Your guide to online security: avoiding scams and viruses

Lynn Wright / 07 November 2017

From avoiding email scams to shopping more securely online, follow Lynn Wright’s simple step-by-step guide to internet safety.



How to stop junk email
Avoiding scam emails
Keep safe from viruses and malware
Protect your computer
Safe online shopping
Secure home networking
Browser safety tips
Social networking
Security checklists

The internet has become a huge part of most of our lives. Some use it for online banking or shopping. Others rely on email or social network tools, such as Facebook, to keep in touch with friends and relatives.

But there are numerous threats to your computer and personal information out there, with criminals ready to use the internet to steal your identification, financial details, or ruin your PC by infiltrating it with viruses or malware.

This guide explains simply but thoroughly the steps you can take to guard against such problems. It deals with everything from spotting scam emails to safer online shopping and installing computer security systems.

We can’t eliminate the risks, but we can give you more confidence when spending time surfing the web.

How to stop junk email

These unwanted communications are not only annoying, but hidden dangers can lurk inside. Start here to stop them clogging up your inbox.

Email is a quick, easy and cheap way to keep in touch with friends and family. Many companies also use it to tell customers about their goods and services.

Millions of unsolicited messages advertising products and services are sent by email daily, bombarding people’s inboxes.

This is known as spam – the electronic equivalent of junk mail. These marketing emails are generally harmless, but they can be confusing to receive and having to delete them from your inbox is simply irritating.

How to stop spam emails

Report them. Most email programs, such as Gmail and Outlook, intercept the majority of spam messages and send them to a folder called Junk or Spam. But if one slips through to your inbox, report it as spam so your email provider knows to filter messages from this sender in future. You can usually do this by selecting the message in your inbox and clicking Report as junk, spam or similar.

Avoid being added to mailing lists. These contain names and email addresses of people who have agreed to receive marketing material from a company. Such lists are typically rented or sold to other firms, so you may end up receiving emails from lots of companies you don’t know.

When buying goods online or registering on websites, be careful to tick or untick the relevant checkbox, so that people don’t have permission to contact you.

When registering to vote, on the electoral register, opt out of the ‘open register’. It is often used for unsolicited marketing mail. Sign up with the Mailing Preference Service to remove your name from direct mailing lists.

Avoiding email scams

Con artists use clever emails to trick people out of money. Here’s what to watch out for and what to do if you spot one.

Criminals are turning to online communication in an attempt to steal people’s money or gain access to their sensitive, personal information.

Email scams – fraudulent messages that are carefully designed to fool you – are on the rise. So if you’ve ever received an unexpected email claiming that you’ve won a substantial amount of cash in a competition you didn’t take part in, or an odd message from your bank requesting that you update your financial details, then it’s likely you’ve been the target of what is known as ‘phishing’.

These realistic-looking messages do their best to try to convince you to hand over your important details – such as account and credit card numbers and passwords – to criminals who sell them or use them to commit fraud themselves.

The most common phishing scams

Fake bank account

This is an email that claims to be from your bank, building society, credit-card provider or other financial organisation, requesting that you verify your personal information. It usually carries a warning that your account will be suspended if you don’t take immediate action. Typically, the email contains a link to a fake website run by criminals that looks like the real thing, where you’re asked to enter your account details. Banks and other financial companies never send emails directly requesting sensitive account details, so delete these emails and never click on the links they contain.

Lottery or competition prize

An email arrives congratulating you on winning a large sum of money in a contest that you can’t recall entering. The scammer asks for useful personal information and may request money for an ‘administration fee’ before the prize is released to you.

Fake survey fraud

This seems an innocent email, simply asking you to visit a website in order to complete a survey. However, clicking on a link may result in spyware being installed on your computer to steal sensitive information.

Advance fee or money-transfer fraud

There are several variants of this scam, but most involve a sender claiming to need your help to move money or other valuables from one country to another. In return, you’re promised a significant reward. But first you need to make a payment or provide your bank details to further the transaction. Once given, your account may be emptied.

