What Are You Doing to Combat Scammers This Year?
When Aura commissioned an online survey of over 2,000 Americans by The Harris Poll, we learned that most people are aware of the dangers posed by hackers, cybercriminals, and fraudsters.
Nonetheless, consumers still put their sensitive data and financial account information at risk. Often, without even realizing it. Are you one of them?
If you think you’re doing everything to protect yourself and your family, consider the following article a pop-quiz.
We’re sharing 45+ fraud prevention tips you should be using to keep your accounts, identity, and data safe in 2023. Grab a pen and jot down the tips you want to add to your fraud prevention checklist this year.
45+ Fraud Prevention Tips: Your 2023 Checklist
Cybercriminals make it their job to find new ways to take advantage of unsuspecting victims. According to the FTC's latest reports, Americans lost more than $5.9 billion to various types of fraud in 2021 [*]
To lock fraudsters out, you need to update how you safeguard your data and PII (personally identifiable information).
Have you been the victim of fraud? Follow our fraud victim's checklist for step-by-step instructions on how to recover from fraud.
Prevent Your Financial Information from Being Stolen
When thieves gain access to your online banking information, credit card accounts, or other financial documents, they can wipe out your savings, make purchases, or even open new accounts in your name.
So, how can you protect your information from financial fraudsters?
1. Store your sensitive documents in a secure location or safe
This includes your birth certificate, Social security number, passport, green card, checks, bank statements, and unused credit cards. Anyone with access to your home can potentially steal these cards and documents if they're not secured. (As an added warning, it's not always possible to change your Social Security number — even after identity theft and fraud.)
2. Never provide passwords, PIN numbers, account numbers, etc., over the phone or via text or email
Financial institutions will never ask for these numbers. If a representative contacts you and asks for this information, be on high alert.
One of the most common types of fraud includes criminals posing as representatives to "warn" you of a potential breach. They ask for this information under the guise of helping you when they're really stealing your PII or hacking your email.
But how do you know if this is a legitimate caller or a scam?
The most common sign that callers aren’t who they say they are is if they rush or pressure you to find and then hand over this information. They might also get upset or belittle you. If you ever feel uncomfortable, politely disconnect, and call the phone number on the back of your credit/debit card. Verify whether the representative and their requests were legitimate.
3. Never send PINs (personal identification numbers), credit card numbers, passwords, or personal/financial information in a text or email
These routes are not secure or well-encrypted. Avoid sharing sensitive data via email or text message (even if you're using a supposedly "secure" messaging app like Telegram).
4. Sign up for additional safeguards to protect your accounts
For example, if you’re a Wells Fargo customer, you can set up Voice Verification to prevent criminals from impersonating you over the phone [*].
5. Enroll in push notifications for mobile banking transactions
You'll receive an alert when purchases or ATM withdrawals occur, so you can dispute these kinds of bank scams right away if they're fraudulent. Vigilant monitoring is the best way to detect fraud before it causes irrevocable damage.
6. Keep your contact information up to date
This way, financial institutions will be able to reach you in the event of unusual account activity.
7. Always create difficult-to-guess PIN numbers
Your PIN should never include a number that appears in your wallet, such as your birthdate, phone number, address, etc. These are the first numbers thieves will try if they steal your wallet.
8. Protect your PIN
Use your body to shield the keypad when entering it at ATMs, checkout lanes, or merchant devices. Never write down your PIN and store it in your wallet or purse.
9. Avoid using your cards at the gas station pump or outside ATMs
Scammers install card skimmers at these machines that are nearly impossible to detect. When you run your card through one of these skimmers, criminals will have all the information they need. Card skimmers are unlikely to be installed inside your bank or gas station.
10. Utilize an encrypted digital wallet from a secure provider
Your digital card number will be used during the purchase, not your direct debit or credit card information.
11. Ditch your debit card in favor of credit cards
It might not seem like it, but your credit card is more secure and safe than your debit card.
