A Trusted Friend in a Complicated World

If You’re Not Following These Rules, You’re an Easy Target for Scammers

We share a lot of personal information online, including credit card numbers and social security numbers—and scammers know how to take advantage of that. Outwit them with these tips for how to protect yourself from scams and hackers.

1 / 13
Still life of laptop and padlock, data security
the_burtons/Getty Images

Stay ahead of the scammers

Unfortunately, Internet scams are rampant, and scammers use all sorts of tactics to wheedle information out of users who are just going about their business. Scammers are clever—but there are ways you can be even more clever. Outsmart scammers, boost your online security, and prevent them from targeting you with these steps and pieces of expert advice. Learn more about hackers with these cybersecurity secrets they don’t want you to know.

2 / 13
Downloading message on a computer screen
Epoxydude/Getty Images

Beware of document files

You’ve probably heard this one before—it’s one of the most common tips for avoiding online scammers. Scammers often operate through emails, a tactic called phishing. They send emails that appear to be from legitimate senders but often contain links that open malware. And it’s not just links that they use; they’ll also attach files to their emails that likewise look legitimate but will install dangerous programs on your machine. “Once installed, these malicious programs can steal all your passwords and credit card numbers, send email to your contacts, spy through your webcam and microphone, or redirect online banking wire transfers to the criminal’s account,” says Randy Pargman, senior director of Binary Defense and former FBI senior computer scientist.

These files are most often Microsoft Word or Excel, and they contain macroinstructions (“macros”), patterns that input a certain sequence of information. They can be benign, but when scammers send them, they likely contain the malicious program. So to protect against them, “be sure your installation of Office is set to disable macros by default, and then be very wary of any document that asks you to click the ‘Enable Editing’ and ‘Enable Content’ button to allow macros to run,” Pargman advises. The IRS is warning that some scammers are using COVID-19 fears to entice people to click on dangerous files, labeling them things like “COVID-19.xls” or “Coronavirus alert.zip.” 

3 / 13
Tetra Images/Getty Images

Keep your home Internet router updated

Your router is the box from your Internet service provider that provides access to information from the Internet, and routers can be hacked just like computers or accounts can. “If [hackers] can control your router, the attackers can spy on or manipulate all of your unencrypted Internet traffic, including redirecting you to other websites, injecting advertisements into web pages, or using your home Internet connection to launch attacks against companies online, making it appear that the attack is coming from your house to disguise the attacker’s real location,” Pargman explains.

So how can you protect your router? Keep it updated. “Updating the router can be as simple as using your web browser to log on to the router’s web interface using the instructions printed on the side or bottom of the router, and clicking the ‘check for updates’ button,” Pargman says. He also says to make sure to change your new router’s administration password from the “default” password it comes with. Here’s how often you should be rebooting your router.

4 / 13
macro view of the search tab on device screen with pixels, http browser network
Михаил Руденко/Getty Images

Check website addresses carefully

Unfortunately, a simple typo could make you a target for scammers. “For every popular website, there are dozens of misspellings of the website domain name that have been registered by scammers to catch anyone making a mistake while typing in the website address,” says Pargman. Known as “typo-squatting domains,” these fake sites will likely be filled with ads or even malware. Some might even disguise themselves as the real site to try to get you to type your password. “To be sure that you’re going to the right website, use browser bookmarks, search engine results, or double-check the address you typed in,” Pargman says. He says to beware of clicking on links you receive in emails, as just one altered letter could send you to a potentially dangerous site. Make sure you know these signs that shopping site is fake (and about to steal your money).

5 / 13
Senior adult woman uses credit card for bill paying
SDI Productions/Getty Images

Use a virtual credit card

It’s incredibly easy—perhaps too easy—to just type your credit card information into the fields on websites. But Pargman warns that this can make it all too easy for your information to be stolen. “When shopping online…use a virtual credit card service to generate a one-time-use card number,” he suggests. “It charges to your main credit card and appears on your regular bill as normal, but if cyber-criminals steal that virtual card number, they can’t use it anywhere else to run up the bill on your charge account.” He says that you can get virtual credit cards from Citibank and Capital One if you’re a cardholder and that you can also get one from Privacy.com and Abine Blur (though you might have to pay).

