Back to Cosyfeet Blog
Back to Cosyfeet Blog
3 May 2019

Staying safe online: A guide to spotting scams and stopping spam

Even the savviest of tech users can sometimes fall victim to online scams. Discover how you can stay safe online with help from our comprehensive guide.

Laptop on desk

The internet is one of the world’s most valuable tools. Since the release of the World Wide Web to the general public in 1991, it has changed the way that we consume information, shop and communicate with family and friends. With just a click of a button, we can now find a wealth of resources at our fingertips and a variety of different websites ready to use at our disposal.

In 2018, a report from the Office of National Statistics found that 89% of people in the UK used the internet at least once a week, an increase of 38% since 2006. However, despite internet use becoming a daily occurrence for most users, more and more people are falling victim to scams.

Technological advances have meant that even the most tech-savvy amongst us are putting ourselves at risk. According to The Sunday Post: “5.6 million people are victims of online scams each year in Britain”, with 12% of internet users having their emails hacked. Carefully disguised phishing emails trick people into thinking that they are from a reputable source, while those looking to watch the latest films can find their devices riddled with trojans and viruses.

Sue from Sizzling Towards 60 & Beyond shared this insightful tip with us: “Being informed and learning how to be tech-savvy should be a priority. It is our responsibility to understand the tools we are using. We can’t use ‘not knowing’ as an excuse.  There are plenty of classes for basic computer skills for retirees so make it your business to attend if you aren’t sure what you are doing.”

“Don’t get caught out. ‘If it’s too good to be true’ then it is probably a scam. Some are obvious like the emails advising that you have won a huge lottery prize or asking you to ‘hold some money’ for someone. Others aren’t so obvious. For example, you may receive an email from a well-known corporation or bank. Checking the email address of the sender can give you a clue that it is a false email.”

It can sometimes be difficult to differentiate between what is legitimate or not, so it is best to stay vigilant whilst online. Whether you consider yourself to be a seasoned tech professional or are relatively new to spending time browsing the web, we’ve put together a guide to help you stay safe when using the internet.

Social media
Email spam and scams
Other scams

Infographic for staying safe online

Social media

Apps on a smart phone

There is no denying that social media is one of the most popular areas of the internet. Once commonly associated with teenagers, the ability to connect with family and rekindle friendships is an attractive feature to people of all ages. Since its conception, over one billion people have signed up for a Facebook account. With a plethora of different sites readily available for you to sign up to, it may seem tempting to create profiles on each. However, it is best to keep your online footprint as small as possible in order to stay safe when using social media and prevent disclosing your personal information to an audience of strangers.

Your password

Security button online

As with anything, your password is personal so should be kept a secret. It is recommended that you update your passwords as frequently as every three months so that you can ensure that your details remain secure. However, if you feel as though your account may have been compromised, you should immediately change your login information. Of course, it can be tempting to write your passwords down, whether on the notes section of your phone or a notebook, but this increases the likelihood of it slipping into the wrong hands.

Ideally, you should use a different password for each site that you have an account on. This way, if the website is hacked or if someone becomes aware of your password, recovering your account and changing the password can be done quickly and efficiently. The ideal password should be a combination of letters, numbers and special characters, with a variety of uppercase and lowercase letters being used. Although these can be typically harder to remember, it makes your account more secure.

Sue from Sizzling Towards 60 adds: “The internet is a wonderful way to communicate, provide information, pay bills and even bank. However, many people don’t realise that it is so easy to have your account hacked and your information stolen. Strong passwords help so avoiding using personal data such as birthdates or obvious words is a must.”

A password manager can help you to remember your login credentials for each site. These are encrypted, meaning that hackers will not be able to decipher your passwords. This is especially helpful if a virus or trojan has been downloaded to your device. These can sometimes install trackers which keep note of your keyboard strokes, exposing your password. However, using a password manager prevents this from happening. Andrew from Stitch, a community that helps anyone over 50 find the companionship they need, believes that these are incredibly important. We spoke to him on the importance of passwords:

“We always advise people to make sure they use a different secure password for each site they use. There are a bunch of tools that let people manage their passwords, so they don't have to remember them, such as 1Password or Keypass.

“Websites get hacked every day, so if any site you're using ends up getting exposed, a hacker can potentially use your email address and password to sign in to any system you use. This isn't just theoretical, by the way: I know of a number of Stitch members who had their Gmail accounts hacked because they were using a single password for all their sites. We also strongly advise people to use two-step verification (otherwise known as ‘two-factor authentication’) for their important accounts such as Gmail. This prevents any hackers from signing in to your account using just your password. This simple step makes your account a thousand times more secure.”

