font loading for Top nav


Everything you need to know about your online security, including phishing emails and keeping your personal data safe, so you can shop with peace of mind.

  • Always keep your password secret, including never re-using the same password for multiple websites e.g. your M&S account password should be different from any other online services you use. If you are using the same password, change it as soon as possible.
    Check online resources regularly to discover if any of your accounts and passwords have been compromised – if they have, immediately change your passwords and never re-use passwords across sites.
    Choose passwords that are difficult for others to guess. The National Cyber Security Centre publishes guidance on this.
    If you’re using a shared or public computer, it’s best to log out of your account completely when you’ve finished shopping. You might also want to look at our privacy policy for more details.

  • Yes, your data is safe with M&S. We comply with the Data Protection Act. Your account, personal details and any order details are protected. Take a look at our privacy policy for more details. 

  • Phishing emails are emails that claim to be from well-known companies which try to get you to hand over sensitive information such as account, credit card or bank details. These emails attempt to copy the appearance of a popular website or company in order to commit identity fraud. We will never ask you to confirm any account or credit card details via email. If you do receive an email claiming to be from asking you to do so, please do not respond to it.

    We’re aware of a number of spoof emails in circulation, including one purporting to contain a voucher offering £250 off at M&S, one inviting you to claim an unclaimed gift card and a fraud check email. None of these are genuine. Please do not follow any links included such messages as they may take you to a fraudulent website, and please do not share any requested information.

    We will never, for any reason, ask you to send us the following information in an email:

    • Your national insurance number or VAT registration number
    • Your bank account information, credit card number, PIN number or credit card security code
    • Your mother’s maiden name or other information that could be used to identify you (such as your birth city or your favourite pet’s name)
    • Your password

    If you do receive an email which you believe to be a phishing email, contact Action Fraud, the National Fraud & Cyber Crime Reporting Centre. As they receive substantial examples of these kind of emails, they have the power to investigate and enforce. Marks & Spencer security has no direct power to stop these scams so reporting it this way would be the most beneficial.

    For more details, read our full privacy and security policy.

    1. Click ’sign in’ at the top right-hand corner
    2. A pop up box will appear, click ’forgot password?'
    3. Enter your email address
    4. An email with a password reset link will be sent to that email address, please follow the instructions within that email
    5. Please choose a password that you haven’t used before. To help protect your account, you need to choose a new password every time you reset it.
    6. Please allow a few minutes for the email to arrive in your inbox
    7. If you cannot find the email, please ensure you have checked your spam/junk folders
    8. If you have requested more than one password reset email, please ensure you use the link in the latest email received

Was this useful?

Contact customer service


Web chat or email us

Please choose a subject from the menu below.