How to catch a phishing email

Phishing scams appear convincing, but knowing the traits they share can help you spot them and avoid identity theft more easily.

Here’s what to look out for:

1. The sender’s email address is different from the organisation they claim to represent.

2. The email uses a generic greeting such as ‘Dear customer’ instead of your name.

3. A linked website may look genuine but the web address in the browser’s address bar may be slightly different – this can indicate a fake website.

4. Scare tactics are used to get you to act quickly without thinking – for example, a warning that your account will be closed unless you verify the details.

5. A request for personal information, such as your username, password or bank account details. Never, ever reply sending these details.

Report phishing emails to ActionFraud, the UK’s national reporting centre for fraud and cyber crime. Visit actionfraud.police.uk or call 0300 123 2040

Check your credit report

Your credit report is a record of your credit history, including payments and debts, used to approve your application for a mortgage, credit card, loan or other forms of credit. It may also reveal suspicious credit activity, if you suspect you’ve been a victim of fraud.

Reference agencies such as Equifax, Experian and Callcredit will provide you with a credit report. Experian offers free 30-day access to a comprehensive report. Find out more at saga.co.uk/Experian

Five top tips to avoid being scammed

1. Delete unsolicited emails. Don’t reply as this will confirm your email address and you’ll receive even more spam.

2. Never open email attachments from people you don’t know. Similarly, don’t click on links to websites within the email, as these may carry a virus that will infect your computer.

3. Don’t believe promises of money, prizes or gifts. If it sounds too good to be true, it invariably is.

4. Ignore donation requests. Fraudsters think nothing of manipulating your goodwill in response to an international disaster or other crisis by setting up bogus charities. Donate instead to well-known, legitimate organisations.

5. Never give personal information. No legitimate company, bank or building society will ask for your bank account number, sort code, PIN or password in an email.

Jargon buster: Identity (ID) theft This involves stealing someone’s personal information in order to obtain money, loans, credit cards and commit other fraud.

Jargon buster: Email Electronic mail, a way of sending text and files from one computer to another computer via the internet.

Keep safe from viruses and malware

Malicious software, designed to damage your PC and steal your data, is growing more sophisticated.

Using the internet with an unprotected computer is like leaving your front door wide open. Lurking online on some websites and hidden within some online advertisements, games, downloaded files and emails are malicious software programs (malware) that install themselves on your computer. Programmed by criminals, malware is designed to infiltrate your PC and cause damage, steal personal information or delete files.

These are the most common types of malware:

A virus is a malicious program that infects your computer, resulting in it slowing down, losing data or becoming corrupted. Infection typically happens through downloading files from the internet, opening email attachments or sharing USB drives.

Named after the wooden horse of Troy, a Trojan is software that hides inside a seemingly innocent file or program. Once installed, the Trojan gives access to your computer to another person without your knowledge.

Worms are one of the most damaging types of malware, designed to bring your computer system to its knees.

Spyware is software that downloads to your computer without your knowledge. It can monitor your activity, collect sensitive personal information about you and even hijack your browser.

With scareware, criminals send you a message saying falsely that your computer has a virus and suggesting you fix it by installing a program (containing malware) or call a phone number to have it repaired for a fee.

Ransomware is malware that encrypts your files. Fraudsters demand money to fix them.

Tech-support phone scams

Be wary if you receive a cold call from a company claiming that you have a virus, which they then offer to remove if you allow remote access to your PC. These callers are con artists, often claiming to be connected to firms such as Microsoft. They’re simply trying to gain control of your computer to steal banking and other sensitive information or, again, will pretend to remove the non-existent virus and charge you for it.

Signs that your computer has become infected with malware may include it taking a long time to start up; working unusually slowly; frequent program or system restarts; programs behaving in odd ways, or files being corrupted and unable to be opened.

Protect your computer

The good news is that you can help to protect against viruses and malware by installing the following types of software on your computer:

Anti-virus software protects against viruses, Trojans and worms by scanning for and removing infected files.

Anti-spyware scans your computer and removes any spyware it finds.