A successful debit card attack may wipe out your entire bank account and take months to recover. But credit cards have Zero Liability policies, so you can painlessly dispute fraudulent charges, receive a new credit card, and continue making purchases in the meantime.
However, this doesn't mean you should ignore the numerous credit card scams out there.
12. Go paperless
Sign up for online billing and financial statements to prevent criminals from stealing your identity or sensitive data from your mailbox.
13. Shred all documents with PII and financial data
This will stop fraudsters from stumbling upon this information when rummaging through your trash. Shred your bank statements, credit card or loan offers, medical statements or bills (to stop medical identity theft), paystubs, lender statements, and similar.
14. Clip or shred old, expired cards
Destroy old cards as soon you receive and activate a new replacement or upgrade.
15. Collect your mail daily and set up mail forwarding
Mail fraud is becoming more common, leading many to invest in secure mailboxes.
Protect Yourself On Social Media
When it comes to social media security, our survey revealed that many users perform the following risky behaviors [*]:
- Tagging their location in photos at home or while they’re on vacation (43%)
- Accepting friend requests from people they don’t know (44%)
- Clicking on hyperlinks in social media posts (49%)
Cybercriminals can use these actions to complete a practice known as social engineering attacks. They’ll research your social media, contact you and start to gain your trust, then steal your identity, blackmail you, or worse. Here are some easy ways to safeguard your social media accounts:
16. Limit the amount of information you share online
Sharing birthdays, pet names, favorite sports teams, hometowns, employers, and other personal details on Facebook, Instagram, and LinkedIn can all reveal PII that fraudsters can use to try and scam you online.
17. Set your social profile settings to private
Limit contacts to people you actually know and never accept requests or direct messages from strangers.
18. Monitor your child’s social media accounts and ensure they’re private
Children under 18 are often targets of identity theft because they have clean credit histories.
Never post (or let your children post) information like their full names, birthdays, school name, extracurricular activities, etc. This goes the same for their online gaming profiles. For added protection, check out Aura's Family Identity Theft Protection Plans, which was rated the #1 identity theft protection by U.S. News and World Report.
💡 Related: Online Gaming Safety For Kids: What Parents Need To Know →
Avoid Phishing, Smishing, and Vishing Scams
Phishing attacks are fraudulent communications that appear to come from a reputable source, often via emails (phishing), phone calls (vishing), or fake text messages (smishing).
Phishing emails, for example, mimic the colors, fonts, and logos of real brands. They’ll ask you to reset your account login due to suspicious activity, then provide a fake link that feeds your information directly to their database.
Here are some ways to avoid phishing scammers:
19. Don’t open or respond to unsolicited emails or texts from unknown contacts
Scammers will do or say anything to get you to interact with them. Our survey showed a staggering 45% of U.S. adults open emails from senders they don’t recognize [*].
20. Never sign in to an account using a link in an email or text
Once they steal your username, password, or other sensitive information, hackers can lock you out of your accounts, commit identity fraud, steal from you, and more.
21. Be wary of links and attachments in emails, sponsored content pop-ups, and texts
Even if you know the sender. These may contain malicious code to install malware or spyware. Hover over links before clicking on them to verify they’re safe. If you’re unsure, look for a letter or number that may seem off or suspicious. Scammers are also increasingly using QR codes to hide malware or send you to phishing sites. If you don't know the sender, don't scan it.
22. Become familiar with the shortcodes used by your financial institutions
Banks, credit card companies, phone providers, etc., commonly use five-digit shortcodes to text customers securely. Add these trusted shortcodes to your contact list, so you can recognize a legitimate message from a fake one.
23. Use different emails and passwords for each financial account
If a hacker gets into one account, they won’t have access to everything. A password manager is a powerful tool to help you keep track of your secure log-in details.
