With so many convincing cons in play online and over the phone, it’s easy to feel like we’re all just one wrong move away from losing our life savings. Nearly 2.2 million people reported losing a total of more than $3 billion to scams in 2020 alone, and a whopping 1.4 million reported identity theft — that's twice as many victims as in 2019.
Our experts at the Good Housekeeping Institute teamed with security pros to round up smart strategies that will help keep your family safe from potential scams and fraud. These tips will help protect you on the phone, via email, in person and beyond.
How to spot a phone call or email scam
- The caller’s phone number looks similar to yours. Fraudsters use software that mimics, or “spoofs,” local numbers to make incoming calls look as if they’re coming from your community so you’re more likely to answer.
- The email address has a typo or seems "off." Always check the email header carefully; sometimes scammers will change just one or two letters in an email address. Hover over hyperlinks to view the web address they’ll direct you to; if they seem vague or inauthentic, don't click them.
- You’re pressured to act fast. Cons often create a sense of urgency. “They want to instill fear or excitement,” says Kathy Stokes, director of fraud prevention programs with the AARP Fraud Watch Network. “For fear, it might be ‘This is the Social Security Administration, and your number has been suspended because of criminal activity.’ For excitement, it could be ‘This is Publishers Clearing House. You’ve won a million dollars!’” Be aware that government agencies like the IRS will not call you out of the blue and demand payment.
- They request payment in gift cards. Stokes does not mince words on this: “Any time somebody asks you to pay for some obligation by purchasing a gift card and sharing the numbers from the back, it is a scam — 100% of the time. It is just not a legitimate form of payment.”
Top tips to avoid a phone scam
✔️ Turn on call blockers. Register for the FTC Do Not Call Registry, and use the tools built into your phone and provided by your mobile carrier (e.g., AT&T Call Protect, Verizon Call Filter, T-Mobile Scam Shield). Check your smartphone’s settings to modify privacy options or enable call-blocking features.
✔️ Verify the phone number. If you suspect that a call you’ve answered from a business is a scam, hang up and find a valid phone number to call to confirm that the company reached out. The same goes for emails and texts: Don’t click provided links or open attachments.
✔️ Create a refusal script. Stokes says her mother would feel rude hanging up on a caller, even if she suspected a scam. So she and her mom created a refusal script, which provides language her mom can lean on when she needs to end a call. Says Stokes: “I told her to say, ‘I’m sorry, I can’t talk right now. I’m having tea with Officer Brady,’ and then hang up.” Stokes advises that you keep the script next to your phone — or by your door, for unwanted or fishy solicitors — as reinforcement.
How to avoid getting scammed online
✔️ Use a password manager. Our Lab pros love that Dashlane Premium ($9 per month for family plan) offers intuitive onboarding and helpful notifications that will alert you to potential security problems.
✔️ “Salt” your security questions. You might feel safer when websites require answers to security questions like ‘Name your high school mascot.’ But thanks to social media, a lot of personal info is available online. “Scammers can figure out what high school you went to because you posted about your reunion on Facebook,” says Stokes. One strategy for staying safe is “salting” — sprinkling a little extra info into your answers to make them harder to hack. If, say, your high school mascot was a cougar, you can add a memorable word or number to your correct answer — e.g., Cougar719 or CougarDoritos (even better: CoUgarDor!t0s) — that others won’t know.
✔️ Turn on multi-factor identification. Yes, it slows things down to have to enter, say, a second code when accessing private data, but a minor inconvenience to you is a big inconvenience to scammers. Stokes agrees that what’s known as multi-factor authentication (MFA) is a valuable addition to your security: “The company is going to send that code to me on a known device, and it’s just one more step. If the scammer has your phone, it’s a different story, but more often than not that’s not the case.”
✔️ Check your email settings. Mark unwanted emails as spam, strengthen your privacy options in your email security settings and have a secondary email account to use when you need to provide an email address for transactions.
✔️ Always verify contact information independently. Do not call numbers provided in an email, text or letter; look up the business’s number before dialing.
What to do if you've been scammed
Some people feel embarrassed that they’ve fallen for a scam, so they might be reluctant to report it. But a recent AARP study showed that what makes people vulnerable is “not any attribute of the individual who experiences a scam — not socioeconomic status, not age, not educational achievement,” says Stokes. “It’s what you’re experiencing in your life right then. You’ve lost a job. You’ve lost a spouse. You’ve been diagnosed with a serious illness. It’s in those moments that we are most susceptible to a scam.”
Reporting fraud can help someone else avoid it — or even help bring scammers to justice, because the reports are aggregated and available to law enforcement agencies. If you think you or a loved one has been scammed…
- File a complaint with the FBI’s Internet Crime Complaint Center, or contact your FBI field office in person.
- Report fraud to your local police or state law enforcement agency.
- Contact the Federal Trade Commission to report fraud online.
- Call AARP’s Fraud Helpline at 877-908-3360. It’s free, and specialists can provide support.