Being Alert to Scams

At this time of year, as many of us are traveling, shopping, going out and generally being stressed by many necessary tasks, scammers and other bad actors are seizing the opportunity of our being distracted to do what they do best.

Here are five actions to take to help you avoid falling victim to nefarious schemes.

Action one: Update OSs and apps

Make sure your computer, phone and other electronic devices’ security software, operating systems, internet browsers and apps are up to date. After you update them, go to settings and turn on automatic updates.

Action two: Secure passwords and access

Be smart about passwords. There are so many passwords to remember that people often use the same password — one that is related to personal information — across many websites, services and apps. Such passwords generally are weak, making them easy to guess. Strong passwords usually have a combination of letters (both upper- and lowercase), numbers and nonalphanumerics; they should also be at least 12 characters long. Invent a passphrase for yourself using groups of nouns (for example, correct-horse-battery-staple) rather than sentences. Similarly, do not use common substitutions (for example, replacing “a” with “@”). Sentences and substitutions are predictable and easy to guess, making them poor security.

Even though it is an extra step, always enable multifactor authentication when it is offered to you, especially for sensitive accounts such as bank or brokerage accounts.

Consider using a password manager to help manage all your passwords. A password manager allows you to set hard-to-guess, unique passwords for websites and apps; the only password you have to remember is the one for the manager. Password managers include 1Password, Bitwarden and Dashlane. Some devices or browsers may have built-in password managers.

Password alternatives, such as fingerprints and facial recognition, are becoming more common. While biometrics offer the security of being hard to replicate, they come with some risks:

• They cannot be changed if compromised.
• They give your biological data to large companies.
• They are replicable if the biometric storage is breached.
• They can be inaccurate for some demographic groups.

Experts suggest that biometrics are best used as part of multifactor authentication rather than as a password replacement.

Action three: Lock down credit

Contact all three major credit bureaus — Experian, TransUnion and Equifax — and place an indefinite freeze on your credit. You can temporarily unfreeze it if you wish to apply for credit. There is no cost to do this.

Consider using credit cards rather than debit cards. Credit cards offer more legal protections than debit cards, including limits of $50 for fraudulent charges (with a debit card, you might be liable for more than $500). Further, a credit card is not linked to your bank account, limiting access for anyone who steals the number. Be sure to monitor your transactions on all debit and credit cards.

Action four: Shield your Wi-Fi and internet

Wi-Fi and internet are so essential to our work and play that we forget they are a security risk. Take the following actions to keep scammers from hijacking your system:

• Be sure your home and work Wi-Fi have unique passwords.
• Do not download any apps without first verifying they are legitimate.
• When possible, avoid using public Wi-Fi.
• Do not charge your devices on public USB charging stations. Malicious actors can use these stations to steal passwords, photos, emails and other personal information from your device as well as to install malware or spyware on your device.

Action five: Know the common scams

Never click on links, open attachments or scan QR codes embedded in texts and emails from unknown senders. If the sender is known to you but the request seems odd, verify that the email address is legitimate and/or send a new email to the person you think is contacting you to verify that they’ve tried to be in touch.

Avoid phishing scams by not answering phone calls from unknown numbers. However, scammers are getting increasingly sophisticated and often call from numbers that look familiar. If you feel suspicious, hang up and call the person or institution back without using the number the call originated from.

AI is increasingly being used by bad actors to write messages, to create deepfake images and videos, and to clone voices. Scammers also use AI to create fake online stores that they promote by email or on social media. If you make a purchase at one of these stores, the scammers can steal your payment information.

The old saying still is true: If the offer seems too good to be true, it probably is.

If you believe you were the victim of a scam, report it at ReportFraud.ftc.gov. If someone stole your personal information, report it at IdentityTheft.gov.