Security Awareness

Imagine discovering that someone has taken out a mortgage on your home, or even sold it, without your knowledge. Property fraud is rare but financially devastating. Criminals target properties that are unmortgaged, rented out, or standing empty, especially when the owner lives elsewhere. The UK Land Registry property alert service offers a simple early-warning to identify potential problems. It can’t stop fraud by itself, but it gives you the crucial time to act before a transaction is completed.

How the alert system works

When you sign up for Property Alerts, the Land Registry emails you whenever it records activity on a monitored title deed, such as a change of ownership, a new mortgage, or a change to the registered owner’s details.

You can monitor up to ten properties per account, even if you don’t live at them. The service is free, quick to set up, and you can unsubscribe at any time.

Alerts don’t block applications. They simply let you know that something has been submitted, prompting you to check whether it’s legitimate. If you weren’t expecting any activity, you can intervene before money or ownership changes hands.

Who should register

Almost everyone can benefit, but it’s particularly valuable for:

• Mortgage-free properties that criminals could attempt to mortgage or sell.

• Rental or vacant properties where post might go unnoticed.

• Elderly or vulnerable owners who may not spot irregularities quickly.

• Second homes or overseas owners who spend long periods away.

If you fall into any of these categories, registering for alerts is one of the easiest and most effective precautions you can take. When a property is mortgaged, the lender’s financial interest provides a layer of protection. The mortgage company, as the primary creditor, won’t permit changes to ownership or certain new charges, such as additional loans, without their consent while the mortgage is still outstanding. However, secondary charges, like secured loans, can still be placed on the property, even if the mortgage is still in place. Once the mortgage is fully repaid, the primary creditor’s protections no longer apply, and the property is free from these restrictions.

How to strengthen your defences

Property alerts are only one layer of protection. Here are some additional options:

• Consider monitoring properties belonging to family and friends, and have them monitor your property.

• Ask a solicitor or conveyancer to add an anti-fraud restriction requiring identity certification before any sale or mortgage.

• Stay alert to emails from the HM Land Registry Property Alert service and use inbox rules to flag them if your incoming email volume is exceptionally high. If an unexpected alert arrives, contact HM Land Registry straight away using the official number on their website

• If identity theft is suspected, call your bank, report to Action Fraud, and consider a Credit Industry Fraud Avoidance System (CIFAS) protective registration.

Once a fraudulent action is registered, unravelling it can be lengthy and costly, though not impossible. Although HM Land Registry indemnifies victims if they lose property through no fault of their own, the process of proving your claim and restoring the title deed can be long and distressing. Prevention remains far easier than correction. Identifying problems and responding quickly is vital, and doesn’t require complex tools or expensive subscriptions.

You can register for free at https://propertyalert.landregistry.gov.uk/

Online marketplaces have transformed over the past decade. While it’s never been easier to buy or sell, it’s also never been riskier. Artificial intelligence, mobile-first commerce, and peer-to-peer platforms have created new opportunities and new threats. Whether you’re an occasional user or an online trader, staying safe in 2025 means understanding modern risks and adopting secure behaviours. This article highlights some of the essential areas for both buyers and sellers. I also refer to some older security awareness articles that are still relevant today.

How online threats have evolved

Online scams have evolved far beyond basic phishing and fake listings. Fraudsters now use AI-generated content to impersonate people, automate conversations, and create fake websites that closely mimic trusted brands. At the same time, there are many new entries to the market. Amazon and eBay were the pioneers, but they no longer dominate the marketplace.

• Threat actors use AI to create convincing fake profiles, listings, and customer service chats. It is harder to spot fakes because tell-tale signs such as poor spelling and grammar are becoming a thing of the past.

• Traditional auction sites are now part of a much larger, more fragmented ecosystem.

• Email protection and spam filtering have evolved, but so have fraudsters with more convincing emails, social media profiles, text messages, instant messaging, and in-app messages.

• Scammers now behave like real users, mimicking platform language, branding, and interfaces with ease, making scams harder to spot than ever.