Secure Your Online Data and Mobile Devices
Today’s typical consumer has an average of 90 online accounts and spends almost seven hours online each day [*]. Researchers also estimated that the average number of connected devices per household hovered somewhere near 22 in 2022 [*].
Unfortunately, each online account and connected device opens up a new avenue for cyber attacks.
Here are some of the best tips on how to keep your online browsing safe and secure:
24. Only browse secure online websites
Look for the closed lock icon and “https://” in the browser address bar. This will help you avoid online shopping scams.
25. Enable location services and location-based security permissions
These will let you see when someone signs into one of your accounts or makes a purchase from a different location.
26. Consider upgrading to a VPN (virtual private network)
A VPN provides a secure encrypted tunnel between your devices and a web server or an email host. This protects your data while in transit, which is when most cybercriminals steal sensitive data. Aura provides powerful antivirus and Wi-Fi security, so you can shop and browse online with confidence.
27. Lock your devices with a passcode, and use biometrics
Biometrics could include Touch ID, Face ID, fingerprint scans, or facial recognition. However, you may not want to use biometric features if you have family members or roommates who look like you, as they may be able to pass these tests and use your device without your permission. (Biometrics can also be stolen in data breaches or duplicated to commit fingerprint identity theft.)
28. Don’t alter, “jailbreak,” or remove carrier restrictions from your devices
This could open the door for malicious attacks or spyware.
29. Don’t store passwords or sensitive PII on your devices
Sensitive information could be compromised during a data breach or discovered if your device is ever stolen. A whopping 47% of Americans allow others to use their personal devices, which means those other users could potentially access their accounts [*].
Unfortunately, due to the increase in data breaches, there’s a good chance your old (or current) passwords are available to hackers on the Dark Web. To see if you’re at risk, try the free Aura Dark Web scanner.
30. Only download apps and programs from trusted sources
Over 40% of Americans say they download software or files from third-party sources without knowing their origin [*]. But unknown or open-source apps may sneak malware or spyware onto your devices. Free apps, especially mobile games, are often used to steal your data in the background.
31. Always perform recommended updates on your devices
Don't skip out on upgrades for your browsers, operating system (OS), devices, and antivirus software. These updates usually contain security patches that plug up known and emerging cyber threats. Skipping these makes you vulnerable for hackers to exploit. Consider enabling automatic updates.
32. Completely “wipe” or clear your devices and perform a factory reset before selling, trading, or discarding them
This erases all your personal information stored on the device so hackers can’t steal it.
33. Never use public or shared WiFi at coffee shops, airports, libraries, etc.
An alarming 68% of Americans in our survey admitted that they access public Wi-Fi [*]. But these are prime locations for hackers to perform man-in-the-middle (MITM) attacks.
This occurs when a cybercriminal gains access to an unsecured or public WiFi server and becomes a passive listener, capturing sensitive personal information like credit card data, bank account information, or login credentials from the devices on the network.
34. Always secure your home router with a strong password and WPA2 – or better, WPA – security
WPA2 and WPA3 are types of encryption used to secure WiFi networks. Consider reserving a Guest access mode so you don’t have to share your password with visitors.
35. Carefully research cloud data providers
Check their security and privacy settings before saving financial information, passwords, and other data in the cloud. Some providers may be entitled to sell your data, make it searchable, or continue accessing it even if you cancel your membership.
What happens to your data if the company goes out of business or gets bought by another company? What guarantees do they provide in the event of a data breach?
Become a Secure Password Professional
Password-hacking software automatically checks for commonly used phrases, numbers, and adjacent keyboard letters and numbers. These can rapidly decipher passwords in less than a second. And they’re getting faster every day.
Here are some of the most up-to-date rules on creating and protecting your passwords:
36. Use hard-to-guess passwords
Combine letters (both uppercase and lowercase), numbers, symbols, punctuation, and uncommon phrases. The longer the password, the more challenging it is to crack. So use at least ten characters.
