When it comes to protecting yourself from scams, it’s a good idea to be leery of strangers. The bad guys are always coming up with new ways to steal your private data — and your money.

You may already know not to open that strange text message on your mobile phone. Or click on a link in the suspicious email in your inbox. Or return the scary, high-pressure voice message. But that may not be enough to stay safe. Scammers are using more subtle ways to commit fraud.

There are steps you can take to protect yourself. Learn them now so you’ll know what to do. That way you can keep your health and financial details private.

Signs of a Scam

Scammers want to lure you into making a costly mistake. The Federal Trade Commission   says scammers may use these approaches.

• They may act like they are from a group or company you know. They may use a well-known name, like the IRS, Medicare or Social Security — or even your health insurance company. They can change their phone number so that your caller ID shows the real organization’s name. This is called spoofing.
• They may claim you’ve won a prize.
• They may say there is a problem with one of your accounts and you need to verify some information.
• They may pressure you to act quickly, so that you don’t take the time to check out their claims.
• They may push you to send money in a certain way, such as by buying and sharing gift card numbers or transferring money.
• They may try to get you to call a phone number or click on an invitation to join a chat room or video call. That’s the first step in a plan to trick you into giving the scammer control of your device.

Spoofing and Phishing Attacks

Spoofing attacks use email addresses, sender names, phone numbers or websites that look like a trusted source. Scammers change part of a familiar name, number or URL, maybe even by just one letter, symbol or number.

They try to convince you that you’re interacting with a known company, organization or person. Then they can lead you to download malicious software, send money, or give them personal or financial information.

Phishing attacks can use fake websites, emails or texts to try to lure you into clicking a link or opening an attachment. When you click on a link, it can infect your machine with malware or viruses. The scammers use those to collect your personal and financial information. Or they may ask for personal information like account numbers, passwords or Social Security numbers. When you respond with the information, they can use it to access your accounts.

Phishing scammers may use spoofing techniques to convince you that the email or text they send you or website they link to is safe. They can look like they’re a real company you do business with, a legitimate e-commerce site or government agency, or even an individual you know.

What You Can Do

Take preventive steps:

• Block unwanted calls.
• Use a filter to block unwanted text messages.
• Use anti-virus software and keep it up to date.
• Use complex passwords, and don’t reuse them.
• Use two-factor authentication for accounts that offer it.

Be cautious and pay attention to details:

• Remember that honest groups won’t ask for your username or password, your bank account or credit card number, social security or health ID number, or other sensitive information in an unsolicited text, email or call. Never give out that information when someone unexpected asks for it.
• If the situation involves your health plan data, call the number on your member ID card instead of clicking a link or calling a number in a communication you weren’t expecting.
• Beware of anyone who says you have to pay them with a gift card or with a money transfer service. Don’t send money using any method until you have verified that a request is legitimate.
• Read emails and texts carefully. Look for typos and misspellings. Check email addresses and URLs for any slight change from the legitimate one. Check any links. Don’t click on them — hover over links to see where they really go.
• Never feel pressured to act immediately. Legitimate businesses or government agencies won’t try to rush you into making a decision or giving them personal or financial information.
• Be careful what you share about yourself online and on social media. Fraudsters can find your birthday, email addresses, security question answers and other personal information online. They can use it to make themselves seem legitimate or to access your accounts.

If you’re not sure that a website, email, text or call represents a legitimate organization or person, be cautious. Don’t respond with sensitive information, click any links, download anything or call a number in the suspicious communication. Instead use the website, email address or phone number you already have or look up to reach the business or organization. Contact them directly to see if they sent the request.

If you’re unsure of what to do, ask a friend or family member what they would do. Describing the situation to them may even help you see the clues to a scam.

Sources: How to Avoid a Scam,  Federal Trade Commission, 2023; Cybersecurity Best Practices,  U.S. Cybersecurity and Infrastructure Security Agency; Spoofing and Phishing,  Federal Bureau of Investigation

Originally published 7/29/2022; Revised 2024