• The Website Credibility Test (5^th March 2018) – Not all websites deserve your trust, even if they look professional. This article explores how poor design choices, such as fake search boxes (containing links), pop-ups, and sneaky opt-out purchases, often indicate dishonest business practices. It reminds readers that site behaviour directly reflects the people behind it, and you may be unable to trust it with your payment information.

Staying safe as a buyer

Buyers today must navigate deals across dozens of platforms, some offering little or no protection. Many scams involve off-platform communication or payment, which can void any dispute rights. Even when a transaction appears secure, scammers may attempt to use urgency or fear to push buyers into quick, irreversible decisions.

• Stick to platforms with formal buyer protection and avoid off-platform transactions.

• Use credit cards where possible, as they offer the strongest consumer protection.

• Enable Multi-Factor Authentication (MFA) on shopping and payment accounts.

• Be cautious with deals that seem urgent, emotional, or unusually cheap.

• Always double-check the seller ratings, the age of the account, and listing consistency.

• Confirm shipping costs and return policies before you buy. Consider the item’s location carefully as returning a low-cost item from overseas may cost more than the item itself.

• Deviation from the Norm (29^th June 2019) – Scammers don’t always ask for your money directly. They often ask you to behave in ways that feel unusual. This article highlights how fraudsters push victims into unorthodox payment methods like cash or bank transfers, offering excuses that sound urgent, emotional, or even official. Deviating from established norms, like not using a credit card, removes your safety net. The key message is simple: if the process feels off, it probably is.

Protecting yourself as a seller

Sellers face increasing pressure to provide a fast, friendly, and reliable service but also face rising risks from fraudulent buyers and chargebacks. Verifying payment, understanding platform rules, and setting boundaries are key to staying protected.

• Never dispatch items until you’ve confirmed cleared payment.

• Avoid off-platform messages that could void your ability to raise a dispute.

• Watch for overpayment scams and never refund a mistake before verifying the original payment in cleared funds.

• Understand how your platform handles refunds, chargebacks, and seller disputes.

• If in doubt, cancel the sale and report the user.

• Document what is available for the transactions, such as photographs, messages, proof of postage, and receipts.

• Unsafe financial transactions (16^th July 2019) – Despite years of warnings, unsafe transactions are still commonplace. This article explains why bank transfers, upfront fees, and cheques expose buyers and sellers to avoidable risk. It also describes how fraudsters manipulate trust by creating fake emergencies, fake job offers, and fake loans to trigger emotional decisions. Recovery is difficult or impossible once money is sent, especially outside of regulated systems.

• Reducing fraud with virtual cards (6^th March 2022) – Virtual cards act like a firewall between your real bank details and the internet. This article introduces how they work, why they matter, and where they’re most effective, especially against subscription traps, stealth auto-renewals, and websites that refuse to remove your card details. By generating a disposable card number for each transaction, you can cancel future payments instantly without exposing your real account details. It’s an innovative process in today’s risk-heavy digital economy.

Trust and transparency

Trust still matters, but it is getting harder to gauge. Reviews, profiles, and trust signals are now easily faked. Scammers often impersonate legitimate businesses or flood their accounts with fake reviews to seem credible.

• Look for account age, detailed feedback, and a history of similar transactions.

• Check for signs of review manipulation, such as the same comments across multiple sellers, and be suspicious of vague or overly glowing feedback.

• Use official company registers to validate business identities.

• Providing visible contact details and policies demonstrates transparency and builds trust.

Modern Security Hygiene

Cyber hygiene has become a baseline expectation for all users. Relying solely on strong passwords isn’t enough. Buyers and sellers must adopt multi-layered security measures to protect their money and personal information.

• Use a password manager to create and store strong, unique passwords. Don’t reuse passwords across multiple sites.

• Enable Multi-Factor Authentication (MFA) on every account that supports it.

• Avoid clicking on links in unsolicited emails or instant messages and go directly to the platform.

• Keep mobile apps updated and install only from trusted sources.

• Log out of platforms after transactions. Don’t rely on closing the browser tab.

