Taking just a few precautions can do a lot to protect you from a multitude of scams, says scam expert Steven J.J. Weisman, JD, who has warned us about more than 5,000 scams on his website Scamicide.com. While he encounters new scams virtually every day, most of them really are just modified versions of earlier scams. As a result, following a fairly short list of scam safeguards provides wide-ranging protection.
Bottom Line Personal asked Weisman for how you can avoid falling victim to scammers…
1. Pay close attention to the form of payment.
It’s a red flag if someone requests payment via gift cards, crypto or wired payment. These payment forms are favored by scammers because they’re often impossible to undo. Similarly, only use payment apps such as Zelle and Venmo to send money to friends and family, not to buy things from strangers—payment apps typically have minimal fraud protections.
The form of payment that best limits potential scam damage is a credit card—they have extremely strong consumer protections. And even if you do fall for a scam, there’s a good chance you could avoid a financial hit if you paid the scammer with a credit card and alert the card issuer promptly. Warning: Debit card consumer protections aren’t as strong as credit card protections.
2. Safeguard incoming and outgoing sensitive information.
Your financial account details and other sensitive information are especially vulnerable when someone sends it to you or when you provide it to others. To protect your information: Sign up for the US Post Office’s free “Informed Delivery” service to receive digital images of the mail that will be delivered to you each day. Then pick up your mail promptly on days when you see something that a crook might target, such as a check. You also will know if something goes missing from your mailbox. Signing up for Informed Delivery yourself also makes it more difficult for a scammer to sign up for it using your name—some scammers do this to digitally monitor victims’ mail in search of stuff worth stealing.
Also: Set an unbendable rule for yourself to never provide sensitive information such as Social Security numbers or account details to anyone who e-mails, texts, calls or knocks on your door, no matter how legitimate they seem.
Reminder: Always confirm you’re calling the correct number when you contact companies and government agencies—scammers sometimes create fake customer service phone numbers under the names of legitimate companies and agencies to trick victims into calling and revealing sensitive data. If you cannot find a customer service number listed on the company’s legitimate website or some other trusted source, don’t ask a digital assistant such as to Alexa or Siri to find that company’s phone number for you—the digital assistant will simply search for the phone number online and could be tricked by a scam number.
Also: Use a crosscut paper shredder to dispose of any paperwork containing sensitive info. A shredder that cuts paper into long strips rather than tiny pieces is insufficient—scammers have reassembled these strips.
3. Keep your computer safe—even if you’re not a tech expert.
Using antivirus software is a good start, but that alone won’t keep you safe. Promptly download security updates for your hardware and software when they are available—when tech companies identify security vulnerabilities in their products, they issue updates that provide protection from these flaws…and scammers find ways to target users of these products who haven’t yet downloaded those updates. Choose the “automatically download updates” option when available in your device’s settings. If you receive an e-mail or text message about an update, don’t trust it—instead go to the website of the software to be sure to get a legitimate update.
Also: Replace your router if it’s more than 10 or 15 years old and no longer supported by its manufacturer. An unsupported router is no longer identifying and patching security vulnerabilities—and if a scammer can gain access to your router, he/she likely can gain access to all the data passing through that router, including digital bank account info. When you purchase a new router, change its username and password—don’t use the ones it was shipped with from the factory.
4. Freeze your credit.
Once you do this, scammers won’t be able to open accounts using your Social Security number even if they do obtain it. In addition to freezing your credit with the three major credit-reporting agencies—Equifax, TransUnion and Experian—do so also with the National Consumer Telecom & Utilities Exchange to prevent scammers from opening cell-phone accounts in your name. If you need to provide access to your credit report, such as when making a large purchase or getting a mortgage, you will need to temporarily unfreeze your credit report, which is easy to do.
Remember to examine your credit reports at least once a year in search of any accounts that are not really yours. Consumers now can check their credit reports for free as often as once a week through AnnualCreditReport.com.
Similar: Sign up for a My Social Security Account (SSA.gov/MyAccount) and an IRS Identity Protection PIN (IRS.gov/payments/online-account-for-individuals). Signing up for these greatly reduces the risk that an identity thief pretending to be you will be able to have your Social Security benefits routed to his/her account or file a fake tax return in your name to receive a fraudulent tax refund.
5. Don’t reuse passwords.
If you use the same password for multiple accounts, a scammer who breaches the security of one of the companies or websites you work with could gain access to several of your accounts. The standard advice for keeping passwords safe is to use a password manager to remember your passwords for you…but password managers have been under attack from hackers recently, and it’s probably only a matter of time until one experiences a major breach.
The option that offers the best combination of security and “rememberability” is to use a passphrase rather than a password. Modify this phrase for each account according to a pattern that you can remember. Example: Someone might use the phrase “IDontLikePasswords!” as his/her password but make subtle adjustments for each online account—perhaps swapping out or adding different letters for numbers based on the website or company, so “IDontLikePasswords!” becomes “IDontLikePasswordsAma!” for your Amazon account. With investment and other extremely important accounts, it’s worth creating completely original passphrases to further reduce the odds they could become compromised.
Establish a secret family code word. In one type of scam, a thief texts or calls a victim claiming to be a loved one in need of quick cash due to an emergency—scammers now use artificial intelligence (AI) to replicate a loved one’s voice on a phone call. Such scams are far less likely to succeed if everyone in the family knows to say or type a preselected code word to confirm they are who they claim to be in a true emergency.
Don’t trust anything you read on social media—even if it’s from the account of someone you trust. A scammer might have hijacked this trusted person’s account.
Don’t enter your primary phone number into databases. Obtain a free second phone number from Google Voice (Voice.google.com) or elsewhere and provide this instead. Doing so not only reduces the odds of receiving scam phone calls and texts to your primary number, it reduces the odds that a scammer will hijack your primary phone number to defeat the “dual-factor authentication” security you’ve set up on your accounts.
Check out charities before donating. Don’t just hand over money if someone requests your financial help for a cause you wish to support—it could be a scammer trying to take advantage of your good intentions. Instead, write down the charity’s name…look it up on CharityNavigator.org…confirm that this charity puts donations to efficient use…and make your donation using the website or contact information listed on Charity Navigator.
Don’t put your money in any investment you don’t understand. Similarly, don’t invest with an investment advisor who also serves as the custodian for his clients’ assets. That lack of checks-and-balances can be a clue that the investment advisor is a scammer—Bernie Madoff served as custodian for his clients’ accounts, for example.