Off the shelf

Both Windows and Mac OS have strong built-in security features but you can invest in additional software for extra peace of mind. You can buy a single package from a high-street computer store that includes both anti-virus and anti-spyware programs. A security software suite costs around £25 and most include a year’s subscription for automatic updates that keep you protected from the latest threats, and work across laptops, tablets and smartphones. Popular suites include Symantec’s Norton Security, Kaspersky Internet Security and McAfee Internet Security. All have similar features and work for Windows and Macs.

Free solutions

You can download free programs from the internet such as Avast (avast.com) and Sophos Home (sophos.com) anti-virus for Windows and Macs.

Most free programs are basic versions of paid-for products, which the manufacturer hopes you will upgrade to in the future. Free software will save money, but it’s less comprehensive than other versions. It will keep your PC safe from the most common malware threats, but paid-for anti-virus software typically comes with extra features – including identity theft protection, parental controls and flagging trusted banking websites, among others.

Windows

Windows 8 and Windows 10 have strong built-in security features, including Windows Defender, which has both anti-virus and anti-spyware protection. A two-way firewall monitors the information going back and forth to the internet, and a SmartScreen filter helps protect against phishing scams.

If you’re still using Windows 7 or Vista, you can download Microsoft’s free security suite called Microsoft Security Essentials (windows.microsoft.com). This offers decent protection from malware and has useful extras, such as email monitoring and parental controls, but for the best protection upgrade to the latest version of Windows.

Apple

Mac OS is a relatively secure operating system and more fraudsters target Windows, though OS X’s popularity means the amount of malware aimed at it is growing. Mac OS X has strong built-in security features including a firewall – but it lacks anti-virus software. However, there’s a wide selection of free and paid-for security software available for the Mac.

Did you know?

Saga tests its computer systems to industry-leading standards to guard against viruses and malware. We place personal details on encrypted databases.

Top tip

Protect yourself by deleting old emails that contain sensitive information.

Jargon buster: Web link Text or images in an email or on a website that, when clicked, load a web page.

Anti-virus and spyware protection – how it works

Security and anti-virus packages typically work in the background, scanning automatically for problems on a regular basis and alerting you when something suspicious is found.

Most programs also let you run manual scans of all, or part of, your computer system whenever you want, such as when you’ve installed new software or attached a USB pen (or flash) drive to your computer. You can usually choose either a quick scan, a full system scan, or a custom scan of specific folders.

For example, if you connect an external hard drive to your computer you can perform a custom scan to check the drive for viruses and malware.

Running a manual scan is a similar process in most anti-virus software; here are our tips on how to do it in Windows 10’s Windows Defender.

Running manual scan in Windows 10’s Defender

1. Open the Start menu and select Settings. Choose the Update & security category and select Windows Defender.

2. Click Open Windows Defender.

3. Under scan options, choose from:

Quick scan, which checks only open applications and areas that malicious software is most likely to infect.

Full scan, which checks all the files on your computer. It may take an hour or more to run.

Custom scan, which checks only files and locations that you specify.

4. Click Scan now. Windows Defender will scan the PC. Any suspicious files detected are automatically quarantined into a safe place.

5. To view quarantined items, click History, then click Quarantined items, then View Details. Review each item, and for each one click either Remove or Restore. To permanently delete all quarantined items from your computer, click Remove All.

Keep your anti-virus software up to date

As new threats emerge daily, it’s essential to keep your anti-virus software on track so that you’re fully protected. Most paid-for security programs have automatic updates, but if your software doesn’t, check for updates at least once a week. You can usually do this through your software control panel.

Windows 10 users don’t need to worry about updating Windows Defender as anti-virus definition updates are automatically installed. Use the latest versions of your operating system, web browser and other programs, such as Adobe

Reader, as well, because updates help to plug security holes and prevent malicious attacks.

Both Windows 10 and Mac OS X can install system updates automatically.

Turn on your firewall

It stops viruses getting through and guards against websites connecting to your computer without your permission. It should always be switched on.