ITCU.org recommends starting with a sentence, such as “passwords that are complex are safe.” Then, remove the spaces, misspell a word or use shorthand, and add numbers, symbols, and varying upper/lower case letters [*].
So your new password may be something like, “1!Pa$sw0rdsthatRcomplxRs@fe/468.”
37. Never use your pet’s name, family/friends’ names, birthdates, addresses, or other PII
Same goes for using easily guessable words (like superheroes, pop stars, sports teams, etc.), words spelled backwards, sequences (1234), repeated characters (7777), or adjacent letters on the keyboard (QWERTY).
38. Don’t recycle or reuse passwords
If hackers steal one password from a less secure site, they can try it on a more secure account. A frightening 68% of Americans told us they use the same password on multiple accounts [*]. This is even how Facebook CEO Mark Zuckerberg got hacked.
39. Regularly change your passwords
Set calendar alerts on your phone to remind you to change your passwords on schedule.
40. Never share passwords via text, email, or direct messages on social media
Especially when sharing streaming passwords connected to your credit or debit card.
41. Always activate Two-Factor Authentication (2FA)
This extra layer of security requires another step in your login process, such as sending a unique access code to your cell phone, before allowing someone to log in to your accounts.
42. Migrate to a password manager
A password manager stores and manages complex passwords for each account across your devices. Make sure to create a complex password to access the password manager itself, as that will serve as the gatekeeper for all your other passwords.
Five Ways To Avoid and Report Identity Theft
Of all the types of fraud consumers reported to the FTC (Federal Trade Commission) in 2020, identity theft was the most common. This occurs when a criminal steals your personal information (like your Social Security number) to commit fraud, such as applying for credit, filing taxes, or using your identity during a police encounter.
So what should you do if you think you’re a victim of fraud or identity theft?
43. Always turn off or disable lost cards and report stolen checks, account numbers, etc.
Even if you think you only misplaced an ATM card, credit card, or check book, the sooner you report it to your financial institutions, the better. You can always call them back if you find it.
44. Freeze your credit file with the three major credit bureaus: TransUnion, Equifax, and Experian
This will make it much more difficult for fraudsters to open lines of credit in your name or cause other financial damages. Place an alert on your credit report with one bureau, and they’ll usually notify the other two.
45. Always report potential identity theft cases to the FTC
At FTC.gov, follow the prompts to protect yourself and alert law enforcement to the criminals.
46. Review your credit report annually
Look for unauthorized accounts opened in your name, loans you didn’t take out, or other suspicious credit inquiries you never made. You’re entitled to one free credit report from each of the three major credit bureaus per year at www.annualcreditreport.com.
47. Consider enrolling in Aura’s credit monitoring service
We monitor all three credit bureaus and sends you timely alerts regarding account activity in your file. If we detect changes to your credit or bank accounts, we alert you up to four times faster than our competitors.
Related: Aura vs. LifeLock Comparison: 2022 Showdown →
The Bottom Line: Fraud Prevention Starts With You
Our survey respondents said they know they should change their behaviors to reduce their risk of cybercrime, but most haven’t done so because it’s either too time-consuming (36%), too confusing (33%), or too difficult (17%) [*].
At Aura, we understand how daunting it can be to take control of your digital life. That’s why we created easy-to-use, all-in-one digital security protection to keep you and your family’s personal information, devices, and finances safe from online threats.
Our digital security protection combines everything you need to proactively control your digital life the easy way: credit monitoring, lost wallet recovery, antivirus, VPN, and multi-device protection. Aura also monitors financial transactions, bank accounts, Social Security numbers, the Dark Web, and criminal and court records.
This helps keep your finances and your identity safe and secure. And in the event of losses or damages due to identity theft, Aura customers are backed by a $1 million identity theft insurance policy for eligible losses.
So even if you’re not following every fraud prevention tip in today’s post, you’ll be able to stay one step ahead of fraudsters and protect yourself and your family from cybercrimes and identity theft.