Inbound Calls, Emails and Texts are High Risk

Never Click on Links in emails and texts. Assume inbound phone calls/SMS are not trustworthy, rather than the other way around. Do not download something at a callers request, it can take control of your machine and they are likely a fraudster. If your mobile phone stops working – contact your telco and bank immediately as you might have been SIM Swapped.

Use a Password Manager

Get rid of older insecure passwords. All the passwords should be different and strong (i.e. over 12 characters in length). Ensure you have a long and hard to guess Master Password for the password manager. Consider the advice from the UK's National Cyber Security Centre on how to create a strong but easy to remember passwords here – https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0.

Start using Passkeys

Start using Passkeys as support is rolled out from firms such as Apple, Google and Microsoft to replace your sue of passwords.

Set up Two Factor Authentication 2FA/MFA

Try to use as strong 2FA/MFA as possible: The best us a FIDO based Hardware Token. Consider a Yubikey or other FIDO compliant hardware token, especially for the Password Manager. Authenticator App using push notifications e.g. Microsoft Authenticator (especially for Microsoft services). Turn Number matching on for best security. Authenticator App such as Google Authenticator uses TOTP. Phone call. SMS better than nothing, but use above where possible. Priorities for setting up MFA should be: Password Manager; Banking, finance & Cyrpto; Email accounts; Google/Apple etc.; Any accounts that act as a wallet, e.g. Amazon; Any that allow it to be added.

Add Call Screening Services to your Phone

Look to add Call Screening services to your phone and use call blocking and spam reporting services on mobiles.

Reduce Personal Data on Web

Lock down social media etc removing unnecessary information e.g. Date of Birth, phone numbers etc.

Remove Browser extensions

Don’t use free wifi hotspots for anything sensitive without using a VPN

Don’t use free wifi hotspots for anything sensitive without using a VPN as this leaks your personal data to anyone listening on the hotspot.

Always type in your banks/financial firms login

Always type in your banks/financial firms login, don't search for it.

If call your financial institution, always call number on the back of your card

Police or your bank will not ask you over the phone for full: PINs/Passcodes; Passwords; OTPs or security codes; Do not give these out.

Regularly back up data

Regularly back up data to avoid being victims ransomware and enable wiping devices if they are infected with malware.

Slow down, it is not urgent.

Slow down, it is not urgent. If the caller says it is urgent it's probably a scam.