Our Advice: For Individuals

Phishing refers to messages pretending to be banks, companies, or people you know, often urgent and asking you to click or reply. It may be an email, text, phone call, or letter.

The goal is to gain access to you, your information, your account(s), or benefit financially.

How to identify Phishing:

1. Warning signs: email providers and phone companies may flag things as "suspected scam".
2. Urgency: it might say things like “act now” or “your account will be locked.” Real organisations don’t threaten you like that.
3. Requesting information: You will be asked for sensitive things like your password, bank info, or a code. No one should ask for these out of the blue.
4. Unfamiliar sender: the email address or phone number might look odd, even if the name seems familiar.
5. Asks you to interact:  It asks you to click a link or open something, like an attachment.
6. Secrecy: It tells you not to tell anyone. Scammers often say “keep this secret” to isolate you.
7. Authority or Trust: It pretends to be someone you trust like your bank, the post office, or even a friend, but something about it feels wrong.
8. Unexpected: if you didn’t ask for anything, sign up for anything, or know who it’s from, this is a red flag.

If you’re ever unsure, do not interact. Ask someone you trust or get in touch with us.

Using the same password across different accounts or choosing something easy to guess makes it much easier for someone to get in to your account.

If one website is hacked, your password might be tried on your email, bank, or social media without you realising.

Why it's risky:

1. Reusing passwords: If your password is leaked on one site, criminals often try it on others.
2. Easy-to-guess passwords get cracked quickly: Names, pets, birthdays, or simple numbers like "123456" are among the first things they try.
3. Access to your email is a big deal: If someone gets into your email, they can reset other passwords and take over more accounts.
4. You might not notice right away: Some attacks happen quietly. Your details might be used weeks or even months later.

What you can do:

These easy steps can help you be more secure:

• Use a different password for every account
• Use passwords that are longer and not based on names, birthdays, or common words
• Use a password manager to help you remember them
• Turn on 2-step login if a site offers it
• If you’re worried about a reused password, change it now

You can check if your email has been in a data leak at haveibeenpwned.com. It’s free and safe to use. 

Some websites or pop-ups are designed to trick you into clicking something that installs harmful software (called malware) on your device.

This can happen very quickly — even if nothing seems to download — and can lead to your data being stolen or your computer being controlled without you knowing.

• Fake websites can look real: They may copy logos, colours, and layouts from real companies (like banks or delivery firms).
• You might download something by accident: Just clicking a link can sometimes install malware, especially on older or unprotected devices.
• Malware can steal your information: Once installed, it can record what you type, watch what you do, or send your files to someone else.
• It often hides in pop-ups or fake warnings: Messages saying things like “Your computer is infected” are often part of the trick.

 What you can do:

1. Be careful where you click — don’t trust random links or pop-ups
2. Only download software from official websites (not ads or email links).
3. Keep your computer and antivirus software up to date (see information on recommend anti-virus software here).
4. If you see a pop-up claiming something urgent, don’t click — close the browser.
5. If your device is acting strangely, get advice before continuing to use it.

If you think you might have visited a risky site or installed something by accident, stop using that device and ask for help — we’re here to support you. 

Some scammers will call you pretending to be from your bank, the police, your internet provider, or another official-sounding organisation. They often try to make you panic so you act quickly without thinking.

They might sound polite, serious, or even kind — but the goal is always the same: to get money or personal information from you.

How to spot a scam call:

1. It feels urgent: They might say there’s fraud on your account, or that your internet will be cut off today.
2. They ask for personal details: Like your bank info, card numbers, PIN, or passwords. No real company will ask for these over the phone.
3. They want remote access to your device: They might say “we need to fix a problem” and ask you to install something — this is usually malware.
4. They tell you not to speak to anyone: Scammers often say “don’t call your bank,” or “don’t tell your family.” That’s a red flag.
5. They pressure you to act now: Real companies give you time to think or call back. Scammers want you to act fast.

What you should do:

• Hang up if something feels off — even mid-call
• Never give out sensitive details, passwords, or install anything unless you’re 100% sure
• Call the company back on a number you trust (from their website or a bank card)
• If you’re unsure, ask a friend or contact us for help

It’s okay to be polite but it’s more important to be safe. You’re allowed to hang up.