How to Outsmart Scammers and Keep Your Money Safe

From data breaches to identity theft, financial scams pose a constant threat to our livelihoods. Taking simple everyday precautions, however, can help prevent you from falling victim to them. Here’s what experts recommend.

Recognize pressure tactics

According to Alex Hamerstone, advisory solutions director at TrustedSec, scammers often use pressure tactics and urgency in their phone calls or emails to provoke quick responses. “They know the more time someone has to think about what they’re doing, the more likely they’re to realize it is a scam,” he says. That’s why it’s best not to engage with them at all.

Always independently verify

If you get an unexpected call, text, or email from a financial institution or another authority asking for your personal information and providing suspicious instructions, it’s a red flag. “Don’t use the contact details they provide,” advises Paige Hanson, cofounder of SecureLabs. “Instead, independently verify by calling the official number listed on their [company] website or the back of your credit card.” 

Create a family code word  

Dire calls from relatives are a method of impersonation scams, as artificial intelligence (AI) can be used to mimic voices and produce fake videos. Mary Ann Miller, fraud and cybercrime executive advisor and vice president of client experience at Prove, suggests establishing a family code word or phrase to confirm their identity.

Beware of email spoofing 

Email spoofing involves manipulating email headers to make emails look as if they’ve been sent from a legitimate or familiar sender. “Spoofed emails often try to get you to download something malicious or trick you into sending or rerouting payments,” explains Truman Kain, offensive security researcher at Huntress. First, ask yourself if you were expecting this email and does its request feel normal. “Before taking any action, verify the request by reaching out directly,” says Kain. “Ideally, use a different contact method than the one used for the initial email; phone, for example.”

If you confirm that an email is coming from a spoofed address, don’t engage with it. Delete it, and if it involves your company, report it to your IT or security team. 

Learn how to spot fake websites

Scammers can create convincing websites, so always examine URLs carefully. Look for misspellings, extra characters, or unusual domain extensions. Also, make sure the site has a secured connection. “An address that starts with HTTPS means it's an encrypted connection, also indicated by a small padlock icon in many browsers,” Geftic says. Don’t enter personal or financial information on any website that looks suspicious.

Safeguard your snail mail

To protect against mail theft, consider signing up for the US Postal Service’s Informed Delivery service, which sends a daily email with images of your incoming mail. “If you see something that [was supposed to be delivered], and it doesn't actually appear in your mail, then you know something's missing,” says Mona Terry, chief operating officer, head of victim services, at the National Identity Theft Resource Center. Additionally, reduce the risk of stolen sensitive documents by opting for paperless statements that require secure log-in access.

Strengthen and diversify your passwords

While it sounds convenient to use the same password for all of your accounts, it also puts you and your personal information at risk. Scammers who gain access to one of your accounts can try using the same password on other financial accounts. “Use strong, unique passwords for each account, and never share login details with anyone,” says Jason Zirkle, training director at the Association of Certified Fraud Examiners.

Geftic suggests passwords should be at least 12 characters long, with a mix of uppercase, lowercase, numbers, and special characters.

Boost your online security

Make it harder for scammers to access your accounts by enabling multi-factor authentication (MFA) or two-factor authentication (2FA). This extra layer of security requires more than just a password—it might involve entering a one-time code sent to your phone, using a biometric scan like a thumbprint, or confirming your identity through an authentication app to verify that it’s you. For example, even if a scammer steals your password, they won’t be able to log in without the second verification step. Also, consider using a password manager. This software acts like a secure vault, generating and encrypting strong, unique passwords for each account so that you don’t have to remember them all.

Order your free credit report

Federal law allows you to request a free credit report every 12 months from each of the three major credit reporting agencies—Equifax, Experian, and TransUnion. “Doing a review of your credit report will help you catch any fraud or unauthorized accounts,” says Melanie McGovern, director of public relations and social media for the International Association of Better Business Bureaus. For added protection, consider freezing your credit with each bureau. This prevents scammers from opening financial accounts in your name while still allowing you to lift the credit freeze when needed.

Tip: AAA members can access free identity theft protection through ProtectMyID, which includes Experian credit report monitoring, alerts for suspicious activity, lost wallet protection, and fraud resolution support. Take advantage of this benefit today to strengthen your defenses against financial scams.