Ten Ways to Get Scammed Online

emotions — greed, fear, curiosity — and often fuel each with “Act Now!” urgency. Offers of
easy money and threats of negative consequences phish for your money and/or personal
information. Promises of forbidden photos or links, especially with terse “Check this out!”
messages, are used to install information-stealing malware.

2. Accessing your financial accounts from email links. No matter how official an email looks,
don’t access bank, credit card or other sensitive accounts from links or attachments in
emails — and never act on a “Dear Customer” message asking for log-in credentials or
account numbers. It’s best to check accounts by typing (or bookmarking) the website
address yourself. And be sure to read through your account confirmations, since that’s likely
where you’ll see the first sign of trouble if anyone has tampered with your information.

3. Having weak passwords and not changing them. Longer is stronger, so aim for at least 12
(ideally, 15 or more) characters, mixing letters, numbers and symbols. Use different
passwords on different accounts, changing them within three months, or a password
manager that issues and stores them in an encrypted database. Don’t click “remember me”
options on cellphones or computers that others can access.

4. Not “really” reading messages. Does the sender’s address differ from his or her name,
like egy5boo@yahoo for Mike Jones? Are tone, spelling and grammar off the mark? Are
signature titles overly generic or flat-out weird? Do emails from businesses end with a
Hotmail, Gmail or Yahoo address, rather than companyname.com or .org? All scams. And
how can you check whether a website is authentic? Without clicking, place your cursor over
links; if the pop-up address doesn’t match, assume the worst.

5. Believing a caller who detects a computer virus. If your computer is infected, you won’t be
telephoned by legitimate vendors of computers, of operating systems like Windows, or of
antivirus protection; this is the tactic of scammers trying to sell phony protection or get
remote access to your device. When new viruses are circulated, expect updates sent en
masse over the Internet to users of that software. But check for regular updates anyway,
and do a weekly “full scan.”

6. Oversharing on social media. Friend and Tweet away, but don’t post details about
upcoming vacations, photos identifying family members, even your address, birthdate,
hometown, high school or other snippets that could be pieced together for identity theft.
Even with privacy settings, the more information you share online, the easier it is for the
wrong people to get it. Be cautious about “likes” from others, and know the sneakiest
Facebook scams.

7. Overtrusting emails. Neither the government nor banks or credible merchants will ask for
personal or account information by email. Be suspicious of messages from friends asking for
money. (Wouldn’t they call?) As Mom advised decades ago, don’t trust strangers.

8. Trusting a “free download.” It’s the most malware-laden search term of all. Get apps from
trusted sources, such as Google and Apple app stores, and updated versions of programs
like Adobe Flash Player from manufacturer websites, not from pop-ups or links offered in
pages. Don’t trust free screen savers (malware can lurk amid those swimming fish) or “free

9. Thinking your Mac protects you. There once was a time when the Mac didn’t warrant
attention from cybercrooks because phishing was better with more widely used PCs. But
Mac attacks have grown with their popularity, exposing similar vulnerabilities and gotcha

10. Shopping online as you do in stores. Don’t use debit cards for online purchases; credit
cards offer better protections. Never enter card data on any page without “https” in the
website’s address. Type retailer web addresses yourself, rather than relying on links from
search results. To get coupons and purchase confirmations, use a dedicated email address
that’s different from your primary account
a proud member of