Back to Cosyfeet Blog
Staying safe online: A helpful guide to spotting scams and stopping spam
Back to Cosyfeet Blog
15 February 2023

Staying safe online: A helpful guide to spotting scams and stopping spam

Even the savviest of tech users can sometimes fall victim to online scams. Discover how you can stay safe online with help from our comprehensive guide.

Laptop on desk

The internet is one of the world’s most valuable tools. Since the release of the World Wide Web to the general public in 1991, it has changed the way that we consume information, shop and communicate with family and friends. With just a click of a button, we can now find a wealth of resources at our fingertips and a variety of different websites ready to use at our disposal.

Despite internet use becoming a daily occurrence for most people, technological advances have meant that even the most tech-savvy amongst us are at risk. It can sometimes be difficult to differentiate between what is legitimate or not, so it is best to stay vigilant whilst online. Whether you consider yourself to be a seasoned tech professional or are relatively new to spending time browsing the web, we’ve put together a guide to help you stay safe when using the internet.

Social media
Email spam and scams
Other scams

Infographic for staying safe online

Social media

Apps on a smart phone

There is no denying that social media is one of the most popular areas of the internet. Once commonly associated with teenagers, the ability to connect with family and rekindle friendships is an attractive feature to people of all ages.

With a plethora of different sites readily available for you to sign up to, it may seem tempting to create profiles on each. However, it is best to keep your online footprint as small as possible in order to stay safe when using social media and prevent disclosing your personal information to an audience of strangers.

Your password

Security button online

As with anything, your password is personal so should be kept a secret. It is recommended that you update your passwords as frequently as every three months so that you can ensure that your details remain secure. However, if you feel as though your account may have been compromised, you should immediately change your login information. Of course, it can be tempting to write your passwords down, whether on the notes section of your phone or a notebook, but this increases the likelihood of it slipping into the wrong hands.

Ideally, you should use a different password for each site that you have an account on. This way, if the website is hacked or if someone becomes aware of your password, recovering your account and changing the password can be done quickly and efficiently. The ideal password should be a combination of letters, numbers and special characters, with a variety of uppercase and lowercase letters being used. Although these can be typically harder to remember, it makes your account more secure.

A password manager can help you to remember your login credentials for each site. These are encrypted, meaning that hackers will not be able to decipher your passwords.

Your personal details

Smart phone in hand

When signing up to a social networking site such as Facebook or Twitter, it will ask you a variety of questions. These questions can range from your name to your date of birth and can also give you the option to disclose your location. This information should be shared sparingly and only if you have the highest security options turned on for your profile.

Oversharing personal information can make you a target for hackers and scam artists, making it easier to impersonate you online or even steal your identity, so be mindful of what you choose to disclose. Although your place of education might help others to find your profile, you’ll need to consider whether it’s an essential piece of information you wish for others to know.

There are various privacy settings across social media that will help you to keep your information more secure. Approving friend requests means that only those you have chosen to accept will be able to browse your profile, which can help to give you peace of mind. Similar functions are available on Twitter and Instagram also and are worthwhile if you’re planning on sharing personal pictures.

Anyone on Facebook can view your name, profile picture, cover photo, gender, username and user ID. However, you can control who can view the rest of the information that you've shared.
To adjust your privacy settings, you must:

  • Click at the top right of Facebook and select Settings.
  • Click Profile Settings then Privacy.

On Twitter, the privacy settings are simple, with two options available: public and private.
To adjust your privacy settings, you must:

  • Go to Settings and Support, Settings and Privacy, click Privacy and Safety.
  • Click Audience and Tagging.
  • Toggle Protect your Tweets.

Much like Twitter, there are two different privacy settings which either make your profile public or private.
To adjust your privacy settings, you must:

  • Go to your profile, then tap the three lines.
  • Then click on Settings.
  • Click Privacy.
  • Toggle Private Account on.

Friend requests and posting

Close up of social media apps on smart phone

Joining a social network is redundant if you don’t connect with your friends. The social aspect relies on you creating friendships with people you know in real life, such as friends, family members or colleagues. However, you can sometimes receive requests from people who you do not know.

On Twitter and Instagram, anyone can follow you if your profile is public. This means that they will be updated every time you post a photo or send a tweet. This opens your account up to being followed by strangers who can then view and comment on your posts freely. If you are considering joining Twitter or Instagram, switching your account to private is the best way to avoid these unwanted followers. You will then receive a notification with each requested follower, allowing you to detect whether or not you know them.

On Facebook, providing that you have your security feature switched on, people cannot view your profile or comment on your posts without being accepted as a friend. Sending a friend request is simple. A button placed on your profile allows people to send a request. Once sent, you will be notified via a pop-up which will send you a link to their page. From there, you can take a look at their account to ensure that you know the person before accepting.

It is important that you only accept requests from people who you know, especially on Facebook, where you can have a large selection of information about you.

