Master Checklist 15 min read Updated March 2026

The Complete Online Safety Checklist

A master printable checklist covering every aspect of staying safe online — from passwords to shopping to social media.

1. Password Security

Weak passwords are the number-one way people get hacked. The good news: fixing this is straightforward. Follow this checklist and you will be far safer than most people online.

Your Password Checklist

  • Every account uses a different password (never reuse the same one)
  • Each password is at least 12 characters long
  • Passwords include a mix of uppercase letters, lowercase letters, numbers, and symbols
  • You do not use personal information in passwords (birthdays, pet names, addresses)
  • You have changed any password that was part of a data breach
  • You use a password manager (like 1Password, Bitwarden, or the one built into your phone)
  • You have turned on two-factor authentication for email, banking, and shopping accounts
Tip: A passphrase like correct-horse-battery-staple is easier to remember and harder to crack than a short, complicated password like P@ss1!. Aim for length over complexity.

How to Check If Your Password Was Leaked

  1. Go to haveibeenpwned.com — this is a free, trusted site run by a security researcher.
  2. Enter your email address and click "pwned?"
  3. If any results appear, change the password for those accounts immediately.
  4. If you used the same password on other sites, change those too.
Warning: If your email password was compromised, change it first — before anything else. Whoever controls your email can reset passwords on all your other accounts.

2. Email Safety

Email is still the most common way scammers reach people. Learning to spot fake emails will protect you from most online threats.

How to Spot a Phishing Email

  • Check the sender's email address carefully. Scammers use addresses that look real but are slightly off — like support@amaz0n-help.com instead of support@amazon.com.
  • Look for urgency and threats. Messages like "Your account will be closed in 24 hours" or "Immediate action required" are almost always scams.
  • Hover over links before clicking. On a computer, move your mouse over any link (without clicking) to see where it actually goes. If the address looks strange, do not click.
  • Watch for spelling and grammar mistakes. Legitimate companies have professional writers. Sloppy writing is a red flag.
  • Be suspicious of unexpected attachments. Do not open attachments you were not expecting, especially .zip, .exe, or .doc files.

Email Safety Checklist

  • I never click links in unexpected emails — I go directly to the website instead
  • I check the sender's full email address, not just the display name
  • I do not open attachments from people I do not know
  • I have spam filtering turned on in my email
  • I never send passwords, Social Security numbers, or bank details by email
  • I know that my bank and the IRS will never ask for information by email
Did you know? Over 90% of cyberattacks start with a phishing email. Simply pausing for 10 seconds before clicking a link can prevent most of them.

Get the Full Guide — Free

Enter your email to unlock the complete guide. You can also print it or save as PDF.

We respect your privacy. No spam, unsubscribe anytime. Privacy Policy

3. Social Media Privacy

Social media is a wonderful way to stay connected with family and friends. But oversharing can put you at risk. Here is how to enjoy social media safely.

What NOT to Share Online

  • Your full birthdate. This is a key piece of information for identity theft. If you want birthday wishes, share just the month and day — never the year.
  • Your home address. Never post photos that show your house number or street name.
  • Vacation plans in real time. Posting "We're in Florida for two weeks!" tells everyone your home is empty. Share vacation photos after you return.
  • Photos of checks, IDs, or mail. These contain account numbers, addresses, and other sensitive details.
  • Answers to common security questions. Those "fun" quizzes asking your first car, mother's maiden name, or childhood street? Those are the same questions banks use to verify your identity.

Privacy Settings Checklist

  • My profile is set to "Friends Only" (not Public)
  • I review my Friends/Followers list regularly and remove people I do not know
  • I have turned off location sharing on my posts
  • I have reviewed which apps have access to my social media accounts
  • I do not accept friend requests from strangers
  • I have turned off facial recognition in Facebook settings
Tip: On Facebook, go to Settings > Privacy Checkup. Facebook will walk you through your settings step by step. Do this once every few months.

4. Safe Online Shopping

Shopping online is convenient, but it pays to be careful. Follow these rules to protect your money and personal information every time you buy something online.

Before You Buy: The 60-Second Safety Check

  1. Check the web address. It should start with https:// (the "s" means secure) and show a padlock icon.
  2. Look up the seller. Search for the company name plus "reviews" or "scam" on Google. Check the Better Business Bureau at bbb.org.
  3. Verify contact information. Real businesses list a physical address, phone number, and email. If there is no way to contact them, do not buy.
  4. Compare prices. If a deal seems too good to be true, it almost certainly is. A $1,200 laptop for $99 is a scam.
  5. Read the return policy. If there is no return policy, or it is confusing and full of excuses, walk away.

