Skip to Main Content

Scam and Fraud Prevention Logo

  • Home
  • Computers Security Knowledge
  • Scam and Fraud Prevention
  • Maximise Your Internet Speed

Here you can learn how to prevent scams and fraud, with more knowledge to come.


Using this knowledge is the best way to prevent scams and fraud by protecting your personal information.



Add your phone numbers to the TPS (Telephone Preference Service) for free, it will help to prevent Cold calling (unsolicited sales and marketing telephone calls), which will also help to prevent phishing scam attacks where people try to get personal information from you and it will help to prevent fraud attacks where people use your information against your will. Because it is a legal requirement that companies do not make such calls or messages to numbers registered on the TPS. This applies to the UK, but it applies to other countries as well, as they have their own versions of this service.

Activate a calling blacklist if your telephone provider offers this service, usually it is provided for free, as this will help to prevent scam calls and cold calling (unsolicited sales and marketing telephone calls), because usually those numbers are automatically blocked by this service. You can also block categories of callers like all international numbers, all withheld numbers and all unrecognised / unknown numbers, etc. And you can block numbers you choose by adding them to your personal blacklist.

Withhold your number all the time on your landline and on your mobile phone, you can do this with a setting or a code, even as a one off by entering 141 in front of the numbers that you call, as this will prevent your numbers from being seen by every person you call, which will limit who can see your numbers to only people you choose. You can show your numbers to callers you trust by entering 1470 in front of the numbers that you wish to call. This applies to the UK, but with different codes and different settings it applies to other countries as well.





Enable two-factor authentication in all your accounts that support it, this will add an extra layer of security to your accounts, so when you want to sign in it will ask you to enter your password and it will also send you a temporary random code each time to either your email address or to your phone number via a call or a text or it will generate one in an app like the Google Authenticator app or on a physical hardware key that you will have to plug in each time, etc. Google account's two-factor authentication will popup a yes or no prompt on signed in devices, to ask whether or not to allow the new device to sign into your Google account. I would like to add that other companies can have their own method of a two-factor authentication popup verification prompt, either using their own app or using a different companies / persons app or using another method, etc. I would also like to add that I know sometimes disabling two-factor authentication temporarily is needed or is thought to be needed even if it's not, as even I have to do this if I am changing around settings or if I am testing things out, etc.

If you have got the choice of which two-factor authentication to use, then I would recommend that you choose TOTP which is time-based one-time password to generate one in an app like the Google Authenticator app, etc. But remember to enable if possible brute force protection on the TOTP two-factor authentication method and remember to choose strong personal identification numbers (PINs) for your mobile devices preferably a minimum of 12 digits or choose strong passwords that are a minimum of 10 characters for your mobile devices and other devices. Here are pages about TOTP, here and here, etc. It will ask you to enter this extra code in or to press yes on a signed in device after you enter your username and password, as an additional level of security. Also, this will protect your accounts if your passwords get leaked in a data breach and this will give you time to change your passwords.





It is a good idea to keep one debit card with little money in it and no overdraft, this is so you can use that card to make payments over the phone without worrying that one of your cards with money kept in it or one of your credit cards will get compromised. But don't keep your debit card empty or the bank might close your account.

Don't click/tap on suspicious links, don't go on suspicious websites, as for one thing phishing websites that pretend to be real websites try to steal your personal information.

Always check website links in messages and even on websites by hovering over them with your mouse, by holding on to them, which will display a pop-up box or by right clicking on them or holding on to them, then copying and pasting the website's link into a text editor or into the URL address bar without searching it. All these examples are to reveal the real website's address.





Choose strong passwords that are different for each online account, especially for your email accounts, as this will limit the impact if one password gets compromised. Use a combination of numbers, symbols, and upper and lower case letters, make sure your new passwords are a minimum of 10 characters and avoid storing passwords in your browser to help avoid password leaks. Also, by creating different strong passwords for each online account, you will help to maintain your privacy and prevent attackers from hacking your online accounts.

