Never in a million years would you sign a blank check and leave it sitting around on your desk at work or hand over your car keys to a complete stranger asking to borrow your car to run an errand. Likewise, you know not to give anyone your personal bank account information.

Unfortunately, today’s tech-savvy scammers don’t even need to know your online login credentials to access your account. Scary…

When con artists perform account takeovers, they gain fraudulent access digitally to bank accounts. In other words, they can access your account to withdraw money, initiate transfers, apply for loans, and perform other account-related tasks — oftentimes without you knowing a thing. Not only are you unaware that a stranger is in your account, but it’s also likely that you don’t know how they gained access in the first place.

This might leave you feeling quite helpless. You’re no data security specialist, and you chose a bank that deploys superior security features like encryption and multi-factor authentication (more on these later) to protect your personal information.

So what, if anything, can you do?

Pay Close Attention to Your Accounts, or Know What to Look For

Just because scammers are digitally breaking into financial accounts doesn’t mean all of their actions are 100 percent invisible.

In some instances, you might not be aware someone is committing fraud against you. For example, criminals may gain access to your email in order to obtain your bank login credentials. (Do you use your email as your log-in ID? You should consider changing it to something else.) Or they might make repeated phone calls to your bank or other businesses, guessing answers to personal questions until they successfully authenticate as you.

But other times, signs of their bad behavior exist. You just need to know what to be on the lookout for.

Some con artists hack email accounts from reputable people that accept payments, like attorneys or real estate agents. Using their name and email address, they’ll send a message directing you to send money to a fraudulent account.

Scammers also impersonate banks and might contact you directly via phone, email or text. This correspondence — which can look and sound official — will ask you to verify personal information, including account numbers, user names, and passwords.

So what’s the best line of defense against someone attempting an account takeover? The following checklist outlines preventative tips to help make your accounts more secure, plus measures to help increase your awareness of suspicious account activity, should you experience fraud and need to take action immediately.

Don a Suit of Armor, or How to Make Your Account as Secure as Possible

Reduce your vulnerability by upping your security protections. You may not be able to make your accounts completely hacker-proof, but you can certainly make them safer.

1. Create a unique password

These days, the longer and more unique the better when it comes to passwords. Come up with a password that uses a mixture of letters, numbers and symbols.

Just because your password is long doesn’t mean it has to be impossible to remember. Create one that’s easy for you to remember, but hard for someone else to guess. For example, “I love being your ally!” becomes “1<3be1ingur@lly!”.

2. Give your login credentials an extra boost

It isn’t enough to come up with one super secure password. You need to create a different one for each financial institution. And never have your email address act as your user ID. Come up with a unique login name as well.

Remembering all of these user names and passwords for your accounts can be difficult, so use a secure password manager to help manage them.

3. Switch it up

Your password shouldn’t be the set-it-and-use-it-forever type of thing. Change it periodically to maintain optimal protection. Consider setting a personal reminder to reset your passwords every couple of months (or whatever cadence you can stick to).

4. Inquire about additional muscle

Ensure the email provider and websites you use employ multi-factor authentication and enable it when possible. This added level of security makes it harder for hackers to access your account and requires you to enter two pieces of evidence (like a password, a special code that’s sent via text to your phone, or a PIN, for example) before being granted access.

5. Get notified

Between social media and news alerts, you might think about opting out of receiving notifications from your bank. Don’t. Consider notifications from your bank as V.I.P. (very important push notifications), so set up alerts notifying you about changes to your profile (user name, password, phone number, address, email address, etc.), failed login attempts and deposits and withdrawals of funds.

6. Confirm. And confirm again

You can’t be too careful when transferring money. Whether you’re sending funds via Automated Clearing House (ACH), wire or Zelle — all secure options — touch base with the recipient on the phone or in person so they’re expecting the money movement. It’s also wise to double check the account details before sending.

7. Don’t RSVP

Normally, when you receive a message asking for a response, the polite thing to do is send a reply. But that’s not the case when you receive a message that appears to be from your bank requesting information from you. An email like this could be a scam. Call your bank’s 800 number (you can find it on its website or on the back of your debit card) and only reply if you’ve personally verified its authenticity.

8. Check your loops, curves, and swirls

If your smartphone or computer has biometric ID, use it. Touch ID and other biometric options allows users to securely log into the Ally Mobile app with just their fingerprint or face.

9. Call attention to suspicious activity

Receive a shady message in your inbox? Don’t just hit delete. Contact your bank immediately. If you’re skeptical about an email that seems to be from Ally, forward it to our abuse@ally.com mailbox and include the header information if you can. Don’t open any attachments or embedded links that may be included in the email.

10. Keep current

Remove old contact information (address, phone number, email address) from your account profile. Hackers could use your info to open fraudulent accounts elsewhere.

Make use of these tactics and your account will be more likely to remain secure and in your own hands, not in those of a scammer.

Learn how Ally Card Controls can help you keep tabs on your account.

Learn More About Ally Card Controls