To check whether your firewall is turned on in Windows 10

1. Right click the Start button, and select Control Panel from the pop-up menu that appears. Click System and Security and then click Windows Firewall.

2. In the left pane, click Turn Windows Firewall on or off.

3. Click Turn on Windows Firewall under each network location that you want to help protect, and then click OK.

Top tip

Security software can use a lot of system resources while a scan is in progress, which can slow down your computer. If possible, set your software to run a scan when the computer is on but not in use.

Did you know?

Saga recommends the independent testing website av-test.org for information on finding the best security systems for you.

Jargon buster: Firewall Software that acts as a gatekeeper, controlling who can access your computer from the internet.

Jargon buster: USB stands for Universal Serial Bus, a common connection standard that’s used to connect devices to a computer.

Safe online shopping

Enjoy internet shopping while staying secure with our top tips.

Shopping online is quick and simple, and you can grab some great bargains. But it’s best to shop through a reputable website, such as a high-street shop’s online store, and avoid buying from a site you don’t know, unless recommended by someone you trust who has used it before.

Always look for a website that lists its full contact details – a postal address and landline number. Be wary of shops that have just an email address or mobile number.

A good online store spells out its delivery details and returns policy. It should have a privacy statement saying how it protects your personal information and payment card details from misuse.

How to recognise a secure online shop

You should place orders only on websites that offer secure payment card transactions, so your details can’t be read by anyone else. Signs of a secure site include:

Web address Look in your browser address bar: it should begin https:// rather than the standard http://. The ‘s’ stands for ‘secure’.

Green address bar All or part of the browser address bar may turn green.

Padlock symbol Appears next to the address bar or web-browser frame. Clicking the symbol should reveal a digital certificate that confirms that the website is what it says it is.

These signs may not appear on the website until you’re ready to place your order – look for them when you click the Checkout button.

Delivery times

It can be frustrating when goods you’ve ordered online fail to turn up on time. Under the Consumer Contracts Regulations, items purchased online must be delivered within the period agreed with the seller. If this wasn’t specified, the goods must be delivered without undue delay and no later than 30 days from the day purchased, or you can refuse to accept them, get a refund or sometimes claim compensation.

The online store is responsible for the condition of the goods until you, or someone nominated by you, such as a neighbour, receives them.

Returning goods

If goods are faulty, not fit for purpose or not as described – or even if you don’t like them – you have the right to return them and get a full refund or have them replaced. When returning faulty goods, you shouldn’t have to pay return postage.

Tips for secure shopping

Make sure your firewall is switched on and you have anti-virus software installed.

Choose a hard-to-guess password when registering on a shopping site. Make it at least eight characters long. Avoid names or birth dates. Try a memorable 'passphrase', such as ‘teafortwo’, and mix letters with keyboard symbols: 'te@4Tw0'. Use a different password for each online account.

Read the small print so you know exactly what you’re buying. Check items are in stock before you buy – reputable online stores detail stock availability.

Trust your instincts. If a bargain seems too good to be true, it probably is.

Use a credit card for online shopping. If goods cost more than £100, your credit card company is equally responsible if anything goes wrong. PayPal is also secure.

Sign up for the Verified by Visa or MasterCard Secure Code service. You register a password with your card company, which you enter when buying from an online retailer who has signed up for the scheme.

When you’ve finished shopping in an online store, be sure to log out so anyone using the computer after you won’t be able to use your personal information.

Did you know?

Saga’s website lists contact details, terms and conditions and a privacy statement. We also check that all partner websites and companies are legitimate.

Jargon buster: Login A combination of username and password used to identify yourself on a website, open an email program or start a PC.

Secure home networking

Your home wireless network can be exposed to misuse unless you keep it secure.

Most people use a Wi-Fi network to connect their digital devices around the home. When connected to your broadband, it also allows your computer and other devices to use the internet. This gateway can be a weak point if you don’t take precautions against people accessing it from outside your home to piggyback your broadband connection.

To run a home Wi-Fi network and internet connection, you need a wireless router. Your broadband supplier usually provides one when you sign a service contract. This small communications box connects all your devices and gives access to the internet.