Also, choose strong personal identification numbers (PINs) for your mobile devices preferably a minimum of 12 digits or choose strong passwords that are a minimum of 10 characters for your mobile devices and other devices. But do not use fingerprint or face authentication, as they have been proven to have security vulnerabilities that can be exploited.





I would recommend that you use the LastPass encrypted password manager, as I have done much research about encrypted password managers and I have found it to be the best. The reasons I have found it to be the best are because it encrypts your data with very high grade encryption locally, so this means that LastPass never get your encryption keys, they just see in their cloud servers your encrypted data, so they can never see what you have encrypted. Another reason is that some other password managers will un-encrypt way too much of your encrypted data into RAM, but LastPass only un-encrypts the data it needs, to fulfil your request keeping all your other data still encrypted until it's needed. You can use its auto fill feature where it will on websites have a LastPass login button beside forms like username and password and when you go on that it will either ask for your fingerprint, personal identification number (PIN) or master password to login depending on how you have set LastPass up and it will either auto fill if you choose for it to or it will give you the choice whether you want to fill in like your username and / or password, if you have multiple username and / or passwords for a particular website they will all be in a list for you to choose which one to let it fill in for you. Here is LastPass explaining its security.

Also, another reasons is that some other encrypted password managers will not clear out your master encryption key from RAM, but LastPass does every time your encrypted vault is locked back up, keeping your encrypted data safe. LastPass also supports 2-factor authentication, fingerprint login and recovery of your master password via fingerprint login in the apps, so that you can reset your master password if it is forgotten by just using your fingerprint, if you don't have a fingerprint reader then a PIN can be set up and if the PIN or the fingerprint login fails a few times the main master password will need to be entered, so all this keeps your encrypted data well and truly safe. But I would not recommend using fingerprint authentication in any form, as it can be fooled and as using a PIN number of sufficient length is much more secure, this is especially true of using a PIN with LastPass as after a few failed attempts the main master password will need to be entered anyway.





I would like to add that using fingerprint authentication is acceptable on Windows with LastPass, as LastPass doesn't support PIN authentication on Windows, so your potentially very long LastPass master password would have to be entered in each time you login without using fingerprint authentication, but to make it more secure you can use double two-factor authentication by having fingerprint login and then having it request a second two-factor authentication method after. But you will need to find a way of adding two-factor authentication to the Windows login process, as like Android if fingerprint authentication is used for apps instead of PIN authentication, then fingerprint authentication is also used for the lock screen instead of PIN or passwords authentication.

Additionally, you can even set the number of iterations, an iteration will make it harder and more time consuming to the attacker for your master password to be brute force attacked where an attacker will try every possible combination until they find your password, by default LastPass has the most iterations by default than any other password manager, but you can set the number of iterations to anything you want, so even higher to make it more secure. Finally, you can block access to your encrypted vault via TOR, via any country that isn't one that you will logging in from, etc. And last but not least you can generate truley random passwords, 128 characters long for an example in the LastPass apps, in the LastPass Windows programs and in the LastPass browser's extensions like in Windows, etc. So as you can see this will keep your data encrypted with a very high level of security.





If you are in a data breach and you have to change your passwords, by only using one password for each online account it will definitely limit the impact if one of your passwords is leaked to the public and by using randomly generated passwords that are stored in an encrypted password manager's vault, it's so easy to just generate a new randomly generated password with an encrypted password manager. Also, you can check if you have been in a data breach by visiting Have I Been Pwned.

Be careful of scam and fraud messages, if you receive a scam or a fraud message never respond to it at all, send any money, click on any links or provide any information, just block the text number or email address and report it to your providers scam / fraud message report service and to websites such as PhishTank and OpenPhish, if it's a phishing scam trying to get personal information from you by taking you to a fake website. Also, if you are in the UK report it to the TPS (Telephone Preference Service) and to Action Fraud who will report it to the police and to the relevant authorities, then delete the message. Additionally, make sure you always check the email address that sent you the email, yes it can be spoofed, but it's always a good idea to check it still, as it may not be spoofed and it may be a totally different email address than you would expect to have sent you the email. So just in case the email address that sent you the email might have been spoofed, you need to check that the contents of the email are genuine as well. Finally, If the hackers / scammers claim to have hacked your email account and to prove it they say I have sent this email from your own email account and it was sent from your own email address, the easiest way to check if your email account has been hacked is to check the activity logs for any unauthorised access.





Also, be careful of scam and fraud calls, if you receive a scam or a fraud call never provide any information at all just end the call. As scammers can do this to get you to say yes on their recording of the call, so they can use it as verbal consent for anything, they can do this to ask you to provide your personal information. They can also do this to ask you to let them remote into your computer, but don't allow them access to your computer, as these can be a scam that could end in your money and / or all of your personal information being stolen or held to ransom for money, etc. Then add the number to your personal call blacklist to block further calls from the number and report it to your providers scam / fraud report service. Additionally, if you are in the UK report it to the TPS (Telephone Preference Service) and to Action Fraud who will report it to the police and to the relevant authorities. Also, scammers can spoof their number, so when they are calling you it may seem like its a genuine number, but in your call log it will show a totally different number has called you. So always check that the caller who is calling you is genuine even if their number calling you seems genuine.

If you get a call and it's automated and if you think it's a scam, do not press any buttons other than to just end the call and do not say anything while you are on the call, as scammers do this to add your number to a list of active numbers. So if you do press whatever button(s) they ask you to press, you will probably get lots more scammers calling you from then onwards, you will have to block each one of them individually from calling you again, by ignoring them and then blocking them, but don't answer the call whatever you do. By doing this they will think your number is not active and you will probably be taken out of the list, so you will probably receive less scammers calling you from then onwards.





Make sure the website you go on is the actual website you want to be on, you do this for one thing by looking at the URL bar and by reading the website's URL name.

Always check before entering personal information into a website that it is HTTPS secured, which means between you and the website's servers communication is encrypted and it is only readable by you and the website's servers. Also it means you are protected against man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested), etc.

Be wary of who you give your personal information to as they could misuse it, they could pass it on to other people or their servers could get hacked and it could be taken.

Also, be wary of leaving personal information on answer machines, as it could be overheard by other people and be wary of giving personal information over the phone, as you have to trust that the person you are giving it to will not misuse it.





Make sure you do not allow your personal information to be given to third party organisations, you can do this by not allowing it on forms that you enter your personal information on, as they can do what they want with your personal information if you allow them access to it and they can pass it on to even more organisations.

If you use contactless smart cards be careful, this is because attackers could easily just move an NFC (near-field communication) RFID (radio frequency identification) scanner near them and they could easily clone them to use them for their own purposes. The best thing you can do if you still want to use contactless smart cards is to buy a protective sleeve for them, which will block the NFC RFID signals while they are not in use. But only have contactless smart cards from your bank if you absolutely need them, because if you don't need them the best thing you can do is to request from your bank non-contactless cards and to request that you don't want Contactless smart cards anymore, as they send contactless smart cards out by default. Here is a Wikipedia page about what are contactless (NFC RFID) smart cards.

Always keep all your possessions that you carry with you in view, zipped and locked if possible, especially handbags, purses and wallets and do not leave wallets in your back pocket, as all these things promote theft.

The police recommend that you attach a bell to your handbag and / or purse, so if attackers try to steal them they make a noise to alert you, this is to prevent them from being stolen.





If you use ATM (automated teller machines) / cash machines be cautious, this is because attackers can fit a pinhole camera looking down at the keypad recording what personal identification numbers (PINs) are entered. Also, attackers can scan your cards by fitting a card scanner to the existing card scanner, so the ATM / cash machine still works, as your card passes straight through the attacker's card scanner and into the existing card scanner. Always check to see if an ATM / cash machine has been tampered with in any way for an example if anything has been fitted on to it, if it has been tampered with don't use it, then inform the bank. Finally, always cover the keypad while you are typing your PIN in, this is a good thing to always do, as for one thing it prevents people behind you looking at your PIN as you type it in.

