Guide To Online Safety

Post Office Ltd is committed to protecting our customers’ information and you can find out how we do this by clicking here.

However, whilst we and many other companies work hard to ensure your personal information is kept secure, it is also important that you take steps to keep your personal information safe.

This section is focused on providing you with some advice and guidance on how you can ensure your information stays secure, especially when you are conducting activity online.

Top tips for staying safe online

Whilst the sections below provide specific information on a wide range of online security and safety issues, here you will find some key top tips for keeping yourself and your family safe online.

Remember, BE SAFE 

Be alert to social engineering:

Always be cautious of people you don’t know asking for confidential information. If you receive an unsolicited phone call from someone claiming to be from the Post Office or your bank asking for personal information, always think carefully before divulging any information. Remember, Post Office will never ask you for your PIN.

If you have any doubt as to the legitimacy of the phone call, end the call and call them back on the number you have printed on your statements. Social engineering can also occur online, with fraudsters targeting your email accounts in a bid to gain personal information. 

Ensure your device(s) has up to date security protection:

An important step in protecting your information is to ensure that you have the appropriate security software installed on your device and that it is kept up to date. This includes any relevant security patches and bug fixes that may be announced by the vendor of the operating system your device uses. It is also important that you have anti-virus software installed to help prevent any viruses or other spyware entering your system.

Stay safe with https://

When conducting any payments online (e.g. banking / shopping) make sure that the web page you are using is secure. You can do this in three ways:

  • There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register. Be sure that the padlock is not on the page itself as this will probably indicate a fraudulent site.
  • The web address should begin with ‘https://’ – the ‘s’ stands for secure.
  • On certain browsers, the address bar or the name of the site owner will turn green.

Avoid sharing personal information online:

Whilst social media is a hugely popular tool for sharing information amongst friends and colleagues, it is important to be cautious with what you are posting, sharing or even tweeting. Criminals will scan social networking sites to try and find pieces of personal information that can help them build a picture of you and your lifestyle. Avoid sharing any personal information; such as your date of birth, details of your family members or even the fact that you’re going on holiday. If a criminal knows where you live and the fact that you won’t be there for a week they may use the opportunity to commit a crime.

Fight fraud:

Remember, if it sounds too good to be true it probably is! Whilst there are many good deals to be found on the internet, this famous saying can often be applied to pop up adverts and emails selling extremely cheap products and services. Before you make any purchases or download any files or programmes to your device, ask yourself whether the site looks genuine. Only proceed with activity or transactions if you trust the source. The Metropolitan Police have produced an online booklet aimed to increase customer awareness of the new scams being used to con people out of their money – click here [Opens in new window] to read it.

Ensure you keep strong passwords:

Passwords are used to keep your information secure and are required to log in to various online applications such as your bank and email accounts. Unfortunately, passwords can also be the weakest link and may be exploited if they are not properly created and managed.

The key thing to remember when creating a password is that it should be easy for you to remember and difficult for anyone else to guess. We would normally suggest that passwords should have a minimum of eight characters and include a mixture of upper case letters, lower case letters, numbers and special characters.

One way to create a strong password is to think of a well-known phrase, saying or song title and use the first letter of each word to create a unique password.

For example:

Back in the Summer of 69 = BitSo69

A picture is worth a thousand words = ApiwaTW!

Some other points to consider when managing your passwords:

  • Passwords are unique to you; therefore they must never be shared or written down. If you think that your password has been revealed to anyone else or compromised then you must change it immediately.
  • Don't choose a password which is obviously associated with you. Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you could be in trouble.
  • Choose words that don't appear in a dictionary. Hackers can write programmes that will scan all words in a dictionary to see if any match a user’s password.
  • Have different passwords for different sites and systems. If hackers compromise one system you do not want them having the key to unlock all your other accounts.

You may also like to consider using a passphrase for additional security, which tends to be longer than a password (typically 20 – 30 characters). Passphrases use a number of different words that together create a phrase. By substituting letters in the phrase for numbers or symbols, as well as removing characters, you can create a passphrase that is a lot harder to crack.

For example:

Two wrongs don't make a right, becomes: tW0#Ron8sD0ntma%e@rIG^t

My highland terrier is called Jasper, becomes: M!hiG7/aNdT%rr”orIcal^EdJ#sp8R

Phishing

'Phishing' is a form of social engineering that targets people's email accounts in a bid to steal personal information or load malicious software onto your device. By sending fraudulent emails to accounts, phishing attacks rely on people believing that the email is from a legitimate company or person. The email may purport to be from us, one of our partners or some other legitimate source and encourage you (the customer) to click on a link or input your personal details, account information and/or banking information. The sender's email address might even look very similar to a legitimate one. Post Office will never send you an email, text or a website link asking you to enter your internet banking or card details.

