We’re online every day—shopping, banking, connecting with friends. But scammers and hackers are out there too, looking for ways to steal your money or personal information. The good news? A few smart habits can help keep your online life secure and your personal information safe.
Oversharing makes it easier for scammers to piece together your personal details.
Avoid posting your full birthdate, address, phone number, or financial info.
Set your social media accounts to private and only connect with people you know.
Remember: even small details can help fraudsters guess passwords or security answers.
Your password is your first line of defense.
Make it long—at least 12 characters—and mix letters, numbers, and symbols.
Skip easy-to-guess info like your name or “12345.”
Never reuse passwords across accounts.
Consider using a reputable password manager to help create and remember complex passwords. The effort to create unique passwords for each account greatly increases your security.
Multi-factor authentication adds an extra layer of protection beyond just a password. With MFA enabled, after you enter your password, you’ll also need a second step, like a code from an app or text message, or a fingerprint scan to access your account. Even if a hacker steals your password, they likely can’t get access your account without that second factor.
Treat your devices like your home—lock them up.
Keep your computers and mobile devices protected. Just as you lock your door, lock your phone, tablet, and computer with a PIN, password, or fingerprint lock.
Always update your devices’ software. Install the latest updates for your operating system, apps, and security software. Updates often fix security bugs that hackers exploit.
Using reputable antivirus or security software is another layer of defense to detect and block malware.
In short: lock it down and keep it up to date.
Make sure your home internet connection is secure.
Change the default password on your home Wi-Fi router to a strong, unique password (the one it came with is often easily guessable).
Keeping your router’s firmware updated can also patch security issues.
Public networks are convenient, but risky. Wi-Fi at coffee shops, hotels, or airports often isn’t secure. Scammers or hackers can spy on what you send over those networks.
Avoid logging into bank accounts or making sensitive transactions on public Wi-Fi if you can.
Watch out for network names that look legit but aren’t (bad actors may set up fake hotspots with names like “Free Airport WiFi”).
When in doubt, it’s safer to wait and use a secure, trusted network later.
Think twice before using a public computer. Shared computers in places like libraries, hotel business centers, or internet cafes might have malware that records your keystrokes or login info.
Don’t log into email, banking, or sensitive accounts on public machines.
If you must, never save login info and always log out completely
Clear the browser history and cache when you’re done.
Even with precautions, you can’t be sure the computer is safe. Whenever possible, use your own device for online banking or shopping to keep control of your data.
Prepare for the worst by backing up files. Important documents, photos, and other files should be backed up regularly, either to an external hard drive or a trusted cloud service. Having a backup means that even if scammers destroy or lock up your data, you can restore your information and won’t be at their mercy.
Random clicks can lead to trouble. Scammers often hide malware in email attachments or links.
Be cautious if you receive an email or text from an unknown sender, or an unusual message from someone you know.
Don’t click on links or open files unless you’re sure they’re safe. Phishing emails, for example, might send you to a fake website that looks real but steals your login details.
Hover over links (on a computer) to preview the URL and see if it looks legitimate. Even better, navigate to the company’s site on your own instead of clicking a link in an email.
For attachments, confirm with the sender if possible. Unexpected PDF or ZIP file from a friend? Their email might have been hacked. Give them a quick call or separate message to check. Always use up-to-date security software that can scan attachments.
Your best defense is caution. When in doubt, delete the message.
Only enter personal info on secure websites. When you’re on a web page that asks for sensitive data (like passwords or credit card numbers), take a second to look at the address bar. The URL should start with “https://” and you should see a little padlock icon. The “s” in https stands for “secure”. It means the information you send or receive is encrypted. Most legitimate sites, especially for payments or account logins, will have this.
If you get a warning that a site’s security certificate is not valid, or the URL starts with just “http://” (no s), then the connection isn’t secure. Be careful: it could be an imposter site or just an outdated one, but either way, avoid entering private info.
Also, ensure you have the correct web address for the site you intend to visit; scammers sometimes use URLs that are one letter off (e.g. amaz0n.com instead of amazon.com) to trick people.
In short, always look for the padlock icon in before you log in or submit data online.
Keep an eye on your bank and credit card statements and bank accounts. Look for charges or withdrawals you don’t recognize, no matter how small. Many scammers will test with a minor transaction first. If your statement doesn’t arrive when it should, follow up; someone could have changed your mailing address or email on file.
Don’t hesitate! If you suspect that you’ve fallen victim to a scam, or that someone has gotten access to your accounts or personal data, act immediately.
Change the passwords on any affected accounts (or all your important accounts, to be safe) and enable MFA if you haven’t already.
Contact your bank or credit card company to report fraudulent charges or that your account may be compromised.
By being careful and acting quickly, you can help protect yourself and others from online fraud.