Also, if you use ATM (automated teller machines) / cash machines be on the lookout, as I have known at least one case where an attacker or attackers have watched people entering in their PIN as they were typed in and writing them down, then an attacker distracted people by waving their own card(s) in front of the people saying cards are being eaten by the ATM (automated teller machines) / cash machines, then another attacker covered the keypad, then pressed cancel and then took the card out of the ATM (automated teller machine) / cash machine. The person who the card has been stolen from thinks the card has been eaten by the ATM (automated teller machine) / cash machine, probably going to get the staff of the bank, while the attacker or attackers go away with the stolen card. These types of attacks can occur, so be viligent for any attacks even ones not mentioned here by an attacker or attackers when at an ATM (automated teller machine) / cash machine. Definitely always cover the keypad while you are typing your PIN in, this is a good thing to always do, as for one thing it prevents people behind you looking at your PIN as you type it in. I learned some of this information from watching a program that taught me about some of these attacks, but I cannot remember what the program was called and I had already learned some of this information even further back, but again I cannot remember where from. But I think I had worked out for some of this information about these attacks myself as well.





Divide your money into separate locations if you are carrying lots of money, because if one of your items gets stolen then all your money that you are carrying will not be stolen.

Always destroy personal information when it is no longer needed by using special stamps to thoroughly cover the contents, by thoroughly shredding it manually using special cross cut shredder Scissors or by thoroughly shredding it electronically using a high grade security cross cut shredder. Here is a page from the Shredder Warehouse about what are the security levels of shredders.

Be vigilant for scam calls or messages when you are selling your goods online, as scammers can send you a link usually a shortened link which they say is to the item you are selling, saying they want to buy it, but when you click on the link it will take you to a phishing scam fake website where they want you to login which will give your personal information to them. I would not recommend sending your goods to people on advertising sites, this is because they could say we have never received your goods, if you must deliver it always pay for tracked delivery preferably insured against loss or theft, you could ask them to pay for the delivery cost and always keep the proof of postage.





Do not agree to let a listing website that you don't know use your personal information, so they can put an item listing up for you on their listing website, they could get your personal information from the listing website you used to put your item listing up. As this can be a scam if they contact you asking for your permission, this can be to get more personal information from you or to impersonate you by giving the illusion that they are selling your item, they can do this to take people's money without ever giving them the item that they paid for. They can buy and run their website anonymously or they can fake their details for their website, so they are hard for the police to track down to bring them to justice.

Track down and close any of your older accounts that you don't use anymore, this is because their servers could get hacked and your personal information could be taken, so it's an unnecessary risk. Also, be careful signing up to accounts on smaller less known websites, this is because their servers are usually less protected sometimes storing your password in plain text or just hashed which isn't secure and sometimes they don't even use HTTPS. So if they don't use HTTPS never enter personal information, as it could be read by anyone between you and the website's servers, as communication is not encrypted and it is readable by anyone along the way. Finally, without HTTPS you will be vulnerable to man in the middle attacks (an attacker pretending to be the website's server(s) for the website that you requested), etc.





I have already covered in my Computers Security Knowledge page other ways to secure yourself and to prevent your Information from being taken, so check there for that information as well. But I would like to add that I have duplicated some of the wording from my Computers Security Knowledge page to this page. I would also like to add that I may have duplicated some of the wording that is on this page as well.

This knowledge was obtained from many sources over a long period of time typed in my own words and parts of this knowledge was copied from many sources and pasted into this page, edited by me (I would like to add when I said edited by me, I meant paraphrased by me), all to help you prevent scams and fraud, but that's part of what life is about accumulating knowledge. This page can be modified at any moment, so check back regularly to see the modified version.




This page was last modified on November 24, 2020


  • Privacy Policy
  • Cookie Policy

Author Ryan Dewsbury