How Fraud Fighters Stay Safe from Scams

10 simple ways to protect yourself like a pro

Deirdre van Dyk,

AARP

Comments

En español

Published April 07, 2025

Danielle Del Plato

As digital scams become more sophisticated, your security game needs to keep up to safeguard your personal information and money.

We asked four cybersecurity professionals what they do to avoid rip-offs. Here are their top tips.

1. Regularly restart your phone.

At least once every couple of days, Hugh Thompson, executive chairman, RSA Conference, which specializes in cybersecurity education, restarts his phone.

If you hit a scammer’s link by mistake, in some rare cases they may get access to your phone, says Thompson, “but restarting your phone can essentially kick them out.” He automates the task so it happens while he sleeps, through Apple’s Shortcuts app. Android also has the ability to automate tasks through apps.

2. Store sensitive information on an external hard drive.

No one, not even a pro like herself, is immune to ransom attacks, says Jennifer Pitt, senior analyst at Javelin Strategy & Research.

To keep her sensitive information, such as her financial accounts, medical records, former job applications and taxes, out of the hands of hackers, she uses an external hard drive. “I don’t have any important documents with my personal information on the desktop,” says Pitt.

3. Use two-factor authentication.

A password helps, but if you use two-factor authentication (also called multifactor authentication), even if a scammer was able to get your password through a data breach, they won’t have the verification code that is either sent to your cellphone or shows up in an authenticator app on your phone. It’s the single biggest thing to do to make a difference," says Thompson.

Join Our Fight Against Fraud Sign up to become a digital fraud fighter and help people 50 and older identify and avoid scams.

4. Regularly change up your passwords.

Thompson adds extra protection by changing his passwords every six months, marking it on his calendar so he doesn’t forget. He considers it a deep-clean of his identity.

5. Make sure you're shopping on valid sites.

Examine URLs carefully, says Craig Costigan, CEO of Nice Actimize, a software company that develops technology to detect and prevent financial fraud. He almost bought bogus Yankees tickets for a recent game, thinking a fake online site was legitimate.

“If I was moving fast, I would have clicked the link, punched in my credit card and said, ‘Yes, I’ll take two tickets,' ” says Costigan. One way to confirm that you have the correct site is to type the business name and the word “official” in your search engine.

6. Turn off Wi-Fi on home devices.

When Pitt isn’t using her smart home gym equipment or watching her smart TV, she shuts off their Wi-Fi. “They’re easily hacked,” says Pitt. “Some of the security for those devices isn’t that good.”

7. Check chip readers before paying.

Before inserting her card into a machine at a gas station or grocery store, Pitt tests for a skimmer — a device that crooks can place in an ATM to steal personal information from cards — by grasping and wiggling it. If there’s give, it could be a skimmer.

8. Get a secondary phone number.

Google Voice, Truecaller, YouMail and other apps and cybersecurity companies let you create a second number that will go to your phone. Quilici gives his real number only to family and friends, and his secondary number to retailers. He then blocks any calls — likely to be scammers who found the number through a data breach — to that secondary number.

9. Turn on SIM protection.

SIM (subscriber identity module) cards connect your phone number to your iPhone or Android device. If someone hijacks your SIM — usually by impersonating you and persuading your carrier to switch the SIM to a new device — they can get access to your accounts, says Alex Quilici, CEO of YouMail, a technology company that guards against robocalls. To protect yourself, contact your service provider to set up protections, like using a PIN if you want to transfer your number.

10. Create a family code phrase.

Scammers are using AI-fueled voice cloning to make their so-called “grandparent” scams (or family-emergency scams) more sophisticated. So if one of his three kids calls and says they're in trouble, Darius Kingsley, head of consumer banking practices at Chase, will ask the caller for their family code phrase. You can also use a code word, he notes, but “sometimes a phrase, maybe a line from everyone’s favorite TV show, can be easier to remember.”

%{postComment}%

Deirdre van Dyk is an AARP associate editor covering Social Security, caregiving, technology and fraud. She previously worked at USA Today and Time, where she covered business, government, sustainability and innovation.