Social media scams

Typically, on Facebook, you will see a variety of different posts. These can range from personal pictures to videos and news posts. With your newsfeed a hub for all forms of media, you need to stay alert as to what you’re clicking on. Links can very easily be disguised as something else. With one click, a nasty virus can be installed on your device. The best way to avoid this is to scan all links before clicking, check who shared them and, if it seems out of the ordinary, just ignore it. If it’s a news article that interests you, it’s better to search for it in Google than to put your computer at risk.

Unfortunately, social networking accounts can become infected with malware. Once installed, this will message the victim’s friends list, typically with a message that entices their friend to click on a link. Once clicked, you will be told to enter your login details, allowing hackers to gain access to your account too. Although this is more common on Facebook, similar messages have been seen across Twitter.

Click on these links at your own discretion but be cautious. Check your browser’s URL bar to see if you have been navigated away from the social networking site. If you have, simply close the window and change your password for an added level of security.

Email spam and scams

Typing an email on a laptop

An email address is pivotal if you plan to create an online presence. Whether you’re looking to join social networking sites, make purchases or even communicate with friends and family via email, having your own address is essential. Bear in mind that they can sometimes fall into the wrong hands, putting you at risk of receiving spam and scams.

When using the internet, most websites that you visit will be secure. This is indicated by a padlock which you can find at the top of the browser window, next to the URL of the site you’re on. This padlock indicates that there is an SSL Certificate running which, according to Global Sign, is a “small data file that digitally binds a cryptographic key to an organisation’s details”. In short, when this SSL Certificate is running, your connection on the website is private and secure. The aim of this is to keep your data protected and out of the hands of hackers. However, security breaches do still happen and can cause your email address to leak.

When your email address is leaked, it opens you up to spam. Cleverly programmed bots crawl the internet looking for email addresses which are then compiled into lists and sold to scammers. Additionally, they can also detect when you have publicly shared your email address, perhaps on social media or on a blogging platform. Spam emails are extremely common and, if you know what to look out for, are nothing to worry about. However, with so many different varieties circulating, it can sometimes be difficult to remain vigilant, especially if the sent address appears to be legitimate.

Most email providers will come equipped with an in-built filter that detects spam, sending these emails to the junk folder of your inbox. This filter will look for anything suspicious, such as the address or an attachment. Despite this, some will still slip into your inbox from time-to-time. From advance-fee fraud and blackmail to dating and marriage scams, we’ve broken down each type of scam to keep you clued-up.

Advance-fee fraud

Man on laptop

Advance-fee fraud, otherwise known as 419 fraud, is one of the most common forms of email scams around yet can also be the most detrimental to you.

The aim of an advance-fee fraud email is to trick you into disclosing your personal details or sending money. Over time, the people behind these scams will build a relationship with you in order to appear trustworthy and trick you into sharing more. These scammers employ confidence tactics to cause you to believe they are sincere, forming emotional bonds with you. One of the ways in which this has evolved over time is that many 419 scams now originate on dating sites, with your method of communication quickly swapping to email.

As mentioned, a 419 scam or advance-fee fraud is increasingly starting on dating sites. Whilst an out-of-the-blue email requesting money from you is likely to be ignored, a possible romantic connection that has started on a seemingly trustworthy website can be seen as more reliable. A dating site also gives these people an opportunity to hide behind someone’s face, so when it comes to asking for money, the victims are more likely to share it.

This scam comes in two varieties: identity theft or money extortion. The former will see you gradually share more details about your life such as your name, date of birth and address. As they begin to ask questions about you, sometimes disguising it as a relationship, they can build a profile of your information. Over time, this scam can even evolve into the victims sharing their passport and driving licence details, believing that they will receive something back.

The latter is purely money-driven. Upon building a relationship with you, they will begin to disclose their misfortune – perhaps an ill family member with high medical bills or sudden homelessness. These 419 scams will use tactics to play with your emotions, tricking you into thinking that you’re helping. Victims of advance-fee fraud sometimes never reclaim their money back, so it is vital that you know exactly who you are sending money to and confirm using another method of communication beforehand.

What to do if you think you’re a victim of advance-fee fraud
Prevention is better than cure, so it is best to try and avoid a situation like this altogether. When using dating websites, request that any means of communication takes place through the website, as they will be able to track your conversations. If somebody seems too good to be true, be wary of this person. A simple image search on Google will allow you to see if they are using another person’s identity. Simply save an image and enter it into Google image search.

On receipt of an email, such as one telling you that you’ve won money, have landed a dream job or from a clairvoyant offering their services but require payment upfront, simply delete. As with dating websites, if an email seems to be too good to be true, ignoring it is the best thing to do. Unsure? Take a look at the spelling and grammar. Additionally, it may also be poorly written, with no natural flow to the email.

If you have responded, it is likely that you’ll receive similar emails from other scammers. Cease any further contact and delete these. The Action Fraud website allows you to report if you’ve been a victim of fraud by simply filling out their online form. Typically, advance-fee fraud uses a wire transfer service when sending money as this is hard to track. Services such as Western Union, MoneyGram or PayPoint are amongst the most popular. Each of these websites will have their own policy for fraud, so it is best to take a look at their websites for more information. However, if you have used your bank, get in contact with them for more assistance.