Your personal details

Smart phone in hand

When signing up to a social networking site such as Facebook or Twitter, it will ask you a variety of questions. These questions can range from your name to your date of birth and can also give you the option to disclose your location. This information should be shared sparingly and only if you have the highest security options turned on for your profile.

Oversharing personal information can make you a target for hackers and scam artists, making it easier to impersonate you online or even steal your identity. According to The Register, 174,523 incidents of identity theft took place last year, equating to £1.3 billion in losses. On Facebook, it isn’t a requirement to fill out each field asking for personal information, so be mindful of what you choose to disclose. Although your place of education might help others to find your profile, you’ll need to consider whether it’s an essential piece of information you wish for others to know.

There are various privacy settings across social media that will help you to keep your information more secure. Approving friend requests means that only those you have chosen to accept will be able to browse your profile, which can help to give you peace of mind. Similar functions are available on Twitter and Instagram also and are worthwhile if you’re planning on sharing personal pictures.

Anyone on Facebook can view your name, profile picture, cover photo, gender, username and user ID. However, you can control who can view the rest of the information that you've shared.
To adjust your privacy settings, you must:

  • Click at the top right of Facebook and select Settings.
  • Click Privacy on the left column.

On Twitter, the privacy settings are simple, with two options available: public and private.
To adjust your privacy settings, you must:

  • Go to your Privacy and safety Settings.
  • In the tweet Privacy section, check the box next to Protect My Tweets.
  • Click save. You will then be prompted to input your password.

Much like Twitter, there are two different privacy settings which either make your profile public or private.
To adjust your privacy settings, you must:

  • Go to your profile, then tap the three lines.
  • Then click on Settings.
  • Tap Privacy and Security.
  • Click on account Privacy, then toggle Private Account on.

Friend requests and posting

Close up of social media apps on smart phone

Joining a social network is redundant if you don’t connect with your friends. The social aspect relies on you creating friendships with people you know in real life, such as friends, family members or colleagues. However, you can sometimes receive requests from people who you do not know.

On Twitter and Instagram, anyone can follow you if your profile is public. This means that they will be updated every time you post a photo or send a tweet. When your profile is public, anybody can follow you without your approval. This opens your account up to being followed by strangers who can then view and comment on your posts freely. If you are considering joining Twitter or Instagram, switching your account to private is the best way to avoid these unwanted followers. You will then receive a notification with each requested follower, allowing you to detect whether or not you know them.

On Facebook, providing that you have your security feature switched on, people cannot view your profile or comment on your posts without being accepted as a friend. Sending a friend request is simple. A button placed on your profile allows people to send a request. Once sent, you will be notified via a pop-up which will send you a link to their page. From there, you can take a look at their account to ensure that you know the person before accepting.

It is important that you only accept requests from people who you know, especially on Facebook, where you can have a large selection of information about you. This is something that Teresa from NanaHood also advises. “Don’t chat with or accept friend requests from people you don’t know. There are fraudsters who will pretend to be your friend just to get information or money, or both, from you. Hackers can gain your personal pictures to steal your identity, putting you at risk. However, in addition to identity theft, unknown Facebook users can put you in harm’s way.”

Social media scams

Typically, on Facebook, you will see a variety of different posts. These can range from personal pictures to videos and news posts. With your newsfeed a hub for all forms of media, you need to stay alert as to what you’re clicking on. Links can very easily be disguised as something else. With one click, a nasty virus can be installed on your device. The best way to avoid this is to scan all links before clicking, check who shared them and, if it seems out of the ordinary, just ignore it. If it’s a news article that interests you, it’s better to search for it in Google than to put your computer at risk.

Unfortunately, social networking accounts can become infected with malware. Once installed, this will message the victim’s friends list, typically with a message that entices their friend to click on a link. Once clicked, you will be told to enter your login details, allowing hackers to gain access to your account too. Although this is more common on Facebook, similar messages have been seen across Twitter.

Click on these links at your own discretion but be cautious. Check your browser’s URL bar to see if you have been navigated away from the social networking site. If you have, simply close the window and change your password for an added level of security.

Email spam and scams

Typing an email on a laptop

An email address is pivotal if you plan to create an online presence. Whether you’re looking to join social networking sites, make purchases or even communicate with friends and family via email, having your own address is essential. Bear in mind that they can sometimes fall into the wrong hands, putting you at risk of receiving spam and scams.

When using the internet, most websites that you visit will be secure. This is indicated by a padlock which you can find at the top of the browser window, next to the URL of the site you’re on. This padlock indicates that there is an SSL Certificate running which, according to Global Sign, is a “small data file that digitally binds a cryptographic key to an organisation’s details”. In short, when this SSL Certificate is running, your connection on the website is private and secure. The aim of this is to keep your data protected and out of the hands of hackers. However, security breaches do still happen and can cause your email address to leak.

