Never in a million years would you sign a blank check and leave it sitting around on your desk at work or hand over your car keys to a complete stranger asking to borrow your car to run an errand. Likewise, you know not to give anyone your personal bank account information.

Unfortunately, today’s tech-savvy cyber criminals are experts at nabbing your login credentials to access your bank, credit card, or social media accounts. Scary…

When con artists perform account takeovers, they gain fraudulent access digitally to bank accounts. In other words, they can access your account to withdraw money, initiate transfers, apply for loans, and perform other account-related tasks — oftentimes without you knowing a thing. Not only are you unaware that a stranger is in your account, but it’s also likely that you don’t know how they gained access in the first place.

This might leave you feeling frustrated and unsure about how to stay safe online. You already use a password manager, anti-virus software, and you chose a bank that deploys superior security features like encryption and multi-factor authentication (more on these later) to protect your personal information.

What more can you do? 

Pay Close Attention to Your Accounts, or Know What to Look For

Just because scammers are digitally breaking into financial and social media accounts doesn’t mean all of their actions are 100 percent invisible.

In some instances, you might not be aware someone is committing fraud against you or that a data breach has occurred. For example, cyber criminals may gain access to your email in order to obtain your bank login credentials. (Do you use your email as your log-in ID? You should consider changing it to something else.) Or they might make repeated phone calls to your bank or other businesses, guessing answers to personal questions until they successfully authenticate as you.

But other times, signs of their bad behavior exist. You just need to know what to be on the lookout for.

Some con artists hack email accounts from reputable people that accept payments, like attorneys or real estate agents. Using their name and email address, they’ll send a message directing you to send money to a fraudulent account.

Scammers also impersonate banks and might contact you directly via phone, email, or text. This correspondence — which can look and sound official — will ask you to verify personal information, including account numbers, user names, and passwords.

So what’s the best line of defense against someone attempting an account takeover?

The following checklist outlines preventative tips to help make your accounts more secure, plus measures to help increase your awareness of suspicious account activity, should you experience identity theft and need to take action immediately. 

Build a Virtual Forcefield

Reduce your vulnerability by upping your security protections and privacy settings. You may not be able to make your accounts completely hacker-proof, but you can certainly make them safer.

1. Create a unique password

The longer and stranger, the better. Come up with a password that uses a mixture of letters, numbers and symbols.

Just because your password is long doesn’t mean it has to be impossible to remember. Create one that’s easy for you to remember, but hard for someone else to guess. For example, “I love being your ally!” becomes “1<3be1ingur@lly!”.

2. Give your login credentials an extra boost

Coming up with one super secure password isn’t enough to stay safe. You need to create a different one for each financial institution. And never have your email address act as your user ID. Come up with a unique login name as well.

Remembering all of these user names and passwords for your accounts can be difficult, so use a secure password manager to help manage them.

3. Switch it up

Inputting your privacy settings and password shouldn’t be a one-and-done type of thing. Make changes periodically to maintain optimal protection from online threats. (Yes, even with your social networking accounts.) Consider setting a personal reminder to reset your passwords every couple of months, or whatever cadence you can stick to.

4. Add another layer of protection

Ensure the email provider and websites you use employ multi-factor authentication (two-factor authentication is a form of multi-factor, so it’s good, too) and enable it when possible. This added level of security makes it harder for hackers to access your account and requires you to enter two pieces of evidence (like a password, a special code that’s sent via text to your phone, or a PIN, for example) before being granted access.

A virtual private network (VPN) can also provide you additional security against online threats and reduce your risk. A VPN is particularly helpful at shielding web browser activity when you’re working on a public wi-fi network in a coffee shop or bookstore, for example.

If you’re on the go, avoid accessing any personal information when working on a public wireless network. They’re often not password protected, making them more vulnerable to cyber criminals. And even if they are, you don’t know the intentions of those around you using the same (slightly protected) wireless network.

5. Get notified

Between social media, news alerts, and random ads, you might think about opting out of receiving notifications from your bank. Don’t. Consider notifications from your bank as V.I.P. (very important push notifications), and set up alerts notifying you about changes to your profile (user name, password, phone number, address, email address, etc.), failed login attempts and deposits and withdrawals of funds. Otherwise, you could fall victim to a data breach and not even know it.

6. Confirm. And confirm again

You can’t be too careful when transferring money (especially if you’re on a mobile device). Whether you’re sending funds via Automated Clearing House (ACH), wire or Zelle — all secure options — touch base with the recipient on the phone or in person so they’re expecting the money movement. It’s also wise to double check the account details before sending.

7. Don’t RSVP

Normally, when you receive a message asking for a response, the polite thing to do is send a reply. But that’s not the case when you receive a message that appears to be from your bank requesting information from you. An email like this could be a phishing scam, a common online threat. Call your bank’s 800 number (you can find it on its website or on the back of your debit card) and only reply if you’ve personally verified its authenticity.

8. Check your loops, curves, and swirls

If your mobile device or computer has biometric ID, use it to reduce your risk even more. Touch ID and other biometric options allows users to securely log into the Ally Mobile app with just their fingerprint or face.

9. Call attention to suspicious activity

Receive a shady message in your inbox asking for personal information? Don’t just hit delete. It’s possibly a phishing attack. Contact your bank immediately. If you’re skeptical about an email that seems to be from Ally, forward it to our abuse@ally.com mailbox and include the header information if you can. Don’t open any attachments or embedded links that may be included in the email.

10. Keep current

One of the easiest tactics to stay safe? Remove old contact information (address, phone number, email address) from your social media platforms and other account profiles. This personal information puts you at risk because hackers could use it commit identity theft and open fraudulent accounts elsewhere.

Make use of these tactics and your account will be more likely to remain secure and in your own hands, not in those of a scammer.

Learn how Ally Card Controls can help you keep tabs on your account.

Learn More About Ally Card Controls