Skip to main content
The Australian Cyber Security Centre (ACSC) has developed an Easy Steps Guide to help Australians protect themselves from cyber criminals. Lottery and grant scams, identity theft, investment scams, hacking, phishing, dating and romance scams, online abuse and sextortion are just some of the threats people face.

Our Easy Steps Guide shows how you can better protect yourself from these threats and secure your accounts and devices, by stepping you through a six-day plan.

On completion of the Guide, you will have strengthened the security of your online accounts and your information.

Here’s what you need to do:

1. Secure your email, social media and apps

Secure emails and apps

Put strong security on important accounts where you exchange personal or sensitive information such as email, bank and social media accounts.

  • Turn on two-factor authentication, such as a code sent to your mobile, for an extra layer of security.
  • Use strong passwords on your accounts. A strong password is a passphrase of at least 13 characters, made up of about four words that are meaningful for you but not easy for others to guess. For example, 'horsecupstarshoe'.
  • Don’t use the same password on any of your accounts.
  • Consider using a reputable password manager.

Visit the Have I Been Pwned website to see if your email has been breached. If your email has been breached you need to change your password immediately. Make sure you haven’t used the breached password on any other accounts.

Check out Google's Advanced Protection program for people at risk of targeted attacks.

2. Watch out for scam messages

Check scam message

Online scams and 'phishing' by email, SMS, social media posts and direct messaging are designed to steal your logins, credentials and personal details or to download malicious software onto your devices.

  • Check before you click links - hover over the link to see the actual web address.
  • Never enter your username or password from links in messages to your accounts - go to the official website or app.
  • If a message seems suspicious, contact the person/business through a separate, legitimate source to confirm it.

For more information about online scams, visit the Scams

3. Secure your mobile and computer

  • Strong password
    Always use a PIN or password on your mobile and computer.
  • Always do the software updates such as Microsoft, iOS and Android.
  • Make sure you download apps from official stores such as the Apple App Store or Google Play for Android.
  • Install security software on your devices to protect you from malicious software.

4. Check public Wi-Fi before connecting

Don't use public wifi

Information shared through public Wi-Fi hotspots in cafés, airports, hotels and other public places can be intercepted.

  • Turn off automatic connection to public Wi-Fi on your devices.
  • Choose to connect to non-public Wi-Fi for a more secure connection.
  • Consider installing a reputable Virtual Private Network (VPN) solution on your device.


Follow the checklist to protect yourself from scammers, cybercrime and identity theft.


Two factor authentication pairing with device

Day One

I created a strong, unique password and turned on two-factor authentication for my:

  • Online bank accounts
  • Apple ID
  • Google account (which includes Gmail, Youtube)  
  • Email accounts (Hotmail, Yahoo etc)
Two Factor Password

Day Two

I created a strong, unique password and turned on two-factor authentication for my:

  • My email (Hotmail, Yahoo)
  • Twitter
  • Instagram
  • LinkedIn
  • WhatsApp (or other messenger apps)
Secure your phone

Day Three

I added a PIN /password and turned on automatic software updates for my:

  • Mobile phone
  • Tablet / iPad
  • Home computer
  • Laptop
Install security program

Day Four

I installed security software on my:

  • Mobile phone
  • Tablet / iPad
  • Home computer
  • Laptop
Secure email and apps

Day Five

I completed the security check-up for my:

Don't use public wifi

Day Six

I only connected to trusted Wi-Fi networks on my:

  • Mobile phone
  • Tablet/iPad
  • Home computer
  • Laptop


Contact the Australian Cyber Security Centre by email Contact us or call the 24/7 Hotline for urgent assistance on 1300 CYBER1 (1300 292 371)

Report cybercrime to ReportCyber

Report scams to Scamwatch at

Contact IDCARE if you've experienced identity theft at

Visit the Individuals and families for advice for you and your family. Sign up for the free ACSC alert service on recent online threats.