Security & privacy

Staying safe online

We want you to feel safe as part of our online community. So we've put together some information to help you avoid malicious activity such as phishing and online scams – keeping you in control and keeping your sensitive information safe.

What is phishing?

Phishing is the practice of tricking someone into handing over their personal information. For example, you may have received some emails or texts that look like they’re from us, but they aren’t. Or perhaps you’ve seen a (fake) social media post offering John Lewis deals that are too good to be true. Unfortunately, this happens to a lot of trusted institutions, with fraudsters looking to trick you into giving away sensitive information. The following advice will help keep you safe.

We'll never ask you to provide payment information or your account login details via email. If we do need to take payment, we’ll only do so by phone once you’ve passed our security checks. 


If you don’t recognise the sender, don’t open the email. Be especially wary of potentially malicious emails in your spam folder.


Does the sender want you to act fast to avoid “missing out”? Never be hurried into making an online transaction or sharing confidential information until you know for sure that it’s legitimate.


Are there mistakes – in the email address, subject line, email content or website address? This is often a sign that it’s fake. 

Links and attachments

Don’t click on links or attachments in unsolicited emails.
Remember, if it looks too good to be true, it very often is. Legitimate emails will end in:


But a phishing email will differ. This could be a change in spelling, wording or format, such as:



Our website URLs will always contain or For example, our customer support information can be found at

If you hover your cursor over the URL in an email from us and it doesn’t look like that, then it’s not legitimate. We don’t operate any separate “discount” websites.

Social media

You might see an offer or competition on social media that looks like it’s from us. Apart from being too good to be true a lot of the time, the way you’ll know a Facebook or Instagram post is genuine is if you see a little blue symbol with a tick next to our name. If it doesn’t have that, it’s fake.

Blue tick instagram


Don’t give out any personal information over the phone before you’ve verified who you’re speaking to. If in doubt, you can always call our customer services team back using the registered number from our contact us page, or tap the link in our app. You can also check with them if an email you’ve received is authentic or not.

Your password

Remembering multiple passwords can be tricky, but setting effective and secure passwords is vital to help prevent fraudulent activity. Here are our top tips when setting a password:

• Avoid using the same password for all of your online accounts. That’ll mean they can’t all be fraudulently accessed at once. Multiple passwords keep you safer.

• For guidance on creating a strong password visit the National Cyber Security Centre.

• Consider using a reputable password manager application where you can manage all your unique passwords in one place.

Your privacy

We're committed to your privacy, and we've recently updated our privacy policy. Read our full Privacy Notice.

Cookies on your computer

Cookies are tiny text files stored on your computer when you visit certain web pages. We use cookies to keep track of what you have in your basket and to remember you when you return to our site.

We also use banner advertising on other websites to present you with products we think may be of interest to you, based on your browsing history.

Find out more about cookies and banner advertising, why and how we use them, and how to manage them.

Your payment security

We maintain the highest levels of security on – and take the privacy and security of your payment and personal details very seriously.

• Our site uses high-level SSL encryption technology, the most advanced security software currently available for online transactions.

• You can tell whether a page is secure as 'https' will replace the 'http' at the front of the in your browser address window. A small locked padlock will also appear in the bottom bar of your browser window.

• Only connect to secure wireless networks that you trust.

• Our checkout process uses Verified by Visa, Mastercard® SecureCode™. and American Express SafeKey SM. These services enhance your existing card account against unauthorised use when you shop with us.

• To use these services, you must first register with the bank or other organisation that issued your card.

Click on the images below to find out more:

Once you've registered and created your own private password with your card issuer, you'll be prompted automatically at checkout to provide this password when you make a purchase that requires authorisation.

Please note:

Your Verified by Visa, Mastercard® SecureCode™ or American Express SafeKey SM password is different from your account password. We don't have access to card issuer passwords.

Using WiFi in public places

Using an unsecured network in a public place can be risky because unauthorised people may try to intercept anything you're doing online. We recommend you only connect to secure wireless networks that you trust, and to always be aware of the risks associated with using public WiFi.

Secure free WiFi is available in our shops.

Want to know more?

For more information, the National Cyber Security Centre website is a great resource. Here you’ll find further advice and guidance on what to look out for, how to protect yourself from online fraud, and how to report suspicious emails and websites.  

If you believe you’re the victim of a fraud or cyber-enabled crime, please report it to Action Fraud.  If this crime involves your banking information, contact your bank fraud team by dialling 159 – a service operated by Stop Scams UK