There’s no crisis so serious that the cyber-criminals won’t try to make some cash out of it. COVID-19 scams are on the rise, many of them based on the assumption that we’re all stressed enough right now to fall for tricks we normally wouldn’t, having to make applications we never have before or just do regular things in a different or unfamiliar way. Here’s some tips for making sure you stay as safe online as in person.

Personal Details

A quick reminder: when you’re asked to give out any personal details in an email or text message, for instance, always make sure you know exactly who you’re talking to. A reputable organisation will never mind that you double check with them if you are unsure.

Scammers will sometimes spend a lot of time working their way into your confidence before they spring the trap, and having your identity stolen is no joke. Last year, identity fraud cost victims £134 million in the UK alone.  If you think you’ve been targeted by scammers, get in touch with Action Fraud for help.


Okay, let’s take a moment to talk about passwords. According to the internet’s top security experts, we’re still not taking them seriously enough to be safe – especially as we are managing more of our lives online.

Just to pick an example, close to 1 in 3 of us in the UK are still making one of the most basic errors in password security.

Using a common password

Despite all the warnings and nightmare stories about this, we’re still using the same passwords across a bunch of different websites and online accounts. That’s like locking every house in the street with the same key. If a hacker or scammer gets hold of just one password, all your accounts, details and possibly even bank accounts belong to them now.

Setting a secure password

Another thing we’re doing far too often is making up passwords that are far too simple to guess. Real words (even in foreign languages) are terrible choices for locking up your valuable data. They can be cracked incredibly easily with the right tools or techniques. To be as secure as possible, you need to make sure your passwords are:

  • Long: 12 characters would be a decent start.
  • Random: don’t just type in your first pet’s name or favourite football team and hope for the best. The bad guys can often pick this kind of information up from your social media posts and profiles.
  • A mixture of character types. Ideally, you’ll have a chaotic scramble of upper and lower case letters mixed in a generous sprinkling of numerical digits and other symbols.
  • Unique – DON’T make life easy for criminals by sticking to the same password across your accounts.

Obviously, coming up with these types of password is a chore – and remembering them all can be virtually impossible. Luckily, there are a few security tools to give you a hand. A random password generator, for instance, can be a great help. Nordpass is an example, but there are plenty of others to check out. Once you’ve generated your passwords, you can use a password manager to remember them all for you. Again, you’ve got a bunch of options here, whether free or paid for. Do your homework and take your pick.

Changing your password

There’s a lot of discussion about how often you should change your passwords. Some experts will tell you to do it once a year, others say every 3 months. Increasingly though, security professionals are stressing that it’s much more important to be aware of when your accounts have actually been breached. You can do this with services like Google’s Password Checkup for Chrome, for example. That way, you only need to change the passwords that are no longer secure.

One thing to keep in mind when changing passwords is that you can’t afford to take shortcuts. A lot of people who think they’re being smart by changing login credentials are actually risking making things worse. Make sure your new password’s every bit as secure as your previous one, or you’re basically doing half the scammers’ job for them.

Security and your tax refund claim

When it comes to online security, as always, RIFT has you covered. Our app and your MyRIFT account are the safest, simplest ways to get us the information needed for your tax refund claims.

Wherever you are in the world, you can log in to check and update your details, send important paperwork digitally and monitor your claim’s progress.

Doing it all online cuts out the risk, wasted time and unnecessary trips out of using the post. On top of that, you can hold onto all your original documents for extra security. Just keep your password strong and secure, and leave the rest to us.