Staying Safe Online: a Practical Guide for Thoughtful Investors
Managing your finances online is both convenient and efficient, but it also requires a degree of vigilance. Cybercrime is no longer just a technology issue; it’s an evolving risk that affects individuals and investors alike.
With this in mind, we’ve brought together some practical guidance to help you stay safe and secure online.
Today’s cybercriminals are organised, well‑funded and increasingly using tools like generative AI to create convincing scams at scale. For investors who regularly log in to platforms, move money or receive digital statements the need to protect yourself and adopt a cautious mindset is essential.
That’s why at Castlefield, we take financial security seriously. Helping you protect your personal and financial information is a key part of looking after your long‑term prosperity. The good news is that a few simple habits, combined with using secure tools and channels, can significantly reduce your exposure.
Why this matters more than ever
Recent data highlights just how widespread cyber threats have become:
- 43% of businesses and 30% of charities in the UK reported having experienced some sort of cyber security breach or attack in the last 12 months.[1]
- Phishing remains the dominant threat, targeting both individuals and organisations. As of February 2026, there have been more than 52 million reported phishing scams to the NCSC.[2]
- Generative AI is making phishing scams more convincing and far quicker to produce, allowing attackers to create realistic messages in minutes rather than hours. As a result, scams are becoming harder to detect, often closely resembling those written by experienced fraudsters. [3] [4]
What are the most common scams affecting investors?
Cybercriminals are increasingly sophisticated, often posing as trusted organisations or individuals. Common tactics include:
- Phishing emails and messages
Phishing is a type of cyberattack where criminals masquerade as trusted organisations or individuals to steal sensitive information. These messages are designed to look authentic and often use urgent or threatening language to prompt quick action—such as clicking on links or providing personal details. [5] - Impersonation scams
Attackers posing as financial advisers, platforms, or even family members to request payments or sensitive information. - Investment scams
Fraudsters may contact you with investment opportunities offering unusually high or guaranteed returns. These often appear convincing, using fake websites, cloned companies, or false testimonials and endorsements to make the opportunity seem genuine. [6] - Account takeover attempts
Criminals use stolen usernames and passwords to access online accounts, often exploiting the fact that people reuse the same credentials across multiple services.
Simple habits that make a big difference
Cybersecurity doesn’t need to be complicated. A few core principles go a long way:
1. Pause before you act
Scammers often rely on panic and create a sense of urgency. If something feels rushed or unexpected, take a moment to verify it e.g. check your bank’s website rather than clicking on a link provided in an email.
2. Be cautious with email
Email is the easiest channel for criminals as it is inherently less secure and easier to spoof. Avoid clicking links or downloading attachments unless you are completely confident of the source. E.g. always log in to platforms directly via your browser, not through email links.
3. Use strong, unique passwords
Reusing passwords across platforms increases risk. Never reuse the same password across services, and consider using a password manager to generate and store them securely.
4. Enable two-factor authentication (2FA)
This adds an extra layer of protection, such as a code sent to your mobile device, even if your password is compromised, making it much harder for criminals to access your accounts.
5. Keep devices and software up to date
Updates often include important security fixes. Ensure your phone, laptop and apps are running the latest versions.
6. Pay the safe way
Use secure payment methods wherever possible. Avoid sending money via bank transfer or through links in messages, and be cautious about storing card details on unfamiliar websites or apps (NCC Group, held in our TM Castlefield Thoughtful UK Smaller Companies Fund, has a helpful guide for shopping safely online).
Nyle Yates, IT Manager at Castlefield adds, “Always be wary of requests for bank or personal details. If you’re unsure about a phone call, hang up and contact the company directly using a number you trust. Similarly, avoid calling numbers provided in suspicious emails—take a moment to verify them independently before making the call.”
The Castlefield Portal
At Castlefield, we encourage clients to use our secure app and client portal wherever possible, particularly when sharing sensitive information.
Messages are exchanged within a protected environment, rather than over open email networks, and sensitive documents can be stored and shared securely.
The Castlefield app keeps your important financial documents safe, secure and accessible, and provides a clear, uncomplicated view of your finances in one place, bringing together your investments, pensions and associated paperwork.
Your adviser can share documents and reports with you through the app, allowing you to review them at a time that suits you, while notifications alert you when new information is available.
The app ensures that your personal data is exchanged using secure methods, with privacy controls that allow you to decide who your information is shared with. This means you remain in control of your data at all times.
We take the security of your personal and financial information seriously. The Castlefield app is designed to safeguard your data using bank-level security and encryption, alongside additional protections such as device registration and secure login.
You can find out more details about the Castlefield secure portal here.
Written by Olivia Shields
References: