaningful photos and memories to a shared folder on cloud storage, a hard drive, or printed media.
  • For files you only want accessed after you have died:
    - Consider facilitated transfer via Google's "Inactive Account Manager", Apple's "Legacy Contact" or Microsoft Onedrive's "Digital Legacy" options. - Local backups to hard drives and USB sticks could allow storage in a secure place. - Files could be kept under password protection with instructions for access securely kept elsewhere.

Passwords

  • Set up individual accounts when sharing an account if possible.
  • Be aware that, while common, using passwords to log into a deceased user's account is almost always against Terms of Service.
    Some companies will delete or deactivate accounts if informed about the user's death.
  • Using passwords may not always work, especially if logging in requires access to the deceased's mobile phone.
  • NEVER use someone else's password to access or withdraw funds.
  • If you own cryptocurrency and you are the only holder of the keys, failing to transfer these will mean the currency is lost forever.
    NEVER put passwords or cryptocurrency keys in your will, as this will become public.
  • Transferring passwords is made easier when using a password manager.
    There is only one password to share, and some have "emergency contact" mechanisms.
  • Transferring access to your email account can allow passwords to be reset.

Accounts & Devices

  • Facebook allows the nomination of a legacy contact and memorialises accounts.
    This person has limited control over the account, including downloading shared content.
  • Other major social media services only memorialise or delete accounts of deceased users. In most cases, accounts can usually be closed down by supplying proof of death.
  • Digital content is almost always leased, not purchased, and can't be inherited or transferred.
    This includes e-books, films, music, and video games on all major platforms.
  • Sharing your PIN can be the only way to be sure that your mobile devices can be factory reset for sale or inheritance.