Welcome to the 24 Days of Cyber Safety! This holiday season, we’re bringing you daily tips to help you shop smarter and avoid online scams. From spotting fake deals to securing your devices, each insight is designed to keep your celebrations stress-free and cyber-safe. Stay tuned every day for practical advice to help you stay safe this Christmas.
Day 1: Shop on trusted, familiar websites
Shopping on well-known, reputable websites reduces the risk of falling victim to fake stores or fraudulent sellers. Trusted retailers have stronger security measures, verified payment systems, and better customer support, making your experience safer and smoother.
Tips:
- Consider how familiar you are with the website you are buying from.
Less familiar or completely new websites can still be perfectly legitimate and many smaller retailers offer excellent products and service, but using them means it is sensible to carry out a little extra checking. Look for clear contact details, returns information and independent reviews to confirm everything is in order before you enter any payment details. - Take a moment to judge whether the website looks genuine and trustworthy.
Look for signs such as consistent branding, well-presented pages, up-to-date information and a correctly spelled web address. Scam websites often cut corners, so small details can help you notice when something does not seem quite right. - Check that the website uses HTTPS and pay attention to any warnings from your browser.
Most reputable websites now use HTTPS as standard, and it is less common these days to come across a shopping site that does not. The absence of HTTPS does not automatically mean a site is malicious, but it does mean data sent between you and the website is not properly protected. If your browser warns you that a site may be unsafe or that the connection is not secure, treat this as a serious signal that something may be wrong. In these cases it is best to avoid entering any personal or payment information and consider shopping elsewhere.
Day 2: Strengthen your security with strong, unique passwords
Weak or reused passwords are one of the easiest ways for attackers to compromise your accounts. Protect yourself by creating passwords that are both secure and memorable:
✅ Use three random, memorable words
✅ Consider mixing upper and lower case letters
✅ Think about adding numbers and special characters
Example: RamseyHouseIslanD42!
Tips for Strong Passwords:
- Avoid predictable phrases or personal details like birthdays, names, or pets.
- Never reuse passwords across different accounts.
- Consider using a password manager to keep your credentials safe and organised.
A strong password is a simple step that makes a big difference in your security.
Day 3: Avoid clicking website links in unexpected emails, texts or social media messages, even if they look official.
Cyber-criminals often disguise malicious links to look legitimate, tricking you into visiting dangerous websites that steal your personal information or install harmful software. These links can appear anywhere like emails, text messages, social media posts, online ads, or even in search engine results.
How to stay safe:
- Never click on unexpected links – If you weren’t expecting it, treat it as suspicious.
- Go directly to the official website – Type the address in yourself.
- Hover before you click – On desktops, hover over the link to preview the actual URL.
Day 4: Gift card scams are on the rise leading up to Christmas. Stay alert!
Someone is trying to scam you if you receive an email, text, or telephone call asking you to buy gift cards as a payment or to solve some problem. When someone asks you to buy gift cards, they’re really asking you to take money from your bank account and hand it over to them. The gift card is just a disguise to make the scam seem less obvious.
Gift cards are easy to buy, easy to share and hard to trace. Once you share the gift card’s PIN with the scammer, your money is gone.
Protect yourself:
- Ignore any email, text or call asking for gift cards, even if it sounds urgent or official. If something sounds urgent then that’s another sign that it’s a scam.
- Scammers often email to impersonate family or friends to ask for gift cards.
- Legitimate businesses or organisation will never request gift cards for payment.
- Never share gift card numbers or pins with strangers. These unique numbers allow you (or the scammer) to redeem to money on the card.
Day 5: Be cautious of winter heating-allowance messages
Cyber-criminals often to impersonate Government offices by promoting fake heating discounts or energy deals. These scams typically through text messages and sometimes by email. Messages about allowances or benefits might look professional and might even seem to mirror real Government services. But the goal is to trick you into making quick payments or sharing personal details.
Tips:
- Be suspicious of any message you weren’t expecting – even if it looks official.
- Do not click on any links until you independently verify the message.
- Do not reply, even with ‘STOP’ – scammers use replies to confirm active numbers.
- Do not call any phone number provided in the text.
- Delete the message if you’re sure it’s fraudulent, or after reporting it.
- Remember that most government departments do not normally send text messages unless it is a for a service that you have consented to. The same is true of businesses.