6 / 13
Close-Up Of Credit Cards
Akapong Osotsil / EyeEm/Getty Images

Guard your personal information

Never respond to requests for personal or account information online (or over the phone). When your social security number is requested as an identifier, ask if you can provide alternate information. Watch out for convincing imitations of banks, card companies, charities, and government agencies. Use legitimate sources of contact information to verify requests for information, such as your financial institution’s official website or the telephone number listed on statements. Here’s more about why you should never give out your social security number over the phone.

7 / 13
An active senior woman working in home office, lusing smartphone.
Halfpoint Images/Getty Images

If you fall prey to a scam, report it

If you’re a victim of online fraud, contact the authorities. You can file an online report with the Internet Crime Complaint Center (IC3)—a partnership between the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance. Also, contact your local police to file a report. The more people who report such crimes, the more criminals are arrested. This is how to protect yourself online, but also know how to protect yourself over the phone. Don’t fall for these 10 common phone scams that could steal your money.

8 / 13
3D illustration Rendering of binary code pattern Abstract background.Futuristic Particles for business,Science and technology background,Blue Background
MR.Cole_Photographer/Getty Images

Stay up to date

Install anti-virus software on your computer and keep it updated. Use the latest version of your web browser. Install security patches and software updates as soon as they are ready to install. Here’s what can happen if you ignore those “update” warnings on your computer.

9 / 13
Young Muslim woman using phone
Lilly Roadstones/Getty Images

Don’t overshare

Don’t divulge your birth date, mother’s maiden name, pet’s name, or any other identifying information on social media websites such as Facebook, LinkedIn, or Twitter. This is how to protect yourself online in a very simple way: Go look through your profile now and delete any personal information that you find. That includes your phone number, which you shouldn’t share online, even in messages. “If criminals get a hold of your phone number, they can pull off a scam known as SIM jacking, in which they steal your number and intercept all of your communications,” warns Alex Hamerstone, GRC practice lead at TrustedSec. “And while it isn’t a new tip, make sure you aren’t sharing things online that would be useful when trying to figure out the answers to your password reset questions,” Hamerstone adds. You should also avoid these password mistakes that hackers hope you’ll make.

10 / 13
100 us dollar bill and computer mouse
David Muir/Getty Images

Beware of fake online sweepstakes and contests

All offers that require payment or private information before giving an award are bogus. Take the time to check out the validity of an offer. Ask for contact information from the sender and details about the company running the contest. Once you start asking a lot of questions and make it clear you won’t be pushed to make an immediate decision, most scammers will go away.

11 / 13
Working on a laptop
Manuel Breva Colmeiro/Getty Images

Make it difficult

Now that a vast number of people are working from home more than they used to, it’s opened up a whole new world of online vulnerability. “It is a pretty common tip to use a VPN when accessing your office resources from home, but everything from your xBox to your connected fridge can be a vulnerability for your network,” explains Hamerstone. He says that getting an inbound/outbound firewall will help protect your home computers from malware going in and your information from going out. “You should also avoid doing online banking over WiFi,” adds Hamerstone. “Use an ethernet connection, if possible.”

How to protect yourself online in another easy way? Your password. Use unique and hard-to-guess passwords. Don’t access secure websites using public Wi-Fi. You should also make sure you’re not making these common computer mistakes you should have stopped making.

12 / 13
Top View of Piggy Bank on Laptop
Constantine Johnny/Getty Images

Keep a close eye on your finances

Monitor your bank and credit card accounts weekly. Sign up for alerts to be sent to your mobile phone or e-mail. Monitor your credit and public information online to spot unauthorized activity. Free credit reports from each of the three major credit bureaus are available each year through annualcreditreport.com. Optional fee-based services offer more extensive monitoring of credit information, personal identity records, social security numbers, and online transactions. Next, get to the bottom of the most common online scams and how to avoid them.

13 / 13
Serious young woman, lit by monitor against black, adjusts spectacles
RapidEye/Getty Images

Don’t believe the “work at home” hype

Thoroughly conduct a background check on the company offering the work-at-home position, making as many phone calls and Internet searches as you can. If in doubt, visit a local law enforcement office and ask their opinion. All offers to earn pay for re-shipping goods sent to your address are bogus. Tragically, some work-from-home scams not only enlist the individual to defraud others, but they also make an identity fraud victim out of the individual! Next, this is how long you should actually be keeping your credit card statements.