How to keep safe online and prevent cyber attacks

Top tips to keep yourself safe online

Over the last few years, our reliance on technology has increased, and it is important to keep yourself safe online and make sure the services you use have adequate security measures in place. Read our top tips to help you be safer online.

What is cyber security?

Cyber security involves safeguarding computer systems, networks, and software from potent digital threats – called cyber attacks. These threats often aim to steal, amend, or destroy customer data or personal information, demand ransom through malicious software, or disrupt normal business operations.

As our daily dependence on technology continues to grow, the threat of cyber-attacks has become increasingly tangible. At the same time, cyber criminals are becoming more sophisticated, with online scams appearing more convincing – thanks in part to the rise of advanced, machine-learning technology, like artificial intelligence (AI).

In 2025, the well-known retailer Marks & Spencer (M&S) was hit by a sophisticated cyber attack that severely disrupted its business and security operations. The company was forced to suspend online orders for several weeks, with estimated financial losses reaching approximately £300 million. The retailer confirmed there was a data breach as the cyber criminals managed to gain access to M&S’ customer data.

How to prepare for a cyber attack?

1. Backup – always have at least two copies of data. You can either upload it to a cloud storage account, and/or copy it to another hard drive which you keep nearby (so you can update it easily). If possible, keep a second copy away from your home so it won’t be affected by things like fire, flood or theft.
2. Call recording – consider putting a call recording app on your mobile phone. If you are called by a criminal you will have a copy of the call. This might be useful for Action Fraud (0300 123 2040) or the police.
3. Clone your hard drive – cloning takes an exact copy of your computer’s hard drive and puts it on another disk drive. This isn’t the same as a backup, and means that if you have a problem with your computer, like a ransomware attack, you can swap the ruined hard drive for the cloned hard drive. Refresh the cloned drive each time you add or remove programs or update your operating system, keep it disconnected from your computer and somewhere safe, and if you ever put it into your computer the very first thing do is to clone the drive you have just put in.
4. Separation – separate your electronic content (photos, video spreadsheets, document and purchased software etc.) from your internet connected computer by moving it to separate external hard drives Then keep this hard drives disconnected (known as ‘air gapped’) from the computer when using internet If the computer is attacked by malicious software (‘malware’) or cyber criminal only this computer will be affected; digital content will be safe on separate hard drives It’s important to also have copy of separate hard drives (see ‘Backup’), and also create copy of computers’ s hard drives see (‘Clone’).

How to stay safe online?

The good news is, there are lots of security measures you can put in place improve your cyber security and help to keep you safe online. Here are seven top tips to help protect yourself.

1. Use long and strong passwords - Make the password long (over 15 characters) and strong (including numbers, letters, and symbols). Try using three random words that are easy for you to remember but meaningless to others. Then, replace some letters with numbers and symbols. For other important online accounts (those that can complete transactions or store personal info), do the same – but never reuse passwords or even variations of them across different accounts.
2. Use a password manager - A password manager stores all your online passwords in a secure vault, protected by a single master password (which must also be long, strong, and unique). This allows each of your website accounts to have a unique password. Password managers can automatically sign you in to websites and check your stored passwords and suggest improvements.
3. Two Factor Authentication (2FA) - 2FA uses two pieces of information to verify your identity. The first factor is something you know (your password). The second factor is something you have (like your mobile phone). After entering your username and password, you’ll need to enter a code – usually sent via text or an app. If you receive an unexpected 2FA code, it may mean a hacker has your password – change it immediately. 2FA is free and easy to set up and it’s best to start with your email and cloud services as these services to be kept the most secure.
4. Adopt a zero-trust approach - People trust unexpected emails, text messages and phone calls until their suspicions are aroused. Protect yourself by instead adopting a zero-trust mindset when emails, text messages or phone calls are not believed until proven genuine. If you receive an email, text or phone call that is (a) unexpected and (b) asking you to do anything at all even if it’s from someone you trust like tradesperson or friend pause and think it might be a cyber criminal pretending to be them Independently verify the sender by for example contacting them using details obtained from search engine or official web site.
5. Make secure payments - Try to use a secure payment service like PayPal, or pay by credit card, instead of sending a bank transfer. If you have no other option, always independently verify the bank account details first – never rely on bank account details in an email. You can also keep the balance of the bank account you use for internet banking to a minimum. That way if a cyber criminal does transfer money out of it, the amount taken will be much smaller.
6. Stay updated - Keep all your software updated, not just your operating system, e.g. Windows. If you are running Windows 8 or older, upgrade it now as any new security holes are no longer being fixed by Microsoft and cyber criminals could exploit them.
7. Create a credit score account - Create an account with a free credit score services, like Experian and ClearScore. They usually notify you via email if your credit score changes. An unexpected change might indicate a criminal is trying to steal your identity. Pay particular attention to credit application searches – if you see a search that you don’t recognise, this could be because someone has applied for credit in your name. If this happens contact your bank and Action Fraud on 0300 123 2040.

