Stay Safe Online: Your 3-Step Defense Against Scams
The internet can feel like a digital minefield, but you don’t need to be a computer expert to stay safe. Scammers rely on “scare tactics” to make you act without thinking. Whether it’s an urgent email, a suspicious text message, or a flashing pop-up on your screen, here is how you can protect yourself.
1. Pause at the “Urgency”
Scammers want you to panic. If you receive an email, text message, or phone call claiming your account is “locked” or “compromised,” take a deep breath. Real companies—like your bank or Amazon—will never pressure you to click a link immediately to fix a problem.
How to Spot a Suspicious Email or Text:
- Check the sender’s email address carefully. Scammers use addresses that look similar to real ones, like
support@amaz0n-security.com(note the zero instead of the letter “o”) orpaypal.verify@outlook.com. Hover over the sender’s name to see the actual email address. - Look for generic greetings. Real companies use your name; scammers say “Dear Customer” or “Valued Member.”
- Watch for spelling and grammar errors. Legitimate companies proofread their communications.
2. Don’t Click—Go Directly to the Source
Phishing emails and text messages often contain links to fake websites designed to steal your password. If an email or text looks suspicious, never click the link. Instead, close the message, open your web browser, and type the website address in yourself (e.g., type www.chase.com manually). If there is a real problem, you will see a notification there.
This same rule applies to text messages (called “smishing”). Scammers send fake texts claiming to be from your bank, delivery services like UPS or FedEx, or even the IRS. Don’t click links in texts—go directly to the official app or website to check your account.
3. Hang Up on “Tech Support”
A legitimate company like Microsoft or Apple will never put a phone number in a pop-up on your screen telling you to call them. If your computer freezes with a loud warning, simply turn it off and restart it. These are fake “scareware” ads intended to trick you into giving a stranger remote access to your computer.
What to Do If You Already Clicked a Suspicious Link
If you think you may have fallen for a phishing scam, act quickly:
- Change your password immediately. Important: Do not use the link from the suspicious email to do this; go directly to the official website.
- Enable two-factor authentication if you haven’t already. (See my post on 2FA for step-by-step instructions.
- Monitor your accounts for unusual activity over the next few weeks.
- Consider a credit freeze if you shared financial or personal information. Contact the three major credit bureaus (Equifax, Experian, TransUnion).
- Report the scam by forwarding phishing emails to your email provider (e.g.,
phishing@outlook.comor use Gmail’s “Report phishing” button) and to the FTC atspam@uce.gov.
Trusted Resources for More Information
- Sophos: How to break the cycle of phishing
- Federal Trade Commission (FTC): How to Recognize and Avoid Phishing Scams
- Cybersecurity & Infrastructure Security Agency (CISA): Phishing Guidance
- AARP: Scams and Fraud Prevention
- Google Safety Center: Identify and report scams
- National Cybersecurity Alliance: Stay Safe Online – Phishing