How to protect online accounts

• Create strong passwords and user IDs, change them frequently, and don’t use the same ones for all your accounts. These steps make it harder for criminals to steal the virtual keys to your accounts and limit the damage they can do if they crack your code.  Learn more here
• Pay attention to security alerts that inform you about possible data breaches. It is a good idea to change your password if you have reason to believe that your information has been compromised.
  
• Reconcile or balance your bank account every month. The beauty of online accounts is that you can monitor them almost in real time. That means you can catch crooks long before a statement arrives in the mail. Learn more
• File your taxes promptly.  While thieves may use stolen information to create fraudulent bank accounts, they may also use it to file fraudulent tax returns. File your taxes as soon as you have the tax information you need and respond promptly to letters sent to you by the IRS. Note that the IRS will never communicate with you via email, so watch out for this type of fraud, and don’t open emails purporting to be from the IRS.
• Be extra careful about emails and attachments.  Avoid clicking on links or downloading attachments from suspicious emails that claim to be updated by any company connected to a data breach. Learn More
• Use account authentication.  Two-factor authentication adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account. Learn More
• Check your Credit Cards accounts often. Reviewing your recent account activity is fundamental to credit card safety—and it’s easy. You can do it online or by phone. If your credit card issuer offers email or text alerts about unusual activity, sign up to receive them.
• Monitor credit reports.  Check your credit report for any accounts that crooks may have opened in your name. Credit reports are available for free, from each of the three national credit reporting agencies — Equifax, Experian, and TransUnion from https://www.AnnualCreditReport.com. Some monitoring services and credit card companies now allow you unlimited access to credit information, so you could theoretically check every day. 
• Keep your antivirus software up to date. The technology environment is constantly changing and antivirus software can quickly become obsolete.
• Use different passwords for each of your accounts, including email, website logins, social media, etc. If one website gets hacked, your credentials are still safe across all of your other accounts.
• Consider using a password manager, which generates and stores long, complicated passwords. 
• Explore putting a lock or a freeze on your credit reports compiled by Equifax, Experian, and TransUnion. Both a lock and a freeze block access to your credit reports, making it highly unlikely that anyone could open a credit card in your name. Learn more here.
• Consider buying identity-theft insurance through your financial institution. 
• Don’t ignore your snail mail. Make sure you aren’t receiving unsolicited credit cards or collection notices for products and services you never purchased.
• Exercise caution when clicking on websites and emails. Thieves have become experts in forging the look of legitimate sites.
• If you typically do your banking in person at a nearby branch, consider creating an online account. You’ll be able to closely monitor account activity and spot breaches quickly. You could also prevent a thief from opening an account in your name.
• Get account alerts. Ask your financial institution or brokerage house representative if the institution provides account activity notifications and how to implement them.  Alerts will notify you about activity on your account. Review alerts immediately can protect against fraudulent activity on your account.
• Don't use your account on an unknown computer. Unless you are sure a computer is secure, be wary of using an unknown computer. Computers can record pages viewed and keystrokes entered among other possible security violations. Granted, this will not be your experience on most computers, but be careful.
• Check your last login date. When you log on, your last logon date is displayed. Always check this date to ensure someone else is not using your account.
• Register your computer.  Not only will this make logging on to your account quicker, but it also reduces the chance that the answers to your security questions will be compromised.
• Enroll in e-statements.  Receive your statements electronically. Paper statements can divulge your financial information if stolen from your mailbox.
• Review account activity.  Review your online accounts for any transactions you did not initiate. Early detection may prevent large losses.
• Don't use your computer at work.  Even if it's during your lunch hour and on your own time, employers can monitor computer usage and even typing (although most don't). While your company might not care how much money is in your accounts, those who are paid to monitor Internet and email use will also have access to this information. You can use your computer at work, just be aware of the risks. 
• Shred or securely store your paper bank statements. One of the advantages of online banking is that your records are stored securely online. However, if your financial institution sends you monthly statements about your account or another account you have with them, be aware that these statements can include log-in information as well as account numbers that can be used to access your account. You should shred these documents when you are done with them or store them in a secure place.
• Understand security and online banking. You have taken a good first step by reviewing the information on this site and this list of security measures that you can take, but make sure you continue to be aware of the security measures your financial institution employs.
• Don’t give out vital data like Social Security, bank account numbers, or one-time security codes to strangers calling over the phone. If you think the call may be legitimate, ask for the person’s full name and a number to reach out to them later.
  

Here is an example of a common scam designed to access your online accounts:

• If it's a phone call, caller ID displays your financial institution's number (because it's been spoofed to match). 
• Text messages may direct you to call your financial institution at a different number.
• They alert you about possible fraud or suspicious transactions on your account. (You don't recognize these because they're made up.) 
• They ask for multiple pieces of verifying information, like your mother's maiden name, Online Banking user name, or password. (Financial institutions don't call and ask multiple identifying questions.)
• They may tell you there's been unauthorized online access to your account and they need to verbally verify your online password. (Financial institutions would never ask for your online password.)
• If they don't get the password, they ask numerous security questions. (They use the answers to gain access to your account.) 
• When our online fraud prevention system asks for additional verifying information, the fraudster will ask for that, too.
• They tell you they're sending a one-time security code so they can "assist in resetting your account information." (The code is actually sent from your financial institution as a security measure to protect your account from unauthorized access.)
• They ask you to read back the one-time security code "they just sent you." (Your financial institution would never request one-time security codes verbally by phone.)
• Don't share the code! If you provide this code, the fraudster has full access to your account. They can set up a transfer and drain the funds within minutes using digital payment services in Online Banking.