Don't share your secrets. If someone contacts you asking for your social security number or any account information (including bank account), do not give it to them. Protect your PINs and passwords and do not share them with anyone. For passwords, use a combination of letters and numbers (or create a passphrase) -- make sure you are changing them periodically. Do not reveal any personal information on social networking sites, as this could lead someone to crack your password. Shred personal/important documents once you no longer need them. Shred receipts, unused credit card offers, bank statements, and personal identification that has expired before throwing them away. Keep an eye out for missing mail. If you are expecting something in the mail and it never comes, this should raise a red flag. Fraudsters look for monthly bank statements, credit card statements, or other mail that contains your financial information. Consider enrolling in online banking to reduce the chances of any paper statements being stolen. It is also important to NEVER mail bills from your own mailbox. Use online and mobile banking to protect your accounts. With online and mobile banking, you are able to monitor your financial accounts regularly for fraudulent transactions. For an extra layer of percaution, sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions more than $500. You may also opt in to receiving alerts whenever your card is run. Make sure you report any suspected fraud to your bank immediately. Monitor your credit report. You can order a free copy of your credit report every four months from one of several credit reporting agencies. Protect your computer. Make sure that your anti-virus software is active and up to date. Also, look for an "s" after the "http" to be sure the website you're visiting is secure. Protect your mobile device. To best protect your device, set up a passcode. Most smartphones now have facial recognition software, making it more difficult for a thief to get into a stolen/lost phone. Before you sell/donate/trade your mobile device, be sure to wipe it using the manufacturer's recommended technique. If your phone is lost or stolen, you may be able to wipe it remotely. When you're downloading apps, make sure it is secure. Some apps may contain malware. Sign up for an identity defense service. Norton LifeLock is designed to help secure, monitor, and restore your personally identifiable information.

Use the passcode lock. This will make it more difficult for thieves to access your info if your device is lost or stolen. When you finish a mobile banking session, log out completely. Most mobile banking apps will do this automatically, but it is best to stay on the safe side. Protect your phone from viruses and malware. There is specific software you can download on your phone. Exercise caution when downloading apps. Beware of apps that ask for unnecessary permissions. Keep your phone updated -- app updates and software updates. Avoid storing sensitive information like passwords or a social security number on your cellphone. Some mobile devices contain a section in the settings that stores all passwords and is protected by facial recognition -- be wary of what passwords you store here. Tell your financial institution immediately if you change your phone number or your mobile device is lost/stolen. Be aware of shoulder surfers. If you are punching in sensitive information, make sure no one is watching. This is the most basic form of information theft. Beware of mobile phishing. Avoid opening links and attachments in emails and checks. If the link looks suspicious, copy it and put it into the URL checker under the "Resources" tab on this website. Also, be wary of ads (not from your security provider) claiming that your device is infected. Don't bank on public/open Wi-Fi. Public connections aren't very secure, so it is best to not perform banking transactions on these networks. If you absolutely need to access your account, switch to your mobile network.

Keep your software up to date. Turn on automatic system updates for your device, make sure your desktop web browser uses automatic security updates, and keep your web browser plugins like Flash, Java, etc. updated. When updating browser plugins, make sure it isn't a scam. These scams typically infect your computer with malware. Use anti-virus protection and firewall. Anti-virus protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Using a firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet. Firewalls determine what traffic is allowed to enter your device. Use two-factor or multi-factor authentication. These authentication measures add additional layers of security to the standard password method of online identification. Make yourself aware of phishing scams - be very suspicious of emails, phone calls, and social media messages. In a phishing scheme attempt, the attacker poses as someone or something to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user's computer system with malware. 90% of ransomware attacks originate from phishing attempts. Here are some tips to consider: don't open email from people you don't know; know which links are safe and which are not; be suspicious of any emails sent to you; malicious links can come from friends who have been infected Protect your sensitive personal identifiable information (PII). PII is any information that can be used by a cybercriminal to identify or locate an individual. It includes name, address, phone numbers, date of birth, SSN, IP address, etc. Consider reviewing your privacy settings across all social media accounts. Backup your data regularly. If you become a victim of ransomware or malware, the only way to restore data is to wipe your systems a restore to the most recent backup. Read the website's privacy policies. If you don't see or understand a site's privacy policy, consider doing business elsewhere.

If you have a commonly used password, change it immediately. The top 25 most commonly used passwords are listed below. Use passwords with eight characters or more with mixed characters. It only takes seconds to crack an eight-character password. One way to create a more secure password is to use short words separated by characters. For example, 3_ball!8 Avoid usign the same password for multiple websites. If you use the same password, it makes it that much easier for a hacker to hack all of your accounts. Don't write down your passwords. It may be difficult to remember all of your passwords, but you should avoid writing them down at all costs. If you think you may not remember them, you may want to consider locking them in a safe or a safe place. Top 25 Most Used Passwords: 1. 123456 2. Password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. letmein 8. 1234567 9. football 10. iloveyou 11. admin 12. welcome 13. monkey 14. login 15. abc123 16. starwars 17. 123123 18. dragon 19. passw0rd 20. master 21. hello 22. freedom 23. whatever 24. qazwsx 25. trustno1 This list is composed annually by SplashData and is compiled from files containing millions of stolen passwords posted online by hackers.

What exactly is "smishing?" "Smishing" is phishing through SMS. An example of a text you made receive is: "Alert: your account for XYZ company has been suspended. Call 888-888-8888 immediately to reactivate or your account will be permanently closed." This text may appear to come from a legitimate source. In addition to this example, a smishing message may tell you that your credit card has been used to make a suspicious purchase or your account has been compromised as a part of a national security breach. When you respond to these messages, you will receive a call that asks you to provide some sort of personal information (credit card number, social security number, PIN, your mother's maiden name, etc.). Here's how to avoid smishing: Do not reply to the text message. Instead, contact the company directly if there is any question regarding your accounts. The IRS will never text you and ask you for personal information -- they already have it. Do not follow any website links provided in the text. Look for suspicious features of the message. If the message has a sense of urgency about responding, it is more than likely a scam. If it appears "too good to be true," it probably is! Be wary of any text that claims you have won a prize. Nine times out of 10, these are smishing scams.