A few months ago, I received an excited text from a friend with a link to an online store we both love. “They’re having quite the sale,” she said. At first glance, it certainly looked that way. But when I saw a flagship item marked down to a steal, alarm bells started ringing in my mind. I double-checked the URL and, sure enough, it was a clone site. My friend was shocked. She’s switched-on, digitally savvy, and aware of cyberthreats because of the industry she works in – not the typical profile of someone who’d easily be taken in by a scam. But the scammers had done a convincing job – the site looked real, and the URL was close to the original.

As scams become more sophisticated, being cybersmart has never been more important. Use these tips to avoid getting scammed.

1. Long, complicated passwords.

Yes, they’re a pain to remember, but long, random passwords are harder to crack. In 2025, your password should be at least 13 characters long and contain a mix of numbers, uppercase letters, lowercase letters and symbols. Hackers don’t always use brute-force attacks, though. Often a scam will trick you into sharing your password in an unsecure location – like a phoney website. Never enter your password on autopilot – always ask questions and triple check. If something feels off, abort.

Your move: Use a nonsense sequence of words (called a “passphrase”) that makes sense only to you. Add spaces between the words, some numbers and symbols and capitalise a few letters. E.g. “Long rusted 17 DAYbreak furnace%! 9”.

Don’t use the same password in different places.

2. Antivirus software

Don’t think of antivirus software as something only for your computer – your tablet and phone are also at risk for malware. That risk is even greater if your kids regularly use your device to play games – they may be enticed to download malware disguised as a free game, skin or other trinket.

Your move: If possible, choose antivirus software that includes virtual private network (VPN) protection and will warn you about dodgy Wi-Fi networks.

Be diligent about updating your apps to the latest versions.  

3. Multi-factor authentication

MFA provides an additional layer of safety when you login to a device, app or website, over and above your username and password. It may take the form of a one-time pin, authorisation on another device or a biometric identifier like facial or fingerprint recognition.

Your move: Always enable MFA. It may feel inconvenient when you’re in a hurry but if you fall victim to a scam and the scammers get your password, they still won’t be able to access your accounts.

4. Common sense

With AI and other tech to assist them, scammers are getting sneakier. That scam website my friend shared looked legit. It had good spelling and grammar, all the right logos and even good-quality pictures and product descriptions of the items. The only red flag: it was too good to be true.

Your move: If something looks suspicious – even if it comes from someone you know and trust – check it:

• Type the proper link into a new browser window.
• Call the store (search for their number – don’t trust the contact details on the suss site or ad).
• Google “scam + the store or company’s name”.

Scammers gonna scam, but with good cybersmarts, you don’t have to fall for it! Get more advice about cyber fraud, scams and how to avoid being caught out here.