How to Stay Safe Online: A Plain-English Guide for Over 55s

Online scams targeting older adults cost UK residents hundreds of millions of pounds every year. The criminals behind them are sophisticated, patient, and increasingly convincing. But staying safe online does not require technical expertise — it requires a handful of clear habits and the confidence to trust your instincts when something feels wrong.

What are the most common online scams targeting people over 55?

The scams that catch the most people tend to involve impersonation — criminals pretending to be a trusted organisation or person. The most common include:

• Bank impersonation fraud — a call or text claiming to be your bank, warning of suspicious activity and asking you to move money to a “safe account” (your bank will never ask you to do this)
• HMRC scams — messages claiming you owe tax and face arrest if you do not pay immediately, often asking for payment via gift cards or bank transfer
• Parcel delivery scams — texts saying a package is held and asking you to pay a small fee, which is actually a gateway to stealing your card details
• Romance scams — someone you have met online (often on a dating site or Facebook) builds a relationship over weeks or months, then asks for money due to an “emergency”
• Investment scams — offers of unusually high returns on crypto, bonds, or property, often from people who approached you first

How do you create a strong password — and why does it matter so much?

Weak or reused passwords are one of the most common ways accounts get compromised. A strong password is long (at least 12 characters), uses a mix of letters, numbers, and symbols, and is not used on any other website.

The easiest solution is a password manager — software that generates and remembers strong passwords for you, so you only have to remember one master password. Recommended free options include Bitwarden and the built-in password managers in Chrome and Safari. If you prefer not to use one, write passwords in a notebook kept somewhere safe at home — this is much more secure than using the same password everywhere.

What is two-factor authentication — and how does it protect you?

Two-factor authentication (2FA) adds a second check to your login. Even if a criminal has your password, they cannot access your account without also having your phone. When you log in, you receive a code by text or an app — you enter that code to complete the login.

Turn on 2FA for your email account first — it is the most important one. If a criminal gains access to your email, they can reset passwords on virtually everything else. Most email services offer this under Settings → Security.

How do you spot a phishing email?

Phishing emails try to trick you into clicking a link or entering your details. Warning signs include:

• A sender address that looks almost right but not quite (e.g. [email protected] rather than amazon.co.uk)
• Urgency — “Your account will be closed within 24 hours”
• A request for personal information, passwords, or payment
• Links that do not match the supposed sender when you hover over them
• Poor spelling or oddly formal language

If in doubt, do not click anything. Go directly to the organisation’s website by typing the address into your browser, or call them on a number you already have — not one given in the email.

What should you do if you think you have been scammed?

Act quickly — speed matters in fraud cases:

• Contact your bank immediately — call the number on the back of your card and explain what happened. Banks have specialist fraud teams available 24 hours a day.
• Report to Action Fraud — the UK’s national fraud reporting centre: actionfraud.police.uk or 0300 123 2040
• Report suspicious emails — forward them to [email protected]
• Report suspicious texts — forward them free to 7726
• Change your passwords — particularly for email and banking, from a device you trust

You are not alone if this has happened to you. Fraud victims are targeted because criminals are skilled at manipulation — not because of any failing on your part. The important thing is to report it so that others are protected and so you have the best chance of recovering any money lost.

What are the five habits that make the biggest difference?

• Never move money at someone else’s request — no bank, government department, or legitimate business will ever ask you to transfer money to a “safe” account
• Use a strong, unique password for your email — with 2FA switched on
• Keep your phone and computer updated — updates patch security vulnerabilities; do not delay them
• Take your time — scammers create urgency deliberately. A genuine organisation will not mind if you hang up and call back
• Talk about it — sharing information about scams with family and friends helps everyone spot them