How to stay safe online

Article contents


It’s easy to assume that you’ll never fall victim to an online scam, but cybercrime is becoming more and more common each year. 

It’s important that you know what the threats are, how to avoid them and what to do if you are scammed. 

Follow our internet safety tips to protect yourself online. 

How common are online scams?

Online scams are very common around the world, including in the UK. 

According to an Ofcom study, nearly half of UK participants (46%) said they had been drawn in by an online scam. 

The same study found that 87% of UK participants had seen content online that they suspected to be a scam or fraud. 

Ofcom found that the following scams were most common:

  • impersonation fraud
  • counterfeit goods scams
  • investment and pension scams
  • “get rich quick” scams
  • computer software service scams
  • ransomware scams

Most online scams target either money, data, or both. The scams above can be carried out using different methods, so it’s worth knowing what they look like.

How are online scams carried out?

There are some common scam methods to look out for so you can protect yourself.


Phishing is one of the most popular online scam methods in the world. A typical phishing scam involves impersonating a trusted person or company to trick a victim into giving up sensitive information. 

Phishing scams can be carried out via email, text, social media DM, and even over the phone. 

A phishing scammer may be looking for something as simple as a social media password, but could also be looking to gather lots of personal information for a more serious crime like identity theft. 

A typical phishing scam follows the steps below:

  1. The scammer sends an email to a potential victim. In the email, they pretend to be a trusted person, such as a social media staff member, bank employee, or similar.
  2. In this instance, the attacker sends a phony Instagram email stating the victim needs to log into an account to check a suspicious sign-in from an unregistered device. This adds a sense of urgency, prompting the victim to read further.
  3. The email continues to a link that seems to lead to the Instagram login page. In the email, the victim is prompted to click on the link and log in to view the previous suspicious login. 
  4. The victim thinks the email is real and trustworthy, so they click on the link. They end up on a page that seems to be the account login page. The victim enters their login credentials and signs in. 
  5. The URL provided by the scammer leads to a malicious webpage that is designed to record everything the victim types. When they type in their account username and password (believing they’re using the real login page), the scammer records it, and can now log into the victim’s account. 

Scammers can use phishing to steal further sensitive data, make transactions, find more victims, and so on. 

Fake and malicious websites

No matter how legitimate or trustworthy a website looks, there’s always a chance that it may not be.

Malicious websites are used to steal data and spread malware or viruses, and are often designed to look identical to official webpages. 

By simply opening or interacting with a malicious website, you could be in danger. 

For instance, the website may be fitted with a keylogger, which can record anything you type on your keyboard (either while on the website or all the time depending on the type of keylogger).

On the other hand, the website may be designed to load malware onto your device, sometimes without you even realising it. 

Malware and viruses 

Malware and viruses can do a lot of damage on our computers, tablets and phones.

Both kinds of software are dangerous but viruses can self-replicate and infect other devices on their own, while malware can’t.

Your device can be infected with malware or viruses in many ways, including:

  • opening a malicious link or attachment
  • inserting an infected USB drive
  • malicious downloads (apps, videos, etc.)
  • interacting with a malicious advert
  • file torrenting

How to avoid online scams 

While online scams are very common, there are things you can do to lower the chance of falling victim to them. 

Run checks before clicking

Before clicking on any links or attachments, run a few checks before:

  • enter the link URL into a link checker to see if it’s flagged as suspicious or dangerous
  • use your antivirus’s attachment checker if it comes with this feature 
  • use your browser to search for the name of the website you’re looking for instead of using a link someone gave you
  • check to see if a sender’s email looks suspicious and oddly formatted (e.g. instead of
  • run a browser search to find the support email of the company the email claims to be from to see if the two match

Block suspicious emails and use spam filters

If you think an email looks suspicious and it doesn’t match the official support email of the company it claims to be from, you should block the address immediately. 

Your email provider often enables spam filters by default. These filters detect emails that are likely spam and move them to a dedicated spam inbox.

But if you don’t have a spam inbox active, head into your security and privacy settings and enable your spam features there. 

Other tips

Along with the tips above, you should also consider:

  • regularly updating your antivirus software
  • never leaving your devices unlocked in public 
  • avoiding public Wi-Fi networks 
  • only using trusted USB drives

Keeping your children safe online

If your children spend time online, they can easily fall victim to scams. To keep them safe from cybercriminals, you should:

  • have a chat about the risks of being online 
  • set some rules about what they should and shouldn’t be doing online
  • have regular check-ins to make sure they’re not using anything dangerous or inappropriate online
  • enable parental controls on your operating system and browsers
  • check their devices now and then to make sure they’re not visiting any dangerous websites

What to do if you think you’ve been scammed 

If you think you’ve fallen victim to an online scam, you should:

  • freeze your card immediately and notify your card provider about what’s happened if you’ve given over your card details
  • change your username and password and sign out of all devices, if you’ve given login details and still have account access
  • contact the support team of the platform being used (Instagram, Lloyds Bank, Facebook, etc) if you’ve given login details and no longer have access to your account
  • delete any files that are automatically downloaded onto your device, exit the website and run a scan with your antivirus software

Admiral’s Cyber and Identity Theft Helpline

If you have Platinum Home Insurance with us or have Family Legal Protection added to your policy, you have access to our Cyber and Identity Theft Helpline.

This helpline can be used to get support and advice from experienced fraud and cyber specialists if you’ve fallen victim to things like:

  • identity theft
  • fraudulent fund transfer 
  • cyber extortion
  • financial loss
  • breach of personal information
  • cyber bullying

The helpline can help you with a range of things, including:

  • documenting evidence and filling reports
  • notifying authorities and liaising with banks and financial service providers
  • securing accounts and helping with password changes
  • giving advice on protection
  • working out if data back-ups are available

To see if you have access to it, check your cover in MyAccount