“Congratulations, you’ve won a cruise! For just a small processing fee, it’s all yours.” If messages like this sound too good to be true, they probably are.
Scammers spend their days exploiting weaknesses in peoples’ data defenses, attempting to tantalize them and scam them out of their money. And these increasingly clever fraudsters are good at what they do: Americans lost $10.3 billion to internet scams in 2022, up 49% from a year earlier according to the FBI’s Internet Crime Complaint Center.
Learning how to spot scams and taking steps to protect yourself online are critical. And what better time than now to take stock of your digital security? Here are some ways you can prevent fraud.
While it’s not possible to spot every scam — especially as scammers change tactics — you can reduce your odds of becoming a victim if you watch for these easy-to-remember signs from the Federal Trade Commission:
• An email or phone call from an organization you know (but which is fake). Scammers often pretend to be from the IRS, a bank or your electric company. Don’t trust the sender or the caller ID. Both can be faked to look legitimate.
• A message that there’s a problem, such as a virus on your computer or an unpaid debt.
• News that you’ve won a prize but must pay a fee to claim it.
• Pressure to act immediately to avoid legal action or malware corrupting your computer. Scammers use urgency to get you to send money. Be wary anytime someone wants you to act now.
• A specific way to pay, such as using bitcoin or Western Union.
Look out for egregious spelling or grammar mistakes, too, and always check the sender’s email address and phone number of a suspicious message against your records. An email from your boss will probably have the company tag, not @gmail.com or @hotmail.com, for instance.
Recognizing common techniques that fraudsters use may help you avoid scams. Here are some to be aware of:
• Phishing campaigns. These are emails that try to trick you into doing something that undermines your security. They may contain infected attachments or links to malicious sites or ask you to respond with confidential information.
• Spear-phishing scams. These phishing campaigns try to get employees to jeopardize the security of the organization they work for. They are crafted to look like messages from a trusted source, such as an IT manager or even the CEO. Always check that the email address is valid.
• Spam text messages. Beware texts from senders that aren’t in your contact list or from a number you don’t recognize. It could be a scammer trying to lure you into sharing personal data, such as a password, account number or Social Security number. Don’t click on any links in suspicious texts and be wary of alerts that allege suspicious activity on your credit card or bank account. Don’t forget that both a caller ID and sender name can be faked.
• Social media scammers. It’s not just friends tracking you on social media — scammers are, too. One in four people who reported losing money to fraud since 2021 said it started on social media, according to the FTC. Scammers can hack into your profile or construct a fake persona and message friends in your name. They might also use social media to lure you into bogus purchases or fake investment opportunities or attempt to steer you toward fraudulent websites and apps. Report any suspicious behavior to the social media site.
It might sound obvious, but poor password practices make it easier for cyberthieves to break into your accounts. With so much of our professional and personal life taking place in the digital world, weak passwords can easily be exploited by hackers.
Common password mistakes include:
• Using the same password for many different sites and accounts
• Including easy-to-guess personal information such as birthdays or your pet’s name
• Using common numeric sequences such as 123456
• Creating passwords with less than eight characters, like abc123, or ones that use common words or phrases, such as “password.”
Follow these three rules for turning vulnerable passwords into a secure safehouse that is difficult for a cyberthief to crack:
• Longer is better. Many websites ask you to create passwords that are at least eight characters long, but a truly difficult password would ideally be 12 to 15 characters. Every password should include a variety of character types, such as lower and uppercase letters, symbols and numbers.
• Don’t repeat yourself. We’ve all done it. Over 60% of respondents to a recent TechRadar survey said they reuse passwords across the web, mainly because they couldn’t be bothered to remember multiple passwords. But if that one password is stolen, the theft can put your other accounts at risk, too. Use a different password for each service, and especially do not reuse the user name and password for online services that let you access your financial information, such as your banking app. That way, even if one credentials from one account gets stolen, the rest won’t be in jeopardy.
• Use unexpected words. Choose at least three words that are unrelated and arrange them in an odd order. A password such as “hoophikedance,” for example, is better than “basketballplayer.” To make it even harder for hackers, replace the first two letters of each word with numbers and symbols, changing “hoophikedance” to “#1op!2ke#3nce.”
But we know, this can be tricky — that’s where a password manager can help. With a password manager you just need to remember one master password. This helpful software stores all your passwords, providing security for your online activity with relative ease. Just bear in mind that it’s typically a paid subscription.
Finally, for your most important online accounts — especially financial accounts — opt into multifactor authentication, often called two-factor authentication. To gain access to your account, the site will typically send a code or PIN to your phone or email address for extra security. While it may seem like a hassle, the practice drastically reduces the odds that a hacker will gain access to your account. Remember, if you receive a one-time passcode or PIN you did not initiate, do not provide the code to anyone requesting it.
Protecting yourself and your assets online doesn’t have to be complicated. Ensuring you know how to spot the signs, using unique passwords and ultimately remaining vigilant in the face of suspicious messages will help guarantee a safer 2024.
Learn more ways to keep your financial info safe this year with tips on how to spot an online scam.
Related content