4 tips to protect against scams and identity theft

Key takeaways

• Be wary of emails, phone calls, or texts that ask you to supply information like a password or personal information. Never give away your one-time passcode, password, 2-factor authentication login code, or any security question and answer to anyone else.
• Be aware of the fact that your phone can be hacked.
• Take steps to secure financial accounts with the highest level of security offered—like 2-factor authentication—and then monitor them for any unauthorized activity.
• Keep computers and mobile devices updated and secured with strong passwords.

Scams have increased significantly since the beginning of 2020. Every day it seems like there's a new scam to watch out for and a new way to be tricked out of your money.

The latest is the imposter scam. It's particularly noteworthy for Fidelity customers or customers of other financial institutions.

Imposter scams

Here's how it works: You receive an unexpected call, text message, email, or social media connection request from someone claiming to be an investment professional or customer service representative from Fidelity or another reputable financial services firm or business.

The fraudsters behind these calls and messages often take the name and other publicly available information, such as employment history and securities licensing details about an investment professional that works for the financial services firm and use that information to create a fraudulent website or social media presence that impersonates the investment professional.

They use these messages, websites, and social media accounts to lure you into their investment scam by soliciting payments from you or promise you a low-risk/high-reward investment or they try to convince you to provide them with information about your financial accounts (such as login credentials or account numbers) or your personal information (such as your Social Security number).

How to protect yourself from imposter scams

To guard yourself against these scams, you should consider the following:

• Do the messages and/or websites use poor grammar, contain misspellings or odd or awkward phrasings, or misuse investment-related terminology?
• Are you being directed to a website that uses the investment professional’s name as the domain name (e.g., FirstNameLastName.com) rather than the website of the financial services firm with which the investment professional is affiliated?
• Were you contacted via a means that is not customarily used by the investment professional or firm to communicate with you (e.g., were you contacted by text message when all your previous communications with the firm have been through emails)?

In addition, there are other steps you can take to protect yourself:

• No reputable financial institution will ever call you and request that you disclose to them your account login credentials, or provide them with a copy of your driver's license, other photo ID, or proof of address documentation. If you get a call requesting any of these or similar items, hang up.
• Never give away your one-time passcode, password, 2-factor authentication login code, or any security question and answer to anyone else.
• No reputable financial institution will ever contact you via a free email account (such as Yahoo or Gmail), messaging app, or send you a social media connection request. Any contact from Fidelity will come from an @fidelity.com email address.
• No reputable financial institution will ever call you requesting account information or pressure you into initiating a monetary transfer. Always verify the recipient of a transfer by going directly to the source (such as using a verified website to retrieve official contact information and/or calling the intended recipient yourself).
• Be cautious of guarantees, unregistered products, consistent abnormally high returns, and complex strategies.
• Be wary of sales pitches that make exaggerated claims about performance.
• Do not click on links or open attachments from suspicious looking emails.

Identity theft can be scary but there is good news. You can protect yourself, in most cases, by being aware of the threat and following certain practices for safeguarding your information.

1. Don't take the phishing bait

Phishing is a technique used by criminals to trick victims into providing personal information that can be used for identity theft. Most phishing attempts are carried out by email, text messages, or phone.

• Ignore deals, freebies, and awards that sound too good to be true. Disregard offers that appear to come from unusual foreign contacts, as well as requests from strangers for help.
• Ignore phone calls, emails, or texts that appear to be from the IRS. The agency will not contact you by phone, email, text message, or social media to request personal or financial information.
• Be suspicious of anyone requesting your Social Security number, date of birth, financial account number, PIN, email, or passwords—especially if there is a request to verify your information when you were not expecting it.
• Never click a link or download an attachment inside an unexpected email. If the email claims to be from a company you do business with, don't log in from a link in the email message—go to the company's website and log in to your account from there.
• Never provide personal information over the phone to an unsolicited caller. If you think the call might be a legitimate request from a company you do business with, hang up, and call the company directly.

2. Protect your phone service

Your phone has become an important part of security protocol and is the "master key" to accessing online accounts and information.

Criminals and scam artists are actively using stolen identity information to port your mobile phone number, or forward your phone calls and text messages. They do this by calling phone service providers. If you use Voice over IP (VoIP) phones then your voice phone portal accounts are also at risk.

Cybercriminals do this to steal your 2-factor authentication codes and text messages to get into your financial institution accounts.

• Learn signs that your phone may be hacked. If you notice your mobile phone showing "no service" or "emergency calls only," or you stop receiving phone calls and text messages even after you restart your phone, contact your mobile company to see if your account has been compromised.
• Ask your telecom provider about ways to better secure your account, especially verifying your identity with a PIN or 2-factor authentication to make changes, route phone calls, forward phone messages, or port your phone number.
• Secure your online phone and internet service provider account where you pay bills and manage settings. Use a separate and strong password for such accounts and enable 2-factor authentication on these accounts.

3. Monitor and secure your accounts

Many companies, including Fidelity, go to great lengths to safeguard customers' information and provide security tools. For instance, Fidelity offers 2-factor authentication, designed to prevent someone from accessing your account, even if they have your password.

Here are a few actions you can take to reinforce those safeguards.

• Choose passwords that can't be guessed easily. Use different passwords for different websites, and change them regularly.
• Sign up for 2-factor authentication at your financial institutions and email service providers to protect all your online accounts.
• Make sure your financial institutions have up-to-date contact information for you, especially your mobile number. Your financial institutions use this information to protect your accounts and to contact you when suspicious activity is detected.
• Sign up for automated alerts of suspicious account activity wherever offered. Fidelity automatically alerts you by email and text messages of certain suspicious activity. Do not ignore these security alerts when they are received.
• Check your credit report regularly. The 3 major agencies—Equifax, Experian, and TransUnion—are required by law to provide you with a free copy of your credit report once every 12 months, which means you can check your report for free 3 times throughout the year.

4. Secure your mobile devices and personal computers

Any device you use that is connected to the internet can become a mechanism of attack by cybercriminals. Hackers can get in through newly discovered security holes in these devices and systems.

• Change any default passwords when setting up your devices.
• Apply updates and patches as soon as the system maker releases them.
• Don't download mobile apps and games that you do not trust. Some mobile apps have been found to contain hidden malicious software. Use your best judgment before using a brand new app from an unknown company and read reviews before downloading.
• Run antivirus software on your computers, and ensure that your mobile devices have the most recent security updates and patches.

Take security seriously

Protecting your information and online accounts can help avoid the hassle and heartache of ID theft. Take advantage of all security measures offered and use strong passwords—remember the best way to prevent identity theft is with a strong defense.

How to report identity theft, scams, and cybercrime

If you think you've been a victim of identity theft, a scam, or cybercrime, here are some government resources that may help you. 

• To report identify theft and establish a recovery plan, visit the Federal Trade Commission's Identity Theft page 
• To report a scam, visit the Federal Trade Commission 
• To report a cybercrime, visit the FBI's Internet Complaint Center