Below is an example of what a phishing email might look like:

From: support@post1office.co.uk

Title: Attention Post Office Customer

Content: 

Dear Customer, 

Our records indicate that you are entitled to a rebate on your most recent Post Office purchase, order number: 203b847k.

To process your rebate of £12.72 please fill in the attached form and send it to rebate@post1office.co.uk

 

Note: The form will contain a number of fields that aim to capture as much personal information about the unsuspecting individual as possible, including address, date of birth and bank account details.

The key thing to remember with phishing is if it sounds too good to be true it probably is. Please follow these steps to help protect yourself from phishing and other types of social engineering:

  • Check emails for their legitimacy - phishing emails tend to have bad quality logos that appear blurry, with poor spelling and grammar.
  • Check to see if the email address is the same as the email address you usually receive legitimate emails from. 
  • Check the message title for use of generic terms such as ‘Dear Customer’. If the email is not personalised to your name it may well be suspicious.
  • Don't click on any links or open attachments in suspicious emails - they may contain viruses or other types of malicious software. 
  • Don't reply to a suspicious message as this will only lead to more being sent to you. If it contains an 'unsubscribe' link, do not click on this as it will only confirm your email address is active.

Identity theft

Identity theft is a crime whereby a fraudster ‘steals’ another person’s identity in order to make transactions or obtain credit. They are able to do this by illegally accessing someone’s personal or financial information (e.g. full name, date of birth, address, bank account number, PIN), which is a lot easier than you might think.  A stray bank statement you’ve put in the rubbish bin or the personal information you’ve published on your social network page; it does not take much to enable someone to impersonate you. 

Top tips to protect your identity:

Whilst fraudsters are continuously finding new ways to illegally access people’s information, there are some simple steps you can follow to help keep your personal information secure and reduce the risk of becoming a victim of identity theft.

  • Don’t share personal information online: Whilst social media is a hugely popular tool for sharing information amongst friends and colleagues, it is important to be cautious with what you are posting, sharing or even tweeting. Criminals will scan social networking sites to try and find pieces of personal information that can help them build a picture of you and your lifestyle. Avoid sharing any personal information; such as your date of birth, details of your family members or even the fact that you’re going on holiday. If a criminal knows where you live and the fact that you won’t be there for a week they may use the opportunity to commit a crime.
  • Protect your PIN: Always be vigilant when withdrawing money from an ATM or paying for something using a chip and pin device. Make sure you shield the pin pad so that no one can see the number sequence you are entering. Avoid using number sequences that can be easily guessed (e.g. your date of birth) and never write them down.
  • Check bank statements for unusual activity: Regularly check you bank statements for any suspicious transactions. If you are not sure about a transaction that has appeared, or believe there is a transaction listed that you have not made, contact your bank or building society immediately.
  • Shred unwanted paperwork: When disposing of important documents (e.g. bank statements, utility bills) always use a cross cut shredder. These are inexpensive and ensure that all the information is securely destroyed. Simply putting documents that contain personal information into a normal rubbish bin means that anyone can find them and use the information contained to commit identity theft. 
  • Keep strong passwords: Remember, passwords should be easy for you to remember but difficult for anyone to guess. Have different passwords for different accounts and never write them down.
  • Be alert to social engineering: Always be cautious of people you don’t know asking for confidential information. If you receive an unsolicited phone call from someone claiming to be from your bank or building society asking for personal information, always think carefully before divulging any information. Remember a legitimate bank of building society will never ask you for your PIN or for a whole security password (i.e. they may ask for the first and fifth digits). If you have any doubt as to the legitimacy of the phone call, ask the caller to provide the main switchboard number for you to call them back on, or hang up and call them back on the number you have printed on your statements. Social engineering can also occur online, with fraudsters targeting your email accounts in a bid to gain personal information.

Viruses, trojans and other malware

Malware is a general term used to describe various types of malicious software that all aim to damage or disrupt the computer systems you are using. Some of the most common types of malware are explained below: 

Viruses

A type of malware that infects other programmes on your device by changing them to include a replicated copy of itself. This is why it is called a ‘virus’ because it spreads throughout your systems, reproducing itself and causing a range of destruction. 

A virus could potentially:

  • stop your device from working
  • corrupt the data on your device
  • monitor your online activity and read the keystrokes from passwords you enter
  • re-direct you from legitimate websites to fake websites 

Fraudsters will try a number of different approaches to try and install a virus onto your system. They may send you unsolicited email that asks you to click on a link or open an attachment, or send you some removable media (e.g. CD/DVD/USB stick) in the hope that you will insert it out of curiosity into your computer.

