Course overview

A plain-English mental model of who's after your data and why.

The short list that does most of the work.

Why most attacks aren't aimed at you — and why that's good news.

Plain-English definitions for the words that scare people off.

Why your "boring" accounts are valuable, and what privacy really means.

A simple way to decide where to focus your effort first.

How to harden your life without locking yourself out of it.

The one reflex that defeats scams that don't even exist yet.

How one reused password turns a single leak into a chain reaction.

Lock down your primary inbox first — it can reset almost everything else.

Pick one that fits your devices, budget, and habits.

A strong master passphrase, an emergency kit, and a no-burnout migration.

SMS vs app vs hardware key vs passkey — and which to use where.

Phishing-proof logins for the accounts that matter most.

Save recovery codes, add a spare factor, and test recovery before you need it.

A calm breach-response routine — and why extortion emails are bluffs.

Share with family or a partner without losing control — and un-share cleanly.

Why phishing is a numbers game built on psychology — and anyone can fall for it.

Why flawless, personalized scams mean you judge the request, not the wording.

The six emotional levers every scammer pulls — and how to feel them coming.

Read a web address the right way, preview before you tap, and treat QR codes as unknown links.

Why caller ID proves nothing, and the hang-up-and-call-back rule that defeats them.

When seeing and hearing isn't believing — safe words, call-backs, and live-call tells.

Why real errors never give you a number to call — and remote access or gift cards always mean scam.

Follow the incentive: see through scareware, fake recovery services, and outdated rules.

Match the payment method to how much you trust the other party.

The one habit that beats most banking attacks: open the app, don't click the link.

Credit vs debit, why tap-to-pay is safer, and the P2P-app stranger rule.

The fake fraud call that drains life savings — and the two rules that defeat it.

The slow-built trust con behind the biggest losses — and the can't-withdraw trap.

Vet a store in 60 seconds, pay with recourse, and see through the refund reversal.

How "move money for me" jobs and favours turn victims into unwitting criminals.

Set-it-once defences that block new accounts in your name and contain any single leak.

A strong passcode, biometrics used deliberately, and stopping shoulder-surfers.

Trim what apps can reach, read the privacy dashboards, and patch automatically.

Turn on find/lock/wipe now — calmly, before your phone ever goes missing.

When a thief also knows your passcode — the newer defences that stop the cascade.

Lock down your number: a carrier port-out PIN, a SIM PIN, and moving off SMS.

What to actually worry about — evil-twin hotspots — and why juice-jacking is hype.

Prep before you go, use a travel eSIM, and handle border searches and theft abroad.

Spot fake apps, sideload only when it's worth it, and wipe a phone before letting it go.

Auto-update everything, find your end-of-support date, and run as a standard user.

Encrypt the disk so a stolen laptop is a brick — and save the recovery key.

Why the built-in protection is enough for most people, and how to spot scareware.

Where software safely comes from, and how to dodge fake-installer ads and bad extensions.

The handful of one-time router changes that matter — and a guest network for gadgets.

The real ways malware gets in, what ransomware does, and why backups defeat it.

A real login password, auto-lock, and handling USB sticks and repair shops safely.

Set up find-my-laptop now, and truly erase a drive before you sell or recycle it.

A real backup is a separate, restorable copy — and cloud sync isn't one.

Three copies, two kinds of storage, one off-site — a plan you can actually hold in your head.

Turn on and verify the built-in backup you probably already half-own.

An offline or immutable copy that ransomware and accidents can't reach.

Find, consolidate, and future-proof the photos and documents you can't re-create.

Pick the right storage, learn why RAID isn't backup, and prove a restore works.

How tracking really works — and what incognito and clearing cookies don't fix.

The one thing a VPN does, and the four big things the ads imply but it doesn't.

Five-minute, mostly-free fixes that block most tracking while keeping sites usable.

Go after the profile already built about you: ad opt-outs, private search, and aliases.

Tighten app location access and strip GPS from photos before you share them.

Find and remove the listings that sell your name, address, phone, and relatives.

Hunt down dormant accounts and use your GDPR/CCPA-style rights to force deletion.

Skim a privacy policy in 60 seconds, judge permissions, and tame smart-home gadgets.

What end-to-end encryption really protects, and how Signal, WhatsApp & Telegram differ.

Out-of-band checks that defeat cloned profiles and the "Hi Mum" scam.

A per-platform pass through the privacy settings that actually matter.

How small, harmless-seeming details add up — and how to share without giving them away.

Search yourself the way a stranger would, and split your professional and private presence.

The warning signs, the rogue forwarding rule, and the correct recovery order.

Revoke forgotten app grants and stale sessions — the keys a new password doesn't touch.

It's cash, not a bank account — the one shift that prevents the worst, most permanent mistakes.

Custodial vs self-custody, and hardening an exchange against SIM-swap and phishing.

Hot vs cold wallets, and why the 12–24 word seed phrase IS your money.

The strongest option — and the buying and setup traps that turn it into a stolen one.

Giveaways, fake support, drainer sites, and the malicious "approve" that empties your wallet.

Verify the address, send a test first, and leave an access plan so funds aren't lost forever.

Guided independence and a no-blame "come to me" promise, age by age.

The fastest-growing threat to teens — and the exact do/don't response.

Share kids' photos privately, strip location data, and guard against child identity theft.

Stop surprise charges, secure game accounts, and the two rules that prevent grooming.

Set up the essentials together and agree a "call me first" rule — without taking over.

Separate profiles, per-person logins, and a clean exit when a household changes.

What to say, the practical first hour, and dodging the recovery-scam second hit.

Spotting tech-enabled control and stalkerware — and why safety planning comes first.

A calm, correctly-ordered playbook for the moment you realize you've been hacked or scammed.

Recognizing a specific, motivated adversary — and why default convenience advice can be unsafe.

What's reversible, exactly what to tell your bank, and how to report cybercrime locally.

Reclaim a hijacked number first, then work through identity-theft recovery methodically.

Why victims get re-targeted, and the rule that recovery-for-a-fee is always a scam.

Set up legacy tools and a sealed plan so loved ones aren't locked out — without weakening security now.

Turn everything into a light monthly/quarterly/annual routine that survives a busy life.