• Time for some digital housekeeping (25^th February 2024) – The sheer number of online accounts we create has grown beyond what most people can realistically manage. This article looks at the long-term risks of account proliferation, from weak password habits to privacy exposure and an ever-expanding attack surface. It also critiques common website behaviours like blocking password managers (preventing the cut and paste of complex passwords) and unnecessarily requiring logins. With practical advice on using password vaults, enabling MFA, and deleting old accounts, it serves as a modern guide to cleaning up your digital footprint and regaining control.

• More on passwords (21^st January 2019) – This article revisits the basics of password security and why those basics still matter. It covers weak PINs, social media oversharing, and the risk of password reuse across multiple sites. It also touches on modern hacking tools that guess passwords based on personal information. Strong, unique credentials remain part of a solid defence.

What to do when something goes wrong

Even when you’re careful, things can still go wrong. Acting quickly and documenting everything improves your chances of recovering lost money or resolving disputes successfully.

• Save all messages, screenshots, emails, receipts, and postage confirmations.

• Report issues directly through the dispute resolution process.

• Understand payment protection options like PayPal Buyer Protection or credit card chargebacks.

• Monitor your financial accounts for unauthorised transactions after purchases.

• File complaints within the time limits mandated within the platforms.

• If necessary, escalate to consumer protection bodies or regulators.

Concluding thoughts

Online marketplaces are no longer just the domain of digital natives. While younger generations have grown up with e-commerce, many people who previously avoided online transactions are venturing into digital marketplaces for the first time. Whether out of necessity, convenience, or curiosity, this growing wave of new participants includes individuals who may be less familiar with the risks. That’s why messages around online safety, fraud awareness, and secure practices need to keep circulating.

The technology may change, but the underlying tactics of scammers remain the same. To paraphrase P.T. Barnum, “There is a victim born every minute”. Here are a couple more articles that remain relevant today.

• Caught in the Net (29^th January 2019) – Phishing is still a leading cause of online fraud, and it’s not going away. This article explains how phishing emails work, why they’re effective, and how they prey on urgency, fear, or empathy to trick people into clicking links or sharing sensitive data. It also explains how even experienced users can fall for realistic scams and why a cautious, verification-first approach to email is essential in today’s environment.

• Hit with the Spear (22^nd July 2019) – Spear phishing is phishing with precision. This article explains how scammers gather personal details from social media, CVs, and online profiles to craft highly believable messages. Unlike random spam, these messages are tailored to the recipient and often bypass spam filters entirely. The article breaks down the process, from initial research to final action, and shows why oversharing online can open the door to persuasive attacks.

Black Friday is approaching again, and while it promises incredible deals, it’s also a time to exercise caution. Cybercriminals see this as an opportunity to prey on unsuspecting shoppers who may let their guard down in pursuit of huge discounts.

• Stick to trusted retailers – it can be tempting to explore unfamiliar websites offering huge discounts, but this is where the risk of scams is highest.
  • Stick with the businesses you know and trust, especially those you have successfully shopped with before.
  • If you are curious about a new retailer, search for reviews and verify their legitimacy before purchasing.

• Avoid clicking links in emails – phishing scams are rampant during shopping seasons, with fraudulent emails disguised as offers from popular brands.
  • Go directly to the retailer’s official website through your browser.
  • Scammers often use addresses that look similar to legitimate companies but include subtle differences.

• Beware of unnecessary software and apps – installing unfamiliar software or apps to access discounts is a significant red flag.
  • Avoid downloading new apps unless they are from familiar and trusted retailers and official app stores.
  • Avoid apps that request excessive access to your device or personal data.

• Watch out for hidden memberships – special deals may sometimes come with strings attached, such as hidden memberships that require regular full-price purchases.
  • Before completing a transaction, ensure you’re not unwittingly subscribing to a recurring service.
  • Avoid deals that feel overly complicated.
  • Genuine bargains don’t require convoluted commitments.
  • Avoid paying for access to discounts.

• Use secure payment methods – protect your financial information by choosing safer payment options when shopping online.
  • Use credit cards or payment services such as PayPal or Apple Pay, which often provide buyer protection in case of fraud.
  • Avoid direct bank transfers.
  • Avoid payment methods that don’t offer recourse if something goes wrong.

• Look for HTTPS and Security Indicators – before entering any personal or payment information online, ensure the website is secure.
  • A secure website address will have “https://” at the beginning of the URL, along with a padlock icon in the address bar.
  • Be cautious and avoid unsecured websites.

