10 Tips for Keeping Your Accounts Secure
Cyber fraud may be as old as the internet itself, but it's also a growth industry. In 2023, the FBI recorded more than 880,000 cybercrime complaints in the U.S. alone with potential damages totaling $12.5 billion—a 22% increase in losses compared to the previous year.
"We're conducting more of our lives online than ever before, without thoroughly thinking through the security implications," says Peter Campbell, director of Schwab's Financial Crimes Risk Management division.
While the best practices for keeping your accounts safe are ever evolving, they boil down to common sense and a healthy dose of suspicion when living and working online. With that in mind, here are 10 tips for keeping cyber criminals at bay.
Cybersecurity Tip #1: Think before you click
Each day, bad actors send roughly 3.4 billion emails pretending to be from individuals or entities that recipients know and trust. One wrong click could drain a financial account, expose you to identify theft, or install malware on your device.
"These so-called phishing attacks successfully trick too many people into revealing highly sensitive information, including credit card numbers and passwords," says Joel Sauer, director of senior and vulnerable investor investigations in Schwab's Financial Crimes Risk Management division. "If you get an email you're not expecting, don't click on any links or accept any offers."
Here are a few simple ways to confirm the legitimacy of the source:
- Double-check the email address, which can differ by just a single character from a familiar or valid account.
- Hover your cursor over any links—without clicking—to reveal the underlying URL (that may or may not jibe with the one it's purporting to be)
- Activate your email program's spam filters, which have become adept at separating out suspicious and unsolicited emails.
- "Above all, call the company back at a known or publicly listed number rather than risk responding directly to a fraudster," Joel says.
Beyond email, be aware of other forms of attack—including fraudulent SMS texts (a.k.a. "smishing"), voice calls ("vishing"), and "spear phishing," or the practice of mining social media posts for personal information to create more targeted and potentially convincing emails. New artificial intelligence (AI) tools have made it easier for fraudsters to quickly create polished and convincing content, often with a sense of urgency. But don't let anxiety cloud your judgement or cause you to act rashly.
If you suspect an email that appears to be from Schwab is fraudulent, forward it to phishing@schwab.com.
Cybersecurity Tip #2: Act defensively
Financial firms, in particular, have implemented security features aimed at helping clients and consumers prevent cybercrime. Chief among them:
- Security alerts via email or text that can notify you of everything from individual transactions to changes to your password and other vital information.
- Two-factor authentication, which typically involves sending a randomly generated number to your phone or email that you must enter in addition to your password to log in to an account. "That extra step alone can be critical to preventing unauthorized access to your accounts," Peter says.
- Voice identification, which allows you to use your voice as your password by speaking a simple phrase—such as, "Check my account activity."
Secure your Schwab account
- Sign up for security alerts and two-factor authentication.
- Enroll in Schwab's voice ID service by calling 800-435-4000.
Cybersecurity Tip #3: Be password smart
"The first rule of passwords is: Never share passwords," says Joel. And while most people know not to use simple passwords like "1234" or their birthday, consider creating strong, hard-to-guess passwords that don't use personal information.
Password managers can generate, store, and even autofill unique passwords for as many sites as you choose. Be sure to password-protect your laptop, phone, and tablet, as well. "These days, there is no greater repository of personal information than our devices," Joel says.
Cybersecurity Tip #4: Keep your devices up to date
Most desktop and mobile operating systems—as well as individual applications—offer periodic updates, which frequently include security patches as new vulnerabilities are discovered.
You can generally authorize automatic updates through an application's or operating system's settings. And when it comes time to discard old gear, don't forget to perform a factory reset of the device to securely remove all personal data.
Cybersecurity Tip #5: Fortify your home network
Don't overlook the internet connection that powers your home. A 2023 survey conducted by the Deloitte Centre for Technology, Media, and Telecommunications found that almost a third of smart homes with 30 or more devices fell victim to at least two data breaches or cyberscams during the previous 12 months.
To help counter that, look for a router—the device that streams data from your internet provider to your various devices—with strong encryption settings and the capability to set up a Virtual Local Area Network (VLAN), which can add another layer of security. Set a strong password for your router—as well as all internet-enabled doorbells, televisions, speakers, thermostats, and other smart devices.
Cybersecurity Tip #6: Protect yourself in public
Cybercriminals can easily set up a decoy Wi-Fi network containing the name of the airport, hotel, or restaurant from where you're trying to connect. One way to avoid falling victim to fraudsters when accessing the internet in public is to tether your laptop or tablet to a "personal hotspot"—a feature of many smartphones. In a pinch, you can safely use public Wi-Fi for innocuous tasks like checking sports scores—but avoid logging in to financial, shopping, and other sensitive accounts.
Cybersecurity Tip #7: Talk with your children . . .
While most children grow up with the internet, they may not be aware of its potential pitfalls or their own vulnerabilities to them. Start early—and be frank about the risks involved and your own experiences online.
"I have two teenagers, and I'm constantly preaching the gospel of online safety," Peter says—including not giving anyone your name, the name of your school, or your home address and never agreeing to meet anyone in person who you've only ever met online. "Children are as much of a target as anyone else."
Cybersecurity Tip #8: . . . and elderly relatives, too
Cognitive decline and social isolation, in particular, can leave the elderly susceptible to attacks. "As a result, older individuals are much more vulnerable to scammers trying to form an emotional attachment over the phone or online," Joel says.
Joel suggests framing conversations about cyber fraud in ways that don't question a loved one's judgment. "Talk about the steps you take, not the steps they should take," he says. Above all, offer a helping hand. "Everyone needs a family member, a friend, or even a trusted financial advisor they can call with questions," he says.
What's more, most financial institutions encourage all clients to establish a trusted contact—someone with whom your financial institution can discuss any signs of possible fraud. "Even if you have a spouse listed on the account, a trusted contact can provide an additional person to contact in case of suspicious activity," Joel says.
Add or change a trusted contact for your Schwab accounts.
Cybersecurity Tip #9: Stay informed
Sign up for the latest consumer-fraud alerts from the Federal Trade Commission. "It's also a good idea to check your credit report for suspicious activity at least annually," Peter says. You are entitled to a free annual credit report from each of the three credit reporting agencies—Equifax, Experian, and TransUnion—with whom you can dispute any errors or unauthorized activity.
You might also consider instituting a "credit freeze" for yourself and your family members with each of the three agencies, which can prevent new accounts that require a credit check from being opened in your name without your express permission.
Cybersecurity Tip #10: Follow your instincts
"If an offer seems too good to be true, it probably is," Peter says. And no reputable company will reach out electronically to request sensitive personal information, so that's another red flag.
"To my mind, you have to do all you can to prevent fraud—but you also have to be ready to mitigate the consequences," Joel adds. "The key is to remain vigilant so all this wonderful new access and technology isn't used against you."