Trojans

A Trojan is a programme that appears useful but instead contains malicious code that allows unauthorised access and manipulation of data. It is often referred to as a Trojan ‘horse’ which follows the story in Greek mythology of a giant wooden horse gift that was used to trick the people of Troy into taking concealed warriors into their city. In a similar vein computer Trojans pretend to be harmless or even useful programmes, that once clicked take control of your system to cause a range of destruction.

Similar to a virus, a Trojan may present itself to you by means of an unsolicited email, usually something quite harmless like a joke or greetings card. Trojans have also been disguised as product emails, informing you that by clicking on a link a programme will remove all viruses and malware from your system, when in actual fact the opposite happens. Trojans may also be hidden in pop-up adverts that literally ‘pop up’ on the browsing window you are viewing. 

Spyware:

Spyware is software that gathers information about an individual by secretly monitoring their activity. Simply put, it is software that ‘spies’ on you. It may collect information from your device, such as personal information or browsing history and then transmit it elsewhere.

Like Viruses and Trojans, Spyware can get onto your systems by having a user click on a link in an unsolicited email or pop-up. It may also be embedded in a software package that you are installing or via a storage device attached to your computer.

How to avoid viruses, trojans and other malware:

  • Ensure your device has up to date security protection - an important step in protecting your information is to ensure that you have the appropriate security software installed on your device and that it is kept up to date.  This includes any relevant security patches and bug fixes that may be announced by the vendor of the operating system your device uses. It is also important that you have anti-virus software installed to help prevent any viruses or other spyware entering your system.
  • When conducting any payments online (e.g. banking / shopping) make sure that the web page you are using is secure. You can do this in three ways: 
  1. There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register. Be sure that the padlock is not on the page itself as this will probably indicate a fraudulent site.
  2. The web address should begin with ‘https://’ – the ‘s’ stands for secure.
  3. On certain browsers, the address bar or the name of the site owner will turn green. 

If it sounds too good to be true it probably is! Whilst there are many good deals to be found on the internet, this famous saying can often be applied to adverts and emails selling extremely cheap products and services. Before you make any purchases or download any files or programmes to your device, ask yourself whether the site looks genuine. Only proceed with activity or transactions if you trust the source.

Security glossary

Anti-virus: Software that attempts to block malicious software (such as viruses) from harming your computer.

Cybercrime: Any internet or computer-related criminal activity.

Firewall: A security system or combination of systems that protects a network or system from unauthorised access and other malicious threats.

Fraud: An act of deception intended result in personal gain (often financial).

Identity Theft: A crime whereby a fraudster ‘steals’ another person’s identity (through accessing their personal or financial information) in order to make transactions or obtain credit.

Malware: A general term used to describe various types of malicious software (e.g. Viruses, Trojan horses).

Password: A secret word or string of characters used to gain access to a computer system or network.

Phishing: A form of social engineering that targets people's email accounts in a bid to steal personal information or load malicious software onto your device.

Pop-up: A new browser window that appears on your screen without prompt, commonly used for adverts.

Social engineering: A term used to describe the process of gaining information by misrepresentation. Through social engineering a criminal can potentially access a wealth of personal information, gain access to sensitive computer systems or into an area they should not be, simply by pretending to be someone they are not. 

Spam: Unsolicited e-mail or junk mail sent to large numbers of people to promote products or services. 
Spyware: Malicious software that collects information about you without your knowledge or consent.

Trojan Horse: A programme that appears useful but instead contains malicious code that allows unauthorised access and manipulation of data.

Virus: A type of malware that infects other programmes by modifying them to include a replicated copy of itself.

Worm: A type of malware that replicates from machine to machine across network connections, taking up all available computer memory or hard disk space.

Useful links

A vast array of information can be found on the internet relating to protecting your personal information; however the following websites are particularly useful:

www.getsafeonline.org - Get Safe Online is the UK’s leading source of unbiased, factual and easy-to-understand information on online safety.

www.actionfraud.police.uk - Action Fraud is the UK’s national reporting centre for fraud and internet crime.

www.cyberstreetwise.com - Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme, and delivered in partnership with the private and voluntary sectors. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).

www.met.police.uk/docs/little_book_scam.pdf - A booklet produced by the Metropolitan Police aimed to increase customer awareness of the new scams being used to con people out of their money.

The contents of this webpage are provided for general information only and should not be your sole basis for any decisions or actions you take. Although we make reasonable efforts to ensure the accuracy of the contents of this webpage, we make no representations, warranties or guarantees, whether express or implied, that the content of this webpage is accurate, complete or up-to-date. To the extent permitted by law, we exclude all conditions, warranties, representations or other terms which may apply to this webpage or any content in it, whether express or implied. Where this webpage contains links to websites and other resources provided by third parties, these links are provided for your information only. We have no control over the contents of those linked websites or resources and we assume no responsibility for their content. Such links should not be interpreted as endorsement by us of those linked websites or resources. We will not be liable for any loss or damage that may arise from your use of them.