Protect your email and online accounts by using a strong password

Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft. The same applies to accounts that you may create online (for example, shopping, banking). Many passwords are easy for fraudsters to guess or discover (for example, your date of birth, your mother's maiden name).

• Use a strong password: one technique is to choose three random words to create a password that's difficult to crack
• Don't use the same password for multiple accounts
• Never save your passwords on your computer: if it is hacked, they can be found
• Use a password manager, a technology tool that helps internet users create, save, manage and use passwords across different online accounts and services

Install the latest software and app updates

Software developers and those creating apps for mobile phones constantly improve the security of their software by releasing updates on a regular basis. These contain vital security updates to help protect your computer and other devices from cyber criminals.

• Install the latest updates when they are released
• You can often configure your computer or device/phone to do this automatically

Turn on 2-step verification (2SV)

Also called 2-factor authentication, 2-step verification is recommended to help protect your online accounts.

2-step verification means that when you go to log in to an online account, you don't just enter a password: you validate your login with a second security activity.

When you set up 2-step verification, this usually means you’ll be sent a PIN or code, often by SMS (text message) or email, after you have entered your password. You then need to enter this PIN on your computer or device to prove that it's really you.

More information about 2-step verification.

Regularly back-up your data

Safeguard your most important data, such as your photos, key documents, and financial contracts and records, by backing them up to an external hard drive or a cloud-based storage system. You should do this regularly (ideally after every time you update or change those files).

More information about backing-up your data

Tighten privacy settings on your social media accounts

Social media accounts can hold a surprising amount of personal information, especially if you include data like your date of birth, where you live, friends and relatives and so on. To help control who has access and what information can be seen, review the privacy settings on the online accounts you use regularly. Pay special attention to:

• Location tracking: consider turning off automatic geolocation data on your social media posts, photos, and comments
• Public information: think carefully about what information should be public, such as your birthday, family details, where you live, where you work
• Likes, shares, and comments: your 'likes' and comments on other's posts are public information, allowing your profile picture, name and comments to show to companies and other people

Instant messaging applications

Artemis will never try to market or sell you a fund or investment via an instant messaging application (eg WhatsApp, Messenger, WeChat, Telegram etc).

Fraudsters may attempt to use the Artemis brand or impersonate representatives of the firm to add an appearance of legitimacy to their crimes. Please do not reply to, or act upon suspicious messages and report any suspicions to the application provider.

Phishing and spam

• Spam is a general term to indicate unwanted email and generally refers to mass-marketing emails, usually sent indiscriminately by automated programmes.
• Phishing is the process of sending emails purporting or pretending to be from a person or organisation with the intention of fooling the recipient into disclosing information (such as passwords or personal confidential information) or downloading malicious files.
• Spear-phishing is the same as phishing but is targeted at individuals and makes use of specific information relevant to the recipient.

How to recognise malicious emails

The following list details some of the things you should check when trying to assess if an email is genuine or not. If you answer ‘no’ to any of these, you should be suspicious.

Were you expecting it?

• Were you expecting an email from this person or organisation?
• Is this the normal type of email that the user would send?
• Is this the person that would normally send this type of email?
• Are you the person they would normally send this email to?
• Does this email require a deviation from your standard operating practice? (ie is it asking you to email a file that would normally be delivered by some other mechanism? Or to make a payment outside normal payment runs?)

Is the sender who they say they are?

• If you hit Reply, is the Reply-To address of the email what you would expect?

Does it sound right?

• Is the tone (eg formal, relaxed, urgent) and the content (eg spelling, grammar, vocabulary) of the email consistent with what you would expect from this sender?
• And for this type of request? Does the email contain real or implied threats (eg disconnection or a fine) if you do not reply instantly?

Does it have an unexpected attachment?

• Were you expecting something to be attached to the email – for example, a photo, document, PDF, ‘zip’ file or other type of file?
• Does the attachment name look correct?
• Does the attachment ask you to override any security settings?

Do you know where any links are leading to?

• Does the email contain a link to a website?
• If you hover over the link, does the website address look correct?
• Is the email asking you to log in to another system to do something?

Trust your instincts

• Above everything else, does it pass the ‘sniff test’?
• Often our instincts are very good at alerting us that something is intuitively wrong, even though we can't put our finger on exactly why

More information about staying secure online

Visit the National Cyber Security Centre