How safe are my investments with Raymond Jame

Financial institutions are often targeted by cyber criminals to gain access control to clients’ assets so we understand that you may have questions about the safety of your investments you hold with us. Please be assured that we treat the security of our clients’ assets and money with the utmost seriousness—as if they were our own. As your trustee, we have robust policies and safeguards in place to ensure your wealth is thoroughly protected.

Learn more: About the security of your investments

Using our secure client portal

Please be assured that the chances of you being approached with any form of fraudulent communication using the Raymond James name are low but we hope that the above information will be useful if you are.

We hope that you will report any suspect messages or communications to us. If they have not originated here, we will share them with the authorities as part of their ongoing efforts against financial crime in the United Kingdom.

Client Access - Raymond James UK is the secure area of the main Raymond James website where you can view your account details.

Your username and passwords

• You must keep your 'Client Access' username and password secure. Please avoid writing down username and passwords - as tempting as this may be!
• The password should be one you do not use on any other website and include a mix of random numbers, letters and other characters. If possible, you should change it regularly.
• We will never ask you to disclose your username or password by email or telephone.

Our bank details

• You will not be asked to pay in money into any bank account other than those published on the Raymond James website.
• If our bank details change, we will place a notice on our website.

Communications

There are a number of ways you can check that a communication is from us.

• If we send you an unsolicited letter or email, we will always quote one of your account numbers. Checking that account number is genuinely one of yours will help prove that it came from us.
• You can see your account number(s) on your dashboard when logged into our website or on any contract note.
• Our emails will always come from an address ending @raymondjames.com @charles-stanley.co.uk
• With secure messages, you will receive a plain text email from an account ending @raymondjames.com, @charles-stanley.co.uk or @charles-stanley-direct.co.uk. By clicking on the link contained within these emails, you will be taken to the log-in page, where you will need to log in with your password and memorable word, as usual; then allowing you to read the secure message. This is encrypted and pertinent only to your account.
• From time to time, and at your Investment Manager's discretion, we may issue email marketing to you. This will typically have a footer with either your personal Investment Manager's details or the details of the regional office where your account is held. The content of the email will always link back to the Raymond James website and will be pointing you towards the article content that we issue on a daily basis by our commentators, economists and analysts. We will not use email marketing to make financial offers or promotions to you. If you are in any doubt about any email that you receive, please contact your Investment Manager or email contact us.

Logged in

• Our website address will always end with raymondjames.uk.com, charles-stanley.co.uk or charles-stanley-direct.co.uk
• Look for the padlock icon when using your web browser when you are logged in.
• If you right-click and select “View Page Info” or “Properties” you’ll be able to see our 'Certificate', which is registered to Raymond James Wealth Management Limited, our legal trading company.
• If you do not see the padlock or our company name when you click it, then you may not be on the genuine website. (In some browsers like Safari, it isn’t necessary to click as you will see our full company name in the address bar).

Take Five

Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. Led by UK Finance, and backed by Her Majesty’s Government, the campaign is being delivered with and through a range of partners in the UK payments industry, financial services firms, law enforcement agencies, telecommunication providers, commercial, public and third sector organisations.

Take five

ScamSmart

Raymond James is supporting the ScamSmart campaign from the Financial Conduct Authority (FCA), which aims to help investors stay safe online and avoid becoming the victims of scams.

Warning signs

Though the contact methods used by fraudsters may vary, their tactics remain the same. Be vigilant when making investment decisions and look out for these warning signs.

Unexpected contact

• By cold calling
• Online, via social media or email
• By post
• In person

Social pressure

They might tell you other people are interested or have already invested. They may also share fake reviews.

Time pressure

Offers of a bonus or discount if you invest before a set date, or suggestions that the opportunity is only available for a short period.

Seemingly convincing information

Sometimes fraudsters have convincing websites and literature. They might speak with authority on investment products or claim to be regulated.

Flattery

Building a friendship with you to lull you into a false sense of security.

Unrealistic returns

Tempting returns that sound too good to be true… probably are.

Pension fraud

Beware of unsolicited calls offering ‘free’ pension reviews or access to your pension before age 55, pressure to act quickly or promises of unreasonably high returns.

Be extra careful during peak investment season

During the heightened investment activity from January to March, exercise extra caution as scammers often exploit the increased interest by launching fake promotions, impersonating legitimate entities, and employing high-pressure tactics.

Be a ScamSmart Investor

Reject unexpected offers

Scammers usually cold call, but contact can also come by email, post or word of mouth. If you’ve been offered an investment out of the blue, chances are it’s a high-risk investment or a scam.

Check the FCA Warning List

Use the FCA Warning List to check the risks of a potential investment – you can also search to see if the firm is known to be operating without our authorisation. To check, go to: www.fca.org.uk/scamsmart

Get impartial advice

Get impartial advice before investing. Don’t use an adviser from the firm that contacted you.

Refuse to reveal passwords

Never reveal your passwords or reset them at the request of someone who’s contacted you. If asked by an unsolicited email, always check the sender’s address.

ScamSmart

For more information about this campaign, and to access the wealth of resources and information on how to spot and report a scam, go to the FCA website.

Be a ScamSmart Investor