Most wireless routers have security already applied – though check the settings to ensure your home network is secure. Newer routers with the WPA2 security system offer greater protection, so consider upgrading to one.

Home network protection

Change the default password on your router. It can be easy to guess, allowing unauthorised people access to your network. Instead, access the router’s control panel following the instructions in the manual and, under Settings or Security, change the password to something stronger.

Change your router name. Open your router’s web-based control panel on your computer, then under Settings or similar, change the name from the internet service provider’s default. This means potential hackers can’t see the brand of router you’re using, making it harder to access.

Create a guest password. Some routers let you create a second guest password. This is useful when friends are over, as you can give them this password to access the internet on their smartphone, while preventing them from accessing any of your devices on the network.

Protect your PC at home

Keeping your router secure is only half the story. As well as ensuring you’ve up-to-date security software installed on your PC, there are several Mac and Windows settings you should check to keep your computer safe.

Security settings in Windows 10

Access security settings. Activate the search box, type ‘security and maintenance’ and then select Security and Maintenance from the list. This provides all the security controls for Windows 10.

Check security settings. In the Security and Maintenance window, click Security. Ensure that Network Firewall is switched on, along with Windows SmartScreen, which protects you from downloading unofficial programs.

Ensure your system keeps updated with the latest version of Windows. Click the Start menu and select Settings and then Update & Security. Then click Windows update. Click Advanced options to choose how updates are installed.

Use Windows 10’s File History to make automatic backups of your files to an external USB hard drive, so if something goes wrong, you can easily restore them. Plug in the hard drive and click the Start menu > Settings > Backup. Click Add a drive and follow the instructions to schedule regular backups for your PC.

Backups are made once an hour but click More Options to change how often they take place, and which files and folders are included in your backups.

Security settings in Mac OS

Access security settings. These are found by clicking the Apple menu, then clicking System Preferences. In the general system preferences panel that appears, click Security & Privacy. This provides the central controls for the security settings on your Mac.

Check General settings. Under Security & Privacy, click the General tab, and ensure that a password is set for the Mac. This will prevent anyone accessing your Mac without the password. Ensure that the Allow apps downloaded from: setting is set to either the Mac App Store or Mac App Store and identified developers to prevent rogue apps being installed on your computer.

Turn on the firewall. Click the Firewall tab and check it is on. You can click Firewall Options… to set permissions for specific applications to go through the firewall while preventing unauthorised applications.

Use Time Machine. Found in the System Preferences panel, Time Machine keeps a regularly scheduled backup of your Mac. If something goes wrong, you can restore your Mac from the backup. To use it, plug in a USB external hard drive with at least twice the storage size of your Mac. Then, click Select Disk to choose that disk to backup to in the Time Machine preferences panel. Click On to start regular backups to the disk.

Jargon buster: Wi-Fi A wireless networking technology used to connect computers to the internet and other devices.

Jargon buster: Router A piece of hardware that transmits data between computers. Used to connect computers and devices together and to the internet.

Browser safety tips

Use your browser’s built-in tools to surf the web with security and privacy.

Web browsers include safe web-browsing features and private surfing modes.

Always use the latest version of a browser that your operating system will support. Your browser will alert you when a new version is available – updating is free. Most browsers let you fine-tune your security settings such as browser history, cookies and AutoComplete.

Browser history and cookies

Your web browser stores a list of the websites you’ve visited, while a cookie is a small file used by websites to identify you, so next time you visit, the site knows who you are. Both can leave your personal information vulnerable.

Delete your web-browsing history if you use a public computer, for example, at a library.

In Windows 10’s browser, Microsoft Edge, for example, click the Hub icon (it looks like three horizontal lines) on the toolbar. In the sidebar that opens, click the History icon (it looks like a clock), then Clear all history. Tick or untick Browsing history, Cookies and saved website data, and Cached data and files, depending on which you want to delete. Click Clear.

Switch off AutoComplete

AutoComplete remembers the passwords and personal information that you enter into forms online. When asked for this information on another form, the browser automatically enters it for you.

