Good vs. Bad Practices
Learn the smart habits that protect you online and the mistakes you should avoid.
✅ Good Practices (What to Do)
1. Verify identities
Why it matters: For any unusual request, hang up and call back using a known number, or contact the organization directly. Do not trust numbers or links provided in the original message.
2. Establish a family "code word"
Why it matters: Agree on a unique phrase that only family members know. If someone claiming to be family calls in distress, ask for the code word.
3. Limit personal information online
Why it matters: Set social-media profiles to private and avoid oversharing. Less data means fewer materials for scammers to clone voices or craft personalized attacks.
4. Use strong, unique passwords
Why it matters: Passwords should be at least 12–15 characters long with letters, numbers, and symbols. Consider using a reputable password manager.
5. Enable two-factor authentication (2FA)
Why it matters: Protect critical accounts (email, banking, social media) with an extra verification step.
6. Keep software and devices up to date
Why it matters: Enable automatic updates for operating systems, apps, and antivirus software to patch security vulnerabilities.
7. Secure home and public networks
Why it matters: Use a virtual private network (VPN) on public Wi-Fi and ensure your home router uses strong encryption like WPA3.
8. Be cautious of unsolicited communications
Why it matters: Don't click links or download attachments from unknown senders. If a message urges immediate action, stop and verify.
9. Use call-blocking and email-filtering tools
Why it matters: Many phone carriers and email services offer features to block spam numbers and filter phishing emails.
10. Report suspected scams
Why it matters: Contact the FTC via reportfraud.ftc.gov, local law enforcement, or Adult Protective Services. Reporting helps authorities track emerging scams and may prevent further losses.
11. Educate family and friends
Why it matters: Share information about scams so loved ones recognize red flags. Community education sessions can reduce victims.
❌ Bad Practices (What to Avoid)
Giving personal or financial information to unsolicited callers or emails. Legitimate organizations will not request sensitive details through unverified communication.
Sending payments via gift cards, cryptocurrency, wire transfers, or prepaid debit cards. These methods are untraceable and are a common request in scams.
Clicking on links or pop-ups claiming your computer is infected. This may install malware or give remote access to scammers.
Using the same password for multiple accounts or simple passwords like "password123." Weak passwords are easily guessed.
Ignoring software updates or running outdated devices. Vulnerabilities in older systems make it easier for criminals to exploit.
Oversharing on social media. Public posts about vacations or personal details can be used for identity theft or voice cloning.
Engaging with high-pressure sales pitches or "too good to be true" offers. Investment and sweepstakes scams often use urgent language and unrealistic returns.
Allowing remote access to your devices unless you initiated the request through an official support channel.
Building Strong Defenses
These practices work together to create layers of protection. Even if one defense fails, others will keep you safe.
Start with one or two changes today, and gradually build up your security habits. Every step makes a difference!