For further information about the Horizon IT Scandal, please visit our corporate website

As technology becomes more sophisticated, so do the capabilities of those who want to do you harm online. Web security is a concern for everybody, particularly if you do things like banking and shopping online.

Protecting yourself

There are steps you can take to enhance your web security and make sure that you’re doing the best you can to protect yourself from harm. Our guide takes you through key elements of web and computer security so that you can stay safe.

  • Online banking
  • Staying safe using email
  • Password safety and security
  • Protecting your computer or device
  • Staying safe online
  • Social media
  • How we protect you

Online banking

Banking online or on your mobile has made everything so much easier. Take a few precautions and it’ll be safer, too.

Never share your online banking login information with anyone

In particular your full online banking PIN.

Make sure you are not being watched

When you enter your passwords or PINs into online accounts in a public place, shield your screen and make sure no one is watching you or trying to distract you. Consider getting a screen privacy protector that hinders what people can see when looking at your screen from an angle.

Monitor your accounts on a regular basis

Check for suspicious transactions – if something doesn’t look right, report it.

Monitor your list of online payees regularly

Treat any unexpected requests to change or update your payee details with caution and make sure that the request has come from a company or person you trust.

Always logout completely from your online banking session

Select the log out button rather than just closing the website or app.

Use secure websites (https)

When you enter your login details or personal information, be sure the web page you are viewing offers encryption of your data by checking:

  • the web address (URL) has changed from ‘http’ to ‘https’,
  • that a closed padlock icon is present, and
  • your browser address window may be green.

Staying safe using email

Fraudulent emails

Fraudsters sometimes send emails pretending to be from a reputable company in an attempt to get personal information (username, PIN and credit card number, for example). This is known as phishing.

Some email scams have become much more sophisticated and are personalised to target certain people. These emails are personally addressed, well-written and look and sound professional. This is knows as spear phishing.


  • Be suspicious of unsolicited emails. Listen to your instincts. If something doesn’t feel right then stop and question it.
  • Never reveal your banking details or other personal information if you get asked by email.
  • Check links in emails are legitimate by ‘hovering’ your mouse over the link to view the web address (URL) without clicking. If it is different to what you were expecting, do not click.
  • Consider having different email addresses for different purposes – one for your bank to use, another for family and friends and perhaps a different address for online newsletters.

How to report a suspicious email:

  • Call the sender to check they sent the email. If possible, use a number in a directory or on their website rather than the same number contained in the email.
  • Do not reply to the email, fill out any forms or follow any of the instructions.
  • Do not click on any links as they may try to direct you to fake websites.
  • Do not open attachments as they may infect your computer with malicious software. Forward suspicious emails claiming to be from Post Office Money to and then delete.

Your email address can be found from publicly available sources or through randomly generated lists. So, if you get a fake email that appears to be from Post Office Money, this does not mean it really is from us.

Password safety and security

Use strong passwords to protect your information and identity. The best security in the world is useless if a fraudster can guess your username and password.

Strong passwords can take years to crack. Weak passwords can be cracked in less than 5 minutes.

What makes a strong password?

More than 8 charactersHaving a long and complex password makes it difficult for hackers to decipher.


Random words made up of upper and lowercase letters, numbers and symbols.


Don’t use the same password across accounts, as one successful attack can mean all your accounts could be opened.

Easy for you to remember

But difficult for someone to guess (i.e. avoid birthdays).

Password suggestions:

  • Replace letters with numbers and symbols.
  • Use a movie title or character you like, for example SP!D3Rm@n – a variation of Spiderman.
  • A line of a song.
  • One that other people would not associate with you- fly1ngw1Th0Utw!nGs!.
  • A phrase known to you
“Consider yourself at home” and take the first character from each word- CYAH – then combine this with numbers and symbols - C.2!Y64a?H@.


  • Never share your usernames or passwords.
  • Never allow web browsers (for example Google Chrome and Internet Explorer) to remember your passwords - you put your information at risk.

Protecting your computer or device

Protect your devices – mobiles, tablets, laptops or PCs. Safeguard against being infected with malicious software and from potentially serious consequences, like fraud and identity theft.

Make sure you have up-to-date anti-virus software

Schedule regular checks on your computer system.

Keep the software on your device up to date

Install the latest software update as soon as you get a prompt to update.

When downloading apps, go directly to a legitimate source

For example use the official App store or the Play store and be cautious when downloading apps accessed by clicking on a link.

Remotely wipe your smart phone or tablet if it’s lost or stolen

This will prevent sensitive information from falling into the wrong hands.

Secure access to your device

Use a strong PIN, password, passcode or fingerprint detection to access your device.

Clear all information on your device before selling it

Delete all data and applications on your machine before you sell it, give it away or dispose of it. It’s worth formatting all drives to make sure they’re completely clear of your personal information.

Look for signs of infection

Know how to recognise the signs that your computer may have become infected, like:

  • Applications that don’t work properly.
  • Date of last login doesn’t match the date you last logged in.
  • System slows down, freezes or crashes.
  • Unusual error messages.
  • Your browser toolbar changes.
  • System performance deteriorates unexpectedly.
  • An increase in the number of files on the system when you haven’t added anything.
  • Printing does not work correctly.
  • Distortion on screen.
  • File size changes for no apparent reason.

If you suspect that your device may be infected

Do not log on to any online banking channels until any malicious software has been removed.

Staying safe online

Consider these simple steps to shop online with confidence.

Is the website safe?

  • Always go directly to the site or access it via a search engine (like Google or Bing) first.
  • Never follow links on websites or in emails if you are suspicious.
  • Make sure the web address is what you expected (check for incorrect spelling).
  • Be sure the web page you are viewing offers encryption of your data by checking:
    • The web address (URL) has changed from ‘http’ to ‘https’.
    • A closed padlock icon is present.
    • Your browser address window may be green.
  • Always make sure you are buying only from reputable retailers, whether from personal experience or trustworthy recommendations. If it is not a well-known shopping site, do some research and look for independent reviews rather than trusting testimonials on the site itself.

Social media

Social media has changed the way we communicate, but the more information you post online, the more you put yourself at risk. For example, if a fraudster gets your full birth date and place of birth, they could try to use this information to access your accounts.

What goes online stays online

To protect yourself and your information, take care when using social media.

Privacy and security settings

Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post, and to manage your online experience in a positive way. Do not rely on default settings.

Keep personal information personal

Be cautious about how much personal information you give on social networking sites. The more information you post, the easier it may be for a fraudster to use that information.

Make passwords long and strong

See the passwords section for more information. When in doubt, throw it out. Links in messages, tweets, posts, and online advertising may contain malicious content. Even if you think you know the source, if something looks suspicious delete it. For more information see identity theft.

How we protect you

Logging on

When you log on to your account, we will ask for your own private and individual user ID and password as well as a personal detail question. This information is encrypted during transmission and will remain a secret as long as you do not share it with anyone.

Access to data

Our website is protected by a firewall, which forms a barrier between the outside internet and the internal bank network. This helps to ensure the protection of your information.

Online activity:

  • Your name, address and full bank account number will never appear on screen.
  • The details of the person you’re paying will appear on screen and in the receipt, which you can print off when the bank confirms your instruction to make a transfer or pay a bill.

Authorising payments

Payments are authorised using a digital certificate and password.

Logging out

If you haven’t used it for a short while, your banking session will automatically timeout – to restart your session, just re-enter your login details at the login screen.