Use of AutoComplete on public or shared computers allows others to gather your personal information. To turn off AutoComplete in Microsoft Edge, click the More actions button, Settings, then View advanced settings. Turn Save form entries to Off.

Turn off password saving

Most browsers save your website passwords and usernames, automatically filling them in when you next visit the site. Never store this information on a shared or public computer as it gives complete access to your accounts. To turn this off in Microsoft Edge, go to View advanced settings and turn Offer to save passwords to Off.

Block pop-ups

Some websites use pop-ups – windows that open when you visit a web page. Some may contain malware or phishing scams, so it’s best to block them. In Edge, go to View advanced settings and turn Block pop-ups to On.

Jargon buster: Browser A program that lets you view and navigate web pages.

Did you know?

The Saga website’s cookies are encrypted and don’t hold sensitive information.

Social networking

Social networks are great for staying in touch, but you must take steps to protect your personal information.

Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks let you connect and share with others. Most sites let you create a profile about yourself, your interests, hobbies, likes and dislikes. You can then send public and private messages to others, share photos and videos, play games and join like-minded groups, among other things.

Social networking sites have, however, become a magnet for those looking to harvest personal information or scam people. It’s easy to disclose valuable details on a social networking site, so stay safe by taking a few sensible precautions.

How to protect yourself

Set up a separate web-based email account to register with the social-networking account. That way, if you want to stop using the site, you can simply delete the webmail account, without affecting your main email program.

Use a strong password for your account that is different from the passwords you use for other websites.

Choose a username that doesn’t fully identify you. For example, don’t use a combination of your full name and your birth year.

Learn about and use the privacy and security settings in your chosen social-networking sites. Don’t rely on the default settings.

Think about who can view your profile. Use the website’s privacy settings to control who can see your personal information.

Don’t post personal details, such as your phone numbers, home address, full name or even date of birth. Avoid giving details about forthcoming holidays or times when your home might be empty.

Be wary of strangers who want to know all your personal details straight away.

Be cautious about clicking on links in messages, tweets, posts and online advertising. These requests may be links to viruses or other forms of malicious content.

Quizzes, polls and games are often a fun part of some social-networking websites, but by signing up to these you may be giving the companies that create these games permission to access your profile. Use the privacy settings of your social-networking website to avoid this.

Jargon buster: Webmail An online email account that’s accessed through a web browser.

Security checklists

Keeping your PC, files and even your identity safe isn’t a chore. Use our checklists to ensure you’ve got the security basics covered.

Top computer security actions

Install security software. Make sure it is set to update automatically and perform regular scans of your computer to stay safe. Set your PC to download automatic software updates for the operating system and software you use to patch any security problems that can arise.

Turn on a firewall. Found in your computer’s security settings, ensure this is switched on to stop unauthorised access via the internet.

Create a backup. Plug in a USB drive, backup your computer, then store the drive somewhere safe to protect your files.

Top online actions

Stick to reputable websites Most malware and problems arise from using unknown websites. Use only well-known sites and those that are recommended by people you trust.

Never give account details to email requests. Emails claiming to be from your bank, or offering a prize, that request personal information are scams. Delete them.

Use strong passwords. Never use your name, date of birth or easy-to-guess passwords on websites.

Top social media actions

Check your privacy settings. Ensure only friends can see your account, rather than friends of friends, to limit access to your information.

Check what you post. Don’t publicly share personal information such as date of birth, address, phone number or email.

Be wary of strangers. Criminals can pose as new social-media ‘friends’.

Top home networking actions

Change the password on your router. Avoid keeping the default password as it can be guessed.

Rename your router. Change it from the default brand name to something different to stop hackers identifying the router type you’re using.

Create a guest password. Allow friends access to your internet connection without gaining access to your devices.

The opinions expressed are those of the author and are not held by Saga unless specifically stated.

The material is for general information only and does not constitute investment, tax, legal, medical or other form of advice. You should not rely on this information to make (or refrain from making) any decisions. Always obtain independent, professional advice for your own particular situation.