Online Safety
Practical help to use technology more safely.
Help with scams, passwords, account protection and backups for everyday Australians, families, older people and small businesses.
Ask about Online SafetyWho this service is for
For people who want online risks explained without alarm.
Everyday Australians
People who want safer habits for accounts, messages and online services.
Older Australians and families
People who want to discuss online safety together without taking control away from the person using the technology.
Small businesses
Sole traders and small teams improving everyday account, backup and scam-awareness habits.
Common safety concerns
Start with what you noticed or what changed.
You do not need to prove something is a scam or account compromise before asking for help.
- An email, text message or phone call does not feel genuine
- The same password is being used across several important accounts
- A login notification or account change was not expected
- Two-factor authentication is confusing or recovery options are unclear
- Important photos, documents or business files may not be backed up
- Someone may have shared information, sent money or allowed remote access
Scam awareness
Look at the request, not only how professional it appears.
A familiar logo or convincing story is not proof. These patterns are reasons to pause and check through a separate, trusted channel.
Unexpected contact
A message arrives without context and asks you to click, call, sign in or provide information.
Pressure or urgency
The sender pushes for immediate action or says there is no time to verify the request another way.
Impersonation
Someone claims to be a relative, business, bank or government service and asks for unusual help or payment.
Unusual access or payment requests
A person asks for passwords, verification codes, remote access, gift cards or a payment method you did not expect.
Passwords and account security
Make important accounts easier to protect and recover.
Account safety is not only about creating a difficult password. Unique passwords, current recovery details and clear ownership all matter.
Use a different password for each important account
A unique password limits how far one exposed login can affect your other accounts.
Consider a reputable password manager
A password manager can create and store unique passwords, but it still needs a strong main password and recovery plan.
Protect the email account first
Email is often used to reset other accounts, so its password, recovery details and additional sign-in protection matter.
Review recovery information
Keep recovery email addresses and phone numbers current, and remove options you no longer control.
Two-factor authentication
Add another check while keeping account recovery practical.
Two-factor authentication asks for something beyond the password. The setup should also include a safe plan for changing or losing a device.
Choose an available method
An account may support an authenticator app, a security key, a passkey or a code sent to a trusted device.
Understand the extra check
The second step helps protect an account even if someone learns the password, but it does not remove every risk.
Prepare for recovery
Store recovery codes safely and keep recovery details current before a phone is lost or replaced.
Backups and recovery basics
Keep another usable copy of what matters.
Backups can reduce the impact of device failure, accidental deletion and some account problems, but they need to be understood and checked.
Keep another copy
Important files should exist somewhere other than the device where they are normally used.
Know what is automatic
Check what a backup or cloud service includes, how often it runs and whether deleting a file affects every copy.
Check that recovery is possible
A backup is more useful when you know how to find and restore a file. Recovery still cannot be guaranteed.
When something feels wrong
What to do if something feels wrong
The right response depends on what happened. These general steps can help organise the situation while the relevant provider or specialist is contacted.
- 1
Pause the interaction
Stop clicking, replying, paying or sharing information while you work out what happened.
- 2
Verify through a known channel
Contact the person or organisation using details you already trust, not a link or phone number from the suspicious message.
- 3
Protect affected accounts
From a trusted device, change exposed passwords, review account activity and sign out unfamiliar sessions where possible.
- 4
Contact the relevant provider
If money, identity information or an important account may be involved, contact the bank, platform or appropriate specialist promptly.
- 5
Keep useful records
Save relevant messages, dates, transaction details and screenshots without continuing the conversation.
Useful details
Frequently asked questions
If your question is not covered here, describe what happened in the contact form without including passwords or other sensitive information.
Can every scam be recognised before it causes harm?
No. Scam methods change and some messages are convincing. Slowing down, verifying requests independently and protecting accounts can reduce risk, but no approach removes it completely.
What should I do if I clicked a suspicious link?
Stop interacting with the page. If you entered a password or other information, use a trusted device to protect the affected account and contact the relevant provider. The right steps depend on what was shared.
Are text-message verification codes enough?
They add a useful second step, though some accounts offer methods that are less dependent on a phone number. The best available option depends on the service and what you can use reliably.
Does cloud sync mean my files are backed up?
Not always. A synchronised deletion or unwanted change may appear everywhere. Check whether the service keeps file history or a separate recoverable copy.
Can Friendly Geek recover money or a compromised account?
Recovery can't be promised. We can help you understand what to do next, but a bank, account provider, identity service or specialist incident responder may need to take over.
Related Learn resources
Read more about suspicious messages and safer accounts.
These reviewed guides explain practical checks and account-security steps in more detail.
How to recognise a phishing email
A simple checklist for pausing and checking a suspicious email before taking action.
Read article
How to check a suspicious text message
A simple way to pause, check and avoid using links in a suspicious text message.
Read article
What to do during a suspicious phone call
What to say, what not to share and how to verify a call through a safer channel.
Read article
A pop-up says your computer is infected: what should you do?
What to do when a scary pop-up says your computer has a virus or asks you to call support.
Read article
Understanding two-factor authentication
An introduction to the extra account check commonly called two-factor authentication.
Read article
What to do if you think you have responded to a scam
Calm first steps for protecting money, accounts and personal information after a suspected scam.
Read article
How to create stronger, unique passwords
A practical approach to passwords that reduces reuse without expecting you to remember everything.
Read article
What is a password manager?
A beginner-friendly explanation of what a password manager does and what to think about before using one.
Read article
Where to keep two-factor authentication backup codes
How to store recovery codes so two-factor authentication does not lock you out later.
Read article
Unsure about a message, account or safety setting?
Explain what you noticed, but don't send passwords or sensitive personal information. We'll check whether Online Safety support fits the situation.
Contact Friendly Geek