Identity theft is on the rise in the United States, and with federal agencies like the Consumer Financial Protection Bureau facing severe funding cuts, there are fewer resources available to Americans to protect them from fraud. To protect yourself from scams that can put your money and identity at risk, consider taking some small safety measures.
If you are scammed
The first thing you should do is contact the bank, credit card company, or service provider that the scammer is using to steal from you. Every major bank has a website that shows you how to stop checks, dispute wire transfers, and report many kinds of fraud. Be proactive and tell your bank(s) to suspend all financial transactions for all of your accounts. Here are some examples of fraud reporting pages at Bank of America, Chase, Wells Fargo, and Citibank. Always have your bank’s fraud reporting phone number handy.
If someone has stolen your phone number or email login, call the customer service number for your service and ask to be transferred to their fraud department. If you are not confident on the phone, you can go to a retail location (like a Verizon store) for assistance, but this will take more time. Alert everyone who shares a phone plan with you, as their information becomes vulnerable as well.
It is also helpful to report scams to your local authorities. Call or visit your local police to report that you are the victim of fraud. Many people are victims of fraud every day, so filing a report will help identify scammers and potentially recover your money.
Reporting a scam to the correct federal agency is also important. Visit USA.gov and answer a few simple questions to learn where to submit a report. You will likely be directed to the Federal Trade Commission, which collects information on scams and shares with law enforcement partners to help stop scammers.
Finally, if you feel like a financial services company like a credit card or bank is not being helpful enough, file a complaint with the Consumer Financial Protection Bureau. They will ensure that the complaint is passed along to the company as well as to law enforcement, which strongly increases the chance of getting a reply.
Passwords and email
Most people use email as a login and to receive confirmation that they are who they claim they are. Someone with access to your personal email account can easily impersonate you and even lock you out of your accounts by changing your passwords. The most important thing you can do is make sure your email is secure, because it is also the easiest way for you to prove your identity and fix any scams or identity theft.
The easiest thing to do is make sure your important passwords are completely unique. Having unique passwords for your banking, investment, and email services will make it much harder to scam you. By far the most common hack for these services is when someone reuses a password on another website that has much worse security or is even a scam. Banks and email services tend to have better security so scammers steal passwords from less reputable sources with poor security.
The best way to handle your passwords is to use a password manager. These free services help you generate a unique password that you do not need to remember to log in to any website. If all your passwords are unique, a hacker with your password to one website cannot access any other website you use. Examples of free password managers with good security are the Google Password Manager and the Apple Passwords app. If you only use Apple devices the Apple Passwords app is the easiest to use. If you use a variety of devices, Google works more easily.
One-time passwords
A common way to help protect people from online theft is the one-time password (OTP). These are temporary PINs that expire after a brief period, often 1-15 minutes, and are used to confirm that you are who you say you are by providing additional confirmation, also known as Two Factor Authentication (2FA). These PINs can arrive in a text message, email, or by using an app like Google Authenticator. The text message method is the least secure as it is vulnerable to SIM swapping, explained below. If possible, use an app for these passwords if your service supports it. Email is preferable to text, but any form of OTP will make you safer, even one that uses text messages.
Passkeys
If you use a smartphone, passkeys are a new way to log in to websites that do not involve passwords at all but instead use biometric authentication, like face or fingerprint recognition, to confirm your identity. Websites that support passkeys will ask you if you would like to set one up, and it is highly encouraged to do so as they are much more resistant to hacking than passwords.
SIM Swapping
Because most banks send text messages with temporary PIN codes, one popular scam is to use stolen personal information to impersonate you to steal your cell phone number. Once a scammer has your phone number, they can receive the text messages to log in if they already know your password. If your phone stops working all of a sudden, contact your cell phone provider immediately to see if your phone number has been “ported” (switched) to a new provider.
Every wireless provider allows the option to set a PIN that is required in order to port your phone number to a new service, or some other way to lock your account.
Phishing and Smishing
Phishing and Smishing (using text messages to impersonate a company) are names for how scammers use phone calls and text messages to deceive you. Scammers will often steal your money by impersonating the services that you rely on. Text messages from banks that ask for non-identifying information like a YES or NO when verifying a potential credit card charge are fine. Text messages that ask for any identifying information like PINs, OTPs, or maiden names are very likely to be fraud. You may also receive a phone call from a person claiming to be from a fraud department, telling you that you need to take action to protect yourself. In these cases, it is generally best to hang up and call back to a phone number listed on an official website, or go to a physical location for the company to ask for help. These scammers often prey on victims by speaking quickly and pressuring you to answer questions without giving you time to think.
Well-run services will never ask you for a PIN or password over the phone. Always ask to call back if you get a phone call from someone claiming to be from a fraud department.
A strong indicator of potential fraud is if the person on the phone asks for anything related to Zelle. Zelle, while convenient, is full of fraud and there is very little consumers can do to reverse bad transfers. With recent changes in the federal government that reduce its role in protecting consumers, the best approach is to avoid Zelle when possible.
Locking your credit
Scammers with information like your Social Security number can apply for credit in your name which will affect your credit score and make it difficult for you to borrow money in the future. One precaution you can take is to place a credit freeze on your credit report, which will not affect your credit cards or loans but will make it much harder for others to steal your identity to apply for credit. The three main credit reporting agencies are Equifax, Experian, and TransUnion.
You can check your own credit for free once a year with each of these agencies. Checking with one agency at a time is sufficient, and so you can check your credit for free every four months.
If you want to apply for credit, be sure to lift your credit freezes first.
A little work makes you a lot safer
Even though it is not possible to completely eliminate the risk of scams, taking these steps will make you a much less vulnerable target.