Shopping Safety Checklist

  • I use a credit card (not debit) for online purchases for better fraud protection
  • I never shop on public Wi-Fi without a VPN
  • I check my bank and credit card statements weekly for charges I do not recognize
  • I do not save my credit card number on websites I rarely use
  • I use the website's official app or type the address directly — I do not click links in emails or ads
  • I keep records of my online orders (confirmation emails, screenshots)
Warning: Never pay for online purchases using gift cards, wire transfers, cryptocurrency, or apps like Zelle. These payments cannot be reversed if you are scammed. Use a credit card whenever possible.

5. Device Security

Your phone, computer, and tablet are the doors to your digital life. Keeping them locked and up to date is one of the simplest and most important things you can do.

Device Security Checklist

  • My phone and computer are set to install updates automatically
  • My phone has a PIN, fingerprint, or face lock enabled
  • My computer requires a password to log in
  • I have antivirus software installed and it is up to date
  • I do not download apps or programs from unknown websites
  • I have turned on "Find My Device" in case my phone is lost or stolen
  • I regularly back up my important photos and files (to a cloud service or external drive)
  • I log out of banking and shopping sites when I am done

Keeping Your Phone Safe

  • Only install apps from the official app store (Apple App Store or Google Play Store). Apps from other sources may contain malware.
  • Review app permissions. A flashlight app does not need access to your contacts or camera. If an app asks for permissions that do not make sense, delete it.
  • Turn off Bluetooth and Wi-Fi when you are not using them. These can be used to connect to your device without your knowledge.
  • Be careful with public USB charging stations. These can be used to install malware on your phone. Use your own charger plugged into a wall outlet, or carry a portable battery pack.
Did you know? Software updates are not just about new features — they fix security holes that hackers know about. Delaying an update leaves your device vulnerable to known attacks.

6. What to Do If Something Goes Wrong

Even careful people can fall victim to a scam or hack. Acting quickly can limit the damage. Here is your step-by-step action plan.

If You Think Your Account Was Hacked

  1. Change your password immediately. If you cannot log in, use the "Forgot Password" option.
  2. Turn on two-factor authentication so the hacker cannot get back in.
  3. Check for changes. Look for emails you did not send, purchases you did not make, or settings that were changed.
  4. Alert your contacts. If your email or social media was hacked, let your friends and family know — the hacker may try to scam them next.
  5. Scan your computer for malware using your antivirus software.

If You Gave Away Personal Information

  1. Contact your bank immediately if you shared financial information. They can freeze your accounts and issue new cards.
  2. Place a fraud alert on your credit by calling one of the three credit bureaus (Equifax: 1-800-525-6285, Experian: 1-888-397-3742, TransUnion: 1-800-680-7289). You only need to call one — they will notify the other two.
  3. Consider a credit freeze. This prevents anyone from opening new accounts in your name. It is free and you can lift it anytime.
  4. File a report at IdentityTheft.gov — this is the official government site for identity theft. They will create a personalized recovery plan for you.

If You Sent Money to a Scammer

  • Credit card: Call your card company and dispute the charge. You are protected by law.
  • Debit card: Call your bank immediately. The sooner you act, the more likely you are to get your money back.
  • Wire transfer: Contact the wire transfer company (Western Union, MoneyGram) immediately to request a reversal.
  • Gift cards: Call the gift card company. While recovery is rare, it is worth trying.
  • Report the scam to the FTC at ReportFraud.ftc.gov and to your local police.
Warning: Scammers sometimes pose as "recovery" services that promise to get your money back — for a fee. This is a second scam. Legitimate recovery help is free through your bank, the FTC, or IdentityTheft.gov.

7. Quick Reference Card

Print this section and keep it near your computer. These are the most important rules to remember.

The Golden Rules of Online Safety

  1. When in doubt, do not click. Close the email, leave the website, or hang up the phone. You can always go back later.
  2. If it seems too good to be true, it is. Unbelievable deals, surprise prizes, and unexpected inheritances are always scams.
  3. No legitimate company will ever ask for your password. Not your bank, not Apple, not Microsoft. Never share it.
  4. Use a credit card for online shopping. It has the strongest fraud protection of any payment method.
  5. Keep everything up to date. Update your phone, computer, browser, and apps whenever prompted.
  6. Slow down. Scammers create urgency to stop you from thinking. A real opportunity will still be there in an hour.
  7. Ask someone you trust. If something feels off, show it to a family member, friend, or your bank before acting.

Emergency Contacts to Save

  • FTC Fraud Reporting: ReportFraud.ftc.gov
  • Identity Theft Help: IdentityTheft.gov or 1-877-438-4338
  • Credit Bureau Fraud Alerts: Equifax (1-800-525-6285), Experian (1-888-397-3742), TransUnion (1-800-680-7289)
  • FBI Internet Crime: ic3.gov
  • Social Security Fraud: 1-800-269-0271
  • Your bank's fraud department: (write the number here) _______________
  • Your credit card company: (write the number here) _______________
Tip: Take a photo of this quick reference card with your phone so you always have it with you, even when you are away from your computer.

Worried About a Seller?

Use our free verification tool to check any online seller before you buy.

Check a Seller for Free