When your email address is leaked, it opens you up to spam. Cleverly programmed bots crawl the internet looking for email addresses which are then compiled into lists and sold to scammers. Additionally, they can also detect when you have publicly shared your email address, perhaps on social media or on a blogging platform. Spam emails are extremely common and, if you know what to look out for, are nothing to worry about. However, with so many different varieties circulating, it can sometimes be difficult to remain vigilant, especially if the sent address appears to be legitimate.

Most email providers will come equipped with an in-built filter that detects spam, sending these emails to the junk folder of your inbox. This filter will look for anything suspicious, such as the address or an attachment. Despite this, some will still slip into your inbox from time-to-time. From advance-fee fraud and blackmail to dating and marriage scams, we’ve broken down each type of scam to keep you clued-up.

Advance-fee fraud

Man on laptop

Advance-fee fraud, otherwise known as 419 fraud, is one of the most common forms of email scams around yet can also be the most detrimental to you. You may be wise to the Nigerian prince who is promising to share his millions with you for a small fee, however, these types of emails have begun to use smarter tactics in order to appear more trustworthy. Although the majority of these email scams are still based in Nigeria, people closer to home have been caught using similar tactics.

The aim of an advance-fee fraud email is to trick you into disclosing your personal details or sending money. Over time, the people behind these scams will build a relationship with you in order to appear trustworthy and trick you into sharing more. These scammers employ confidence tactics to cause you to believe they are sincere, forming emotional bonds with you. One of the ways in which this has evolved over time is that many 419 scams now originate on dating sites, with your method of communication quickly swapping to email.

As mentioned, a 419 scam or advance-fee fraud is increasingly starting on dating sites. Whilst an out-of-the-blue email requesting money from you is likely to be ignored, a possible romantic connection that has started on a seemingly trustworthy website can be seen as more reliable. A dating site also gives these people an opportunity to hide behind someone’s face, so when it comes to asking for money, the victims are more likely to share it.

This scam comes in two varieties: identity theft or money extortion. The former will see you gradually share more details about your life such as your name, date of birth and address. As they begin to ask questions about you, sometimes disguising it as a relationship, they can build a profile of your information. Over time, this scam can even evolve into the victims sharing their passport and driving licence details, believing that they will receive something back.

The latter is purely money-driven. Upon building a relationship with you, they will begin to disclose their misfortune – perhaps an ill family member with high medical bills or sudden homelessness. These 419 scams will use tactics to play with your emotions, tricking you into thinking that you’re helping. Victims of advance-fee fraud sometimes never reclaim their money back, so it is vital that you know exactly who you are sending money to and confirm using another method of communication beforehand.

What to do if you think you’re a victim of advance-fee fraud
Prevention is better than cure, so it is best to try and avoid a situation like this altogether. When using dating websites, request that any means of communication takes place through the website, as they will be able to track your conversations. If somebody seems too good to be true, be wary of this person. A simple image search on Google will allow you to see if they are using another person’s identity. Simply save an image and enter it into Google image search.

On receipt of an email, such as one telling you that you’ve won money, have landed a dream job or from a clairvoyant offering their services but require payment upfront, simply delete. As with dating websites, if an email seems to be too good to be true, ignoring it is the best thing to do. Unsure? Take a look at the spelling and grammar. As these are often sent from foreign countries, you may notice broken English or grammar mistakes. Additionally, it may also be poorly written, with no natural flow to the email.

If you have responded, it is likely that you’ll receive similar emails from other scammers. Cease any further contact and delete these. The Action Fraud website allows you to report if you’ve been a victim of fraud by simply filling out their online form. Typically, advance-fee fraud uses a wire transfer service when sending money as this is hard to track. Services such as Western Union, MoneyGram or PayPoint are amongst the most popular. Each of these websites will have their own policy for fraud, so it is best to take a look at their websites for more information. However, if you have used your bank, get in contact with them for more assistance.


Hands typing on laptop

Phishing is one of the most common email scams around, with victims coming from all different backgrounds. The aim of these emails is to gather sensitive information such as your bank account details and passwords. This is sometimes done through spoofing, where the scammer disguises the source of the email sender in order to appear legitimate. If an email address has been spoofed, it can sometimes be difficult to know if the email is real or not. A quick glance at the sender may reveal someone you know; however, if they are requesting something unusual, such as a large payment of money, some care should be taken when replying.

Although opening a spoofed email will not download anything malicious to your device, you should give some thought before clicking any attached links. There are a few quick ways to identify a spoofed email. Firstly, take a look at the email address as well as the sender. If the email address contains random numbers or isn’t one you recognise, simply delete the email. Still wary? Take a look at the email’s header. This will include information on where the email was sent from. The location of this information varies from server to server, so a quick Google search will help you to find where it is in your own inbox. However, what you need to look for are the ‘mailed by’ and ‘signed by’ fields. These fields should match up to the email address. If you’ve received an unexpected email from PayPal, both the mailed-by, signed by and email address fields should verify this.

