Skip to main content
your browser is not supported
To use ASOS, we recommend using the latest versions of Chrome, Firefox, Safari or Internet Explorer

ASOS Cyber Security

At ASOS, we take online safety very seriously. We are aware of fraudsters’ ways of exploiting customers, including scams by email or text message, posing as ASOS on social media or simply trying to guess your password to get into your account.

Here are our top tips to help you stay safe online.

STRONG PASSWORDS

SAVING PASSWORDS IN YOUR BROWSERS

TURN ON TWO-FACTOR AUTHENTICATION

KEEP YOUR DEVICES UPDATED

BACK UP YOUR DEVICES

AVOIDING PHISHING

FRAUD ADVICE AND KEEPING YOUR CARD DATA SAFE

FURTHER ADVICE ON STAYING SAFE ONLINE


STRONG PASSWORDS

Your email account contains a lot of personal information about you, and is usually linked to other online accounts you use. If your email account is compromised, all your other passwords can be reset. So, it's important you secure your email account with a strong password that is different to all your others.

To create one, we recommend the '3 random words' method: simply connect three random, memorable words that mean something to you together – the longer and dafter the better.
For example: MagicalCardWater.

If you need to change your password on your email account to make it stronger, just click here:

Gmail
Yahoo Mail
Outlook
BT
AOL


SAVING PASSWORDS IN YOUR BROWSERS

Using the same passwords for all your accounts makes you vulnerable, because if that one password is stolen, all your accounts can be accessed. Use a unique password for each one, and remember to have different passwords especially for your email and ASOS accounts.

The more passwords you have, the harder to remember, right? So, it's a good idea to save and manage your passwords in the browser you use.

If you need help, check out handy instructions for your preferred browser here:

Google Chrome
Microsoft Edge
Firefox
Safari


TURN ON TWO-FACTOR AUTHENTICATION

Two-factor authentication (2FA) is a free security feature that adds double protection on your important accounts, like email or social media.

2FA stops someone else getting into your accounts, even if they have your password. It asks you to provide a code sent by text, or via an app on your phone, to confirm it's really you accessing the account.

Depending on the online services or apps you use, it can be called 2FA, two-step verification, or multi-factor authentication. If it's available, it’s always safest to turn it on, especially on the accounts you care most about.

Need help with 2FA?

To protect your email account, click here:  Gmail;  YahooOutlookAOL

For your social media accounts, click here: InstagramFacebookTwitterLinkedIn

For secure banking, your bank should provide you with that service automatically; just make sure they have your correct phone number.


KEEP YOUR DEVICES UPDATED

We all love online shopping on our phones, tablets or laptops. But we need to make sure they don't have any weaknesses that can be exploited. To protect sensitive data on your devices and keep them secure, always ensure the the latest app and software updates are installed.

The best way to do it is to turn on automatic updates on your device, so you don’t have to think about it.

Need help? For app updates, check out these links for Google Android and Apple iOS.

Or, for the latest software updates, check out these links for Android Smartphones & TabletsApple Mac, Apple iOS and iPad, and Microsoft Windows 10.

If you are using Smart Devices at home, find out more about how to keep them secure here: Smart devices in the home.


BACK UP YOUR DEVICES

Yep, things can go wrong sometimes. And, if you lose your phone, tablet or laptop – or your accounts are accessed by someone trying to steal your information – you could permanently lose all your sensitive personal data.

To prevent this, make sure you back up your information. It's up to you how much data you choose to back up - all of it, or just what is important to you.

The best way to do it is to turn on automatic backup on your devices. For help, check out the below:

Apple Mac
Apple - iPhone, iPad and iPod Touch
Google Devices Android
Microsoft Windows 10


AVOIDING PHISHING

Be aware of suspicious requests pushing you to give away your personal details, or offering you something that seems too good to be true. It’s usually a phishing scam.

If you receive a dodgy email, don’t click on any links and don’t open any attachments. Simply forward it to the Suspicious Email Reporting Service report@phishing.gov.uk where the experts will take care of it for you.

If you receive a dodgy text, don't reply. Just forward it to 7726 (UK only), or report the number online at Ofcom.

Finally, if a number calling you looks suspicious, don’t answer – it could cost you a lot.


FRAUD ADVICE AND KEEPING YOUR CARD DATA SAFE

  • Always use websites with the secure padlock symbol.
  • Check your bank statements online often and report any anomalies to your bank.
  • Report any suspicious activity to https://www.actionfraud.police.uk/
  • Report lost or stolen cards immediately to your bank.
  • Do not auto-fill or remember card information or credentials on a shared device.
  • Log out of your account after every session on a shared device.

Before you report a potential unauthorised transaction on your card, please consider the below:

  • Is the charge for a Premier Delivery subscription?
  • Was the order placed by a friend, family or someone who has access to your payment details?
  • Are there other cards associated with the account that may have been used?
  • Have you recently cancelled an order? Some banks show this transaction as pending.

To ensure we can locate the transaction, you will be asked to provide your 16-digit card number. However, this will only be asked for over the phone; never send it by email.


FURTHER ADVICE ON STAYING SAFE ONLINE

Always check you are shopping with trusted retailers and only use secure sites, look for the padlock in the address bar when you are surfing the web. This means that your connection is encrypted, so your personal information will reach the site without anyone else being able to read it. That's important if you're sending things like credit card details, but it doesn't tell you who is at the other end of the connection.

If you want to go ahead with a purchase on a site you’re not sure is legitimate, use a credit card if you have one, as most major credit card providers insure online purchases.

Also, don’t give away too much information. There’re some obvious details that an online store will need, such as your address and your card details, but be cautious if they ask for details that are not required for your purchase such as your mother’s maiden name or the name of your primary school.

Don't worry, help is at hand if something goes wrong. Here are some useful links:

For the UK:

Information Commissioners Office
National Cyber Security Centre
Cyber Aware

REPORTING A SECURITY VULNERABILITY

We’re all about taking risks when it comes to our fashion, just not our security. If you’ve noticed something’s up with our tech, let us know. Drop an email to vulnerability@asos.com with your contact details, including your company name (if you’re not an ASOSer), and details of the vulnerability and what we need to do to reproduce or validate it.

We expect legit security researchers to avoid privacy violations; not destroy or corrupt our precious data; and not interrupt or degrade our awesome service. We only read reports that have been encrypted using our PGP public key too, so make sure you download the ASOS.com PGP Key.