Day 6: Slow down and shop mindfully, scammers rely on rushed decisions.
The Christmas season is prime time for online shopping… and for scams. Fraudsters know that when people are in a hurry, they’re less likely to notice the warning signs. Fake websites, counterfeit products, and unrealistic deals often lure shoppers who are rushing to grab bargains. Acting quickly without checking details can lead to stolen money, compromised personal information, or identity theft.
It's important to pause before you click. Ensure the seller or website is legitimate before you purchase anything. Great deals aren’t going anywhere, take your time and shop smart!
Day 7: Impersonation scams trick you by pretending to be someone you trust. Always verify before acting!
Scammers often impersonate friends or family by hijacking their email accounts. Don’t trust the sender’s address alone – it’s not proof of origin. These messages usually sound urgent and ask for help or a favour, making it easy to act without thinking.
These messages often sound urgent and ask for help or a favour (e.g. the laryngitis/sore throat’ emails), making it easy to act without thinking.
Treat anything unexpected or vague with caution. If you suspect an account takeover, call the person directly. Quick action can stop further damage.
Day 8: Never share verification codes, they unlock your accounts for criminals.
Never share verification codes. These include MFA, 2FA and OTP codes, and they all serve the same purpose, they stop criminals from accessing your accounts. Banks and other services send OTPs to confirm that you are the person logging in or approving an action. If you tell anyone a code, you are effectively unlocking your account for them.
Scammers often impersonate banks, delivery companies, shops or even people you know. They may claim they need to ‘verify your identity’, ‘stop a fraudulent payment’ or ‘confirm a purchase’, and then ask for the code you have just received. In reality, the code has been triggered by the criminal who is trying to sign in or authorise something on your account.
Once a criminal gets your verification code, they can take over your accounts, reset your passwords, access your personal information and in many cases commit fraud in your name. The simplest protection is also the most effective, never share a verification code with anyone, and if you receive one unexpectedly, treat it as a warning sign that someone else is trying to get in.
Day 9: Add multi-factor authentication for a simple, powerful security boost.
Yesterday we talked about keeping your verification codes safe, many of those codes are part of MFA, so today we’ll explore how MFA works and why it protects you. Passwords alone aren’t enough anymore; cyber-criminals can steal or guess them. Multi-Factor Authentication (MFA) adds an extra layer of protection and that should make it much harder for attackers to access your accounts.
Why it works: Even if someone gets your password, they’ll need a second factor, like a code sent to your phone or an authentication app to break in.
How to get MFA:
- Check your account security settings for ‘Two-Step Verification’ or ‘Multi-Factor Authentication’.
- There are different ways to set up MFA. One option is to use an authentication app (such as Microsoft Authenticator, Google Authenticator, or Authy) for stronger security than codes sent by text message.
- Enable MFA on your email, banking, and social media accounts first. They’re the most critical.
Day 10: Check independent reviews to make sure that a website is genuine and safe.
Online shopping is convenient, especially at Christmas time, but it also opens the door to fake websites designed to steal your money or personal details.
These sites often look professional and convincing, making it hard to spot the danger at first glance. Before you trust a new retailer, take time to check what others say.
Independent reviews can reveal whether a site is genuine or a scam.
Day 11: Using guest checkout means sharing less of your personal data and it’s a faster shopping experience
When shopping online, creating an account often means sharing extra personal details, like your address, phone number, and sometimes even payment information. While this can make future purchases easier, it also increases the amount of data stored by retailers, which could be exposed in a data breach or misused by scammers.
Using guest checkout is a simple way to reduce the risk while still getting what you need.
Day 12: Watch out for delivery scams. Don’t be fooled by fake parcel messages.
Scammers are aware that during busy shopping periods, like Christmas, most of us are waiting for parcels, and they will use this to their advantage!
They will often send text messages and emails claiming that there’s a problem with your delivery or asking you to pay a small fee to release your package.
These messages may look official and use real company names (for example Royal Mail and Evri), but they’re designed to trick you into sharing personal details or making payments.
Real delivery companies won’t contact you about addresses or damaged items by text message or email. Your courier might provide updates on tracking, but these are for information purposes. They do not ask for sensitive details or extra payments by text.
Stay safe by
- Ignoring unexpected messages about delivery problems by text and email
- Tracking your parcels only through the official website or app of the delivery company.
- Contacting the courier directly using details from their official site.