One of the reasons so many people fall for phishing emails is because they are incredibly convincing. According to “Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”

By posing as a reputable source, such as Netflix, your bank or a Government website, phishers are masquerading as businesses that you may regularly receive emails from, using a confidence tactic to encourage you to click the links that they’ve sent.

What to do if you think you’re a victim of phishing
First, disconnect from the internet immediately. This will stop any downloads from happening and will stop access. This can also stop the malware from spreading to other devices connected to the network, so the sooner you can complete this step, the better. Meta Compliance then recommends backing up your files as malware can destroy these.

If you have entered information on a website, change your passwords as soon as possible. This will prevent any access to your accounts. Be thorough with this step, with your social media, email and banking information the most important to protect. This should be done from a separate device, such as a phone running on 3G. Next, check for any viruses or malware on your computer. A good anti-virus system can do this or contact a professional to help you if you’re unsure. Action Fraud has a form that you can use to report this, so this step should also be completed.

Other scams

Malware scam code

Unfortunately, websites are replete with scams. From e-card emails that download vicious malware to applying for a loan online, only to realise that it isn’t from a reputable source. To help you stay attentive whilst browsing the web, we’ve put together a list of things to look out for:

Loan scams

Unexpected bills can often leave you wondering how you’re going to pay, with many people opting in favour of a quick payday loan to help settle the balance. It is widely known that these are best avoided due to high interest rates. However, what if you stumble upon an online loan with low fees, ready to help you in your time of need? When it comes to money, it is best to err on the side of caution. Sticking to reputable retailers and being able to speak to someone in a branch, face to face, can offer you peace of mind, especially when handling large sums. Online loan scams can promise exactly what you’re looking for but, similar to advance-fee fraud, can require an upfront payment. No legitimate loan company would require this; in fact, it’s just a way for these scammers to gather your card details either for identity theft or to gain access to your account.

Dating scams

When looking for love, the last thing that you imagine happening is your identity being stolen, but it happens to lots of people every year. As mentioned, the most common method of this happening is advance-fee fraud, so be cautious when talking to a stranger. Never send money to a person you haven’t met in person and withhold personal details until after your first meeting. Keeping communication solely to the dating website of your choice can offer you a separate level of protection so if they’re keen to switch to emails early on, think about why.

Dating scammers can sometimes use blackmail as a tactic to extort money from you, so be careful with what you are sending. When sending compromising material, think about who you’re sending it to first, as it may end up in the wrong hands.


If you use the internet frequently, you may have a pop-up blocker installed; however, it doesn’t always stop a few slipping through the filter. Anti-virus pop-up scams convince the victim that their computer has been infiltrated with malware and viruses, but the sophisticated pop-up has detected these. How fortunate! If one of these appears on your desktop, do not click anywhere in the window, as even the little red cross in the corner can have a secret script installed, allowing any viruses to be downloaded. The best way to close these is to go directly to your Task Manager and shut it down. This is the only way that you can be completely certain nothing untoward has been downloaded.

Fake shopping websites

With the rise of advertising on social media, more people are being scammed by fake websites. These sites are cleverly designed to replicate major retailers, offering the same products, such as women’s comfort shoes, at a lower price. As these sites can buy adverts on Google, those in search of a bargain are often quick to purchase their desired item at a lower price. Upon paying for your items, you may never receive your product or, instead, see a fake delivered to your doorstep. Despite these retailers looking genuine, there are a number of different ways you can check its legitimacy.

“Don’t be afraid to be online, but just a few small changes in your online behaviour can go a long way to keeping you safe”, says Sarah from GetSafeOnline. “Use your common sense and don’t get rushed into making rash decisions, take your time. Also, ask yourself if something is too good to be true, why is it? A tactic often used by criminals will entice you with cheap offers or discounts and then force you to rush into purchasing it, so you don’t take time to think it all through.”

When shopping online, always use a credit or debit card or the site’s official payment platform to make a purchase. You will be protected if it turns out to be a scam. On social media, keep profiles set to private and adjust your privacy settings. It’s great to share but keep in mind who exactly you might be sharing with if you have your profiles set to public.”

First, take a look at the URL. This is the biggest indicator that you’ve stumbled upon a counterfeit website. The URL of major retailers will normally start with https or have a padlock before them, so take a look for one of these. Next, look at the description of items. Spelling errors across the site are a good giveaway that something isn’t as it seems. Lastly, how do they request payment? Larger businesses will use payment portals such as PayPal, as this offers you a level of protection, so you should favour a secure payment system.