• Monitor your bank statements – fraudulent transactions can go unnoticed if you don’t keep an eye on your bank accounts.
  • Check your bank statements regularly to spot any unauthorised transactions.
  • Report suspicious activity immediately to your bank or card provider.

• Avoid public Wi-Fi for online shopping – shopping on public Wi-Fi networks can leave you vulnerable to hackers.
  • Make purchases using private, password-protected Wi-Fi connections.
  • Virtual Private Networks (VPNs) add an extra layer of security, making your online activity harder to intercept.

• Think before you buy – impulse purchases often lead to regret, especially for items you wouldn’t normally consider buying.
  • Be realistic about the product’s value.
  • Pause before purchasing. If something seems worthless or unnecessary at the recommended retail price, it’s likely not worth buying with a 90% discount.

Although this article is about Black Friday, adopting these practices all year round is wise to ensure safe and secure online shopping. Generally speaking, it is good practice to avoid buying in a way that doesn’t align with societal norms; being asked to do so should be considered a huge red flag.

As the internet evolved, so did the growing need for user accounts to access online information and services. Consequently, we have hundreds of accounts, each requiring separate login credentials. This proliferation of digital accounts has led to significant issues and risks:

• Unnecessary requirement for login credentials – not every site needs login credentials, yet we are often still required to create an account. I thought about writing this article many times, and then recently, I needed to sign up to 3 separate sites to benefit from the service offered by a single business. In this case, one use account should have been sufficient. Many sites and services shouldn’t need an account at all.

• Remembering numerous passwords – It is inconvenient and introduces security risks – to remember login credentials, people often resort to using simple passwords, repeating the same password for different accounts, or creating lots of slightly different passwords based on a theme. If a hacker compromises one of your passwords, they could easily compromise many.

• Password vaults – there are many different password management solutions, but these are not always foolproof and often require trust and dependence on third-party services. Password vaults do make the use of long, complex passwords viable.

• Risk exposure – the more accounts you have, the more personal information is stored online, which increases the risk of sensitive data exposure in a breach. Also, more accounts mean more emails and communications from online services, and more time and effort are required to distinguish between legitimate messages and phishing attempts from scammers impersonating services to steal login credentials.

• Privacy – each account will collect and store personal information. The more accounts you have, the more places your data is stored, increasing the risk that site owners will misuse or sell your data or track online behaviour, preferences, and interactions, leading to privacy concerns.

• Attack surface – each account is a potential entry point for cybercriminals. The more accounts you have, the larger the attack surface.

• Time-consuming – managing so many accounts can become time-consuming and distract from more productive activities.

• Blocking cut and paste – storing passwords in a vault makes using long, complex passwords convenient. It is not helpful if site owners block cut and paste and require users to type passwords manually. A more recent change is to measure the time it takes to type a password and reject login attempts that are too quick. This blocks pasted passwords and passwords automatically filled from browser-based password vaults. It is well-intentioned but risks replacing complex passwords with simple passwords.

Practicing good cyber hygiene is essential:

• Use a password vault so you don’t need to remember every password – this makes using strong passwords for each account easy. Be careful whose solution you choose. Make sure you select a reputable vendor.

• Establish an inventory of sites where you have online accounts – using a password vault makes this much more manageable.

• Delete accounts that you no longer need. You will still have an account even if you signed up for an online service using Google, Apple, Microsoft, Facebook, or LinkedIn credentials. In addition to deleting the account, it is also necessary to revoke access to the credentials, i.e., remove the service from the list of third-party sites in  Google or other login services.

• Don’t repeat passwords – use a different password for each user account.

• Use Multi-Factor Authentication (MFA) to add security to your online account.The long-term effectiveness of MFA is the subject of much debate, given rapid technological changes and adaptability in cybercrime. The use of MFA is still better than not using it.

• Don’t store credit card details on the sites unless absolutely necessary.

• Avoid using immutable facts for authentication purposes. For example, your mother’s maiden name or the name of your first school will remain the same. Immutable facts are wrong for security, but websites and service providers still use them.