Hands typing on laptop

Phishing is one of the most common email scams around, with victims coming from all different backgrounds. The aim of these emails is to gather sensitive information such as your bank account details and passwords. This is sometimes done through spoofing, where the scammer disguises the source of the email sender in order to appear legitimate. If an email address has been spoofed, it can sometimes be difficult to know if the email is real or not. A quick glance at the sender may reveal someone you know; however, if they are requesting something unusual, such as a large payment of money, some care should be taken when replying.

Although opening a spoofed email will not download anything malicious to your device, you should give some thought before clicking any attached links. There are a few quick ways to identify a spoofed email. Firstly, take a look at the email address as well as the sender. If the email address contains random numbers or isn’t one you recognise, simply delete the email. Still wary? Take a look at the email’s header. This will include information on where the email was sent from. The location of this information varies from server to server, so a quick Google search will help you to find where it is in your own inbox. However, what you need to look for are the ‘mailed by’ and ‘signed by’ fields. These fields should match up to the email address. If you’ve received an unexpected email from PayPal, both the mailed-by, signed by and email address fields should verify this.

One of the reasons so many people fall for phishing emails is because they are incredibly convincing.

By posing as a reputable source, such as Netflix, your bank or a Government website, phishers are masquerading as businesses that you may regularly receive emails from, using a confidence tactic to encourage you to click the links that they’ve sent.

What to do if you think you’re a victim of phishing
First, disconnect from the internet immediately. This will stop any downloads from happening and will stop access. This can also stop the malware from spreading to other devices connected to the network, so the sooner you can complete this step, the better. Meta Compliance then recommends backing up your files as malware can destroy these.

If you have entered information on a website, change your passwords as soon as possible. This will prevent any access to your accounts. Be thorough with this step, with your social media, email and banking information the most important to protect. This should be done from a separate device, such as a phone running on mobile data. Next, check for any viruses or malware on your computer. A good anti-virus system can do this or contact a professional to help you if you’re unsure. Action Fraud has a form that you can use to report this, so this step should also be completed.

Other scams

Malware scam code

Unfortunately, websites are replete with scams. From e-card emails that download vicious malware to applying for a loan online, only to realise that it isn’t from a reputable source. To help you stay attentive whilst browsing the web, we’ve put together a list of things to look out for:

Loan scams

Unexpected bills can often leave you wondering how you’re going to pay, with many people opting in favour of a quick payday loan to help settle the balance. It is widely known that these are best avoided due to high interest rates. However, what if you stumble upon an online loan with low fees, ready to help you in your time of need? When it comes to money, it is best to err on the side of caution. Sticking to reputable retailers and being able to speak to someone in a branch, face to face, can offer you peace of mind, especially when handling large sums. Online loan scams can promise exactly what you’re looking for but, similar to advance-fee fraud, can require an upfront payment. No legitimate loan company would require this; in fact, it’s just a way for these scammers to gather your card details either for identity theft or to gain access to your account.

Dating scams

When looking for love, the last thing that you imagine happening is your identity being stolen, but it happens to lots of people every year. As mentioned, the most common method of this happening is advance-fee fraud, so be cautious when talking to a stranger. Never send money to a person you haven’t met in person and withhold personal details until after your first meeting. Keeping communication solely to the dating website of your choice can offer you a separate level of protection so if they’re keen to switch to emails early on, think about why.

Dating scammers can sometimes use blackmail as a tactic to extort money from you, so be careful with what you are sending. When sending compromising material, think about who you’re sending it to first, as it may end up in the wrong hands.


If you use the internet frequently, you may have a pop-up blocker installed; however, it doesn’t always stop a few slipping through the filter. Anti-virus pop-up scams convince the victim that their computer has been infiltrated with malware and viruses, but the sophisticated pop-up has detected these. How fortunate! If one of these appears on your desktop, do not click anywhere in the window, as even the little red cross in the corner can have a secret script installed, allowing any viruses to be downloaded.

Fake shopping websites

With the rise of advertising on social media, more people are being scammed by fake websites. These sites are cleverly designed to replicate major retailers, offering the same products, such as extra wide women’s shoes, at a lower price. As these sites can buy adverts on Google, those in search of a bargain are often quick to purchase their desired item at a lower price. Upon paying for your items, you may never receive your product or, instead, see a fake delivered to your doorstep. Despite these retailers looking genuine, there are a number of different ways you can check its legitimacy.

When shopping online, always use a credit or debit card or the site’s official payment platform to make a purchase. You will be protected if it turns out to be a scam. On social media, keep profiles set to private and adjust your privacy settings. It’s great to share but keep in mind who exactly you might be sharing with if you have your profiles set to public.

First, take a look at the URL. This is the biggest indicator that you’ve stumbled upon a counterfeit website. The URL of major retailers will normally start with https or have a padlock before them, so take a look for one of these. Next, look at the description of items. Spelling errors across the site are a good giveaway that something isn’t as it seems. Lastly, how do they request payment? Larger businesses will use payment portals such as PayPal, as this offers you a level of protection, so you should favour a secure payment system.

Be sure to stay safe online, we hope our comprehensive guide has helped.