7-Step Checklist for Avoiding Cybercrime and Scams

Businesswoman working on laptop at a cafe.

Knowing what to do is often simpler than taking action, and sometimes all you need is a helpful guide and a list of things you can refer to and check off as you go. While there's no one-and-done secret to protect yourself from cybercrime, the following seven practices and action items will go a long way toward keeping you safe.

1. Don't Share Information That You Wouldn't Tell a Stranger

Quick tip: Scammers can spoof their phone numbers and email addresses to make it look like the message is coming from a person or company you know.

You might think the first item on a cybercrime checklist would be about your tech, but according to the U.S. Cybersecurity and Infrastructure Security Agency, a phishing email leads to over 90% of successful cyberattacks.

A phishing attack is when someone tries to trick you into sharing personal information or clicking on a link in an email or text message. Learning how to spot—and ignore—these messages is one of the best things you can do to stay safe.

It's a constant struggle as scammers try new tactics and schemes. However, if you wouldn't share something with a stranger on the street, don't share it with someone who emails or texts you—even if they claim to work for the government or a well-known company. Don't even click on a link, as that could install malware on your computer or phone.

The safest option is to ignore the message and call or email the organization the person is claiming to be from using a number or address you find on its official website.

2. Take a Deep Breath if You Feel Scared or Pressured

Quick tip: Scammers use your fear to trick you into quickly acting.

It's hard to think straight when you're worried, which is exactly what scammers want. In fact, one way to identify a scam call is the caller will try to scare you with threats of jail time, canceled services or missed payments.

Cybercriminals can similarly play on your reactions, which is why they might send you a text message about fraud on one of your accounts or an email saying they've received your large payment (making you worried that money was taken from your account).

Taking a few minutes and deep breaths is often enough to start thinking clearly again. You can also call a trusted family member or friend, tell them what's happening and ask for a second opinion—sometimes, it's easier to spot a scam when you're not the target.

3. Update Your Devices and Software

Quick tip: Turn on automatic updates and take an item off your to-do list.

Updates for your devices' operating systems and other types of software will include the latest security patches. These can be important for fixing known vulnerabilities—different ways that hackers can break into your system. Uninstalling apps and other programs that you don't regularly use can also help keep your device safer.

Many modern systems include good antivirus protections, but there are also free and paid antivirus software options. If you use one of these, make sure you also keep it up to date so it can detect the latest threats.

4. Use Unique Passwords

Quick tip: Check HaveIBeenPwned to see if your email address or phone number were compromised in a data breach.

Using the same password across multiple sites can make it easier for criminals to get into your accounts. They can use software to automatically try username or email and password combinations that were previously leaked to break into other accounts. You could be at risk even if you have unique passwords that follow a pattern, such as the company's name plus a series of numbers.

At a minimum, you want to use unique and strong passwords for the accounts that have valuable information or access, such as your bank, credit card, ecommerce and loyalty accounts.

You can also use a password manager to create, securely store and autofill your passwords on different websites and apps. Some password managers will also rate the security of your passwords and alert you if a password is compromised.

5. Turn on Multifactor Authentication

Quick tip: Get a free dark web scan to find out if your personal information was compromised.

When you turn on multifactor authentication (MFA) for one of your accounts, you'll need to share at least two forms of authentication to log in, such as your username and password plus a code sent to your phone. The extra security step can keep other people out of your account, even if they were able to figure out your username and password.

You'll need to turn on MFA for each of your accounts one by one, and accounts might support different types of MFA. Authentication via text message isn't the best option, because scammers can hijack that method with SIM swapping. Instead, you may be able to use an app or other type of verification method or device.

6. Limit Who Can See Your Personal Information

Quick tip: Use a free privacy scan to see if your personal information is on people finder websites.

Scammers can use your personal information when targeting you for a scam, or to impersonate you when reaching out to other companies. Your personal information might be available to the public on people finder websites, but you can ask the sites to remove it.

Additionally, try not to share a lot of personal information on social media—answering a quiz about your high school could give someone the answer to a "what's your high school mascot?" secret question that protects one of your accounts. You can also go into the privacy settings of various social media accounts and limit who can see what you post or share.

7. Never Pay When Asked to Use Oddly Specific Payment Types

Quick tip: If someone tells you to pay them using a gift card or cryptocurrency, it's almost always a scam.

Cybercriminals are after your information, access to your devices and your money. When the latter is in their sights, they'll likely ask you to send them money with gift cards, wire transfers, cryptocurrency or peer-to-peer payment apps like Zelle. Unfortunately, if you send them money, these payments often can't be easily (or ever) reversed.

Know Where to Turn for Help

Precautions can help keep you safe from cyberattacks and scammers, but sometimes you might slip up, or your information gets leaked through no fault of your own. An identity theft monitoring program can help warn you if someone tries to open an account in your name or if your information is found online. Some programs, including Experian IdentityWorksSM, also come with fraud resolution specialists and identity theft insurance.

The purpose of this question submission tool is to provide general education on credit reporting. The Ask Experian team cannot respond to each question individually. However, if your question is of interest to a wide audience of consumers, the Experian team may include it in a future post and may also share responses in its social media outreach. If you have a question, others likely have the same question, too. By sharing your questions and our answers, we can help others as well.

Personal credit report disputes cannot be submitted through Ask Experian. To dispute information in your personal credit report, simply follow the instructions provided with it. Your personal credit report includes appropriate contact information including a website address, toll-free telephone number and mailing address.

To submit a dispute online visit Experian's Dispute Center. If you have a current copy of your personal credit report, simply enter the report number where indicated, and follow the instructions provided. If you do not have a current personal report, Experian will provide a free copy when you submit the information requested. Additionally, you may obtain a free copy of your report once a week through December 31, 2022 at AnnualCreditReport.