• Hey Hun badge

8 Things This Cybersecurity Expert Says You Should Stop Doing Online

Time to brush up on your cyberhygiene.

Megan Liscomb
by Megan Liscomb

Personal Finance Editor

In 2021, humanity is waaay more online than we've ever been before. While there are pluses (like the ability to have tacos delivered right to your door), there are also some big minuses — including rising cases of online fraud and scams.

Hacker in a hoodie using a smartphone and laptop
Thana Prasongsin / Getty Images

The FTC logged 2.2 million fraud reports last year, with imposter scams and online shopping fraud leading the pack. And based on the data so far, that number could get even bigger this year.

Dealing with identity theft or other scams is absolutely no fun, but there are steps we can take to protect our data.

For some pro tips on what NOT to do online, I interviewed Adam Levin. He's a cybersecurity expert, co-founder of Credit.com, host of the podcast What the Hack, and the author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Here are eight common things he says you should stop doing online:

1. Avoid oversharing — it can be dangerous, whether your accounts are public or private.

NBC / Via giphy.com

"By far the riskiest behavior is oversharing," Levin says. "When you post about your family, your pets, your travel plans, what you had for breakfast, and all the other micro-moments people post on social media, scammers can and will glean what they need to hack you — specifically, the answers to your security questions."

So before you post, think about if info like the name of the street you grew up on, your mom's middle name, or the first car you ever owned could be the answer to one of your security questions out there. Even if your profiles are private, keep in mind that it's sadly not uncommon for identity thieves to target people they know.

You might also consider coming up with fictional security question answers that only you would know. Levin suggests thinking about and protecting your data like a superhero's secret identity. "Would Bruce Wayne post a selfie in his Batman outfit? Would Clark Kent make a TikTok video that only Superman could have captured?" Levin says, "Lie like a superhero when answering security questions for new accounts."

2. Don't shop online with a debit card. Using a credit card offers way more fraud protection.

Woman shopping online on her phone with a credit card
Delmaine Donson / Getty Images

You might think that using a debit card instead of a credit card is more financially responsible. However, when it comes to shopping online, a debit card can be riskier. In a nutshell, since the debit card is directly linked to your bank account, an identity thief can basically steal your rent money from you directly. But if a thief uses your credit card, they've technically stolen from the credit card issuer — and using a credit card offers you more legal protection from fraud.

"When your credit card is compromised, financial institutions generally stand behind you. If your debit card is compromised, most banks and credit unions will make you whole, but you may not get your money back as fast. Additionally, whether you’re disputing charges or trying to get a refund, it is significantly easier with credit cards than it is with most bank cards," Levin says.

If you're not feeling super knowledgeable about credit cards, you might want to check out these 21 credit card tips that I wish I'd learned in school. The biggest takeaway? Try to pay your balance in full every month to avoid paying high interest charges and build a healthy credit score.

3. And don't shop from new online retailers without doing a little research first.

IFC / Via giphy.com

Uh oh, as someone who very much loves a deal, I'm 100% guilty of this one. But unfortunately, it's pretty easy for scammers to set up fake stores that sell fraudulent products or never deliver on orders. And once scammers have your payment info and address, that could open you up to even more fraud in the future. So what should we do when we come across a new online retailer that seems exciting?

"Research your retailer. Does it have a brick and mortar address? How long has it been around?" Levin says. It can also be a good idea to look for customer reviews and search for reports of fraud or scams with that store. The FTC has a few more tips for evaluating retailers on their website.

Levin adds, "If a price is too good to be true, it probably is: You can’t get a shiny new iPad for 90% off, no matter what the website or ad you’re seeing says."

4. Stop leaving your Venmo transactions set to public.

Person using Venmo on their smartphone
Sopa Images / SOPA Images/LightRocket via Getty Images

Remember earlier this year when BuzzFeed News found Joe Biden's secret Venmo account? Using Venmo data, reporters were able to identify the president's family members and other close contacts in less than 10 minutes of searching. According to Levin, thieves could do the same to you or me.

Levin says, "You may enjoy the voyeurism of seeing friends send each other money for this or that thing you missed out on (or social bullets dodged), but it’s really bad cyberhygiene. If you do any Venmo transactions, make them private. Turn off activity sharing. While seeing what your friends are up to is a major part of Venmo’s appeal, it’s not worth the risk."


5. And don't put your whole life story on dating apps.

TV Land / Via giphy.com

It makes sense that you might share a lot about yourself on dating apps — after all, you want to show potential dates who you are. And if the app doesn't show your full name, you might feel pretty safe sharing a lot about what you do for work and play. But Levin says, "Unfortunately, that means that dating profiles are a great way for scammers and hackers to mine profiles for personal data."

He suggests, "Try to stay unfindable: Share nothing that could be used to re-identify you. Generally speaking, your first name, your job, and where you live is enough to figure out who you are. If you add your Instagram pictures, that will be an easy way to do it. But the more information you supply, the more open you are to attack. Don’t share hobbies if you can be found online doing those hobbies. Save it for the date." 

6. Definitely don't give random "employers" your Social Security number.

Person looking for a job online
Marchmeena29 / Getty Images/iStockphoto

Since the start of the pandemic, online job scams have been on the rise. These scammers pose as employers and use online application forms to gather all kinds of personal data about their victims. 

To stay safe, Levin advises, "Never provide your Social Security number or any other sensitive financial information before you’ve done your homework on a prospective employer, have gone through the interview process, and are certain that it’s a viable place for you to work."

And he offers a few more helpful tips for avoiding online job scams. "Never pay an application fee or any other upfront money. That’s not how this process works. You are the one getting paid," Levin says. 

"Some scammers will send you more money than you earned and request a refund. Don’t fall for this. Contact your bank and tell them that you suspect a scam."

"Likewise, there are scams where the 'employer' asks the 'employee' to buy things using their own credit card. Don’t do it. You may not be able to get the money back once the scam reveals itself."

Finally, he says, "Think twice before accepting a job that pays more than it should." As he noted earlier, things that seem too good to be true usually aren't. 

7. If you get an email from "your bank," give them a call instead of clicking on the links.

Hulu / Via giphy.com

Phishing scams, where a fraudster poses as a well-known business, are quite common, and many of these scammers like to send emails that appear to come from your bank. "There are multiple scams associated with pretty much every financial institution out there," says Levin. "Chase is being used more than others at the moment. It’s the same old text claiming to be from a financial institution informing you of an issue with your account."

If you get one of these emails, they're often easy to identify as fraudulent if you look closely at the sender's email address or spot a bunch of suspicious typos. "You know the drill: Don’t reply, and definitely don’t provide any information, especially about your account. Contact the institution directly if you think the communication might be legit," Levin says.

8. Finally, if you're not monitoring your credit, the time to start is now.

Person checking their credit online
Nicoelnino / Getty Images/iStockphoto

So what if your information gets compromised? Levin says, "First of all, there is no 'if.'" OK, yikes, but continue. "Billions of records have been breached or compromised over the past decade, and it is highly unlikely your information isn’t somewhere just waiting for a scammer to use it."

This sounds pretty grim, but Levin says that monitoring your credit is a simple way to keep a close eye on your data. He suggests, "Get your credit reports, track your credit scores, and set up transactional alerts on all your financial accounts. Make sure you look at all of them when you receive a transaction notification on your phone or via email. Scammers count on you not looking at every single purchase. Also, freeze, or at least lock, your credit files at the big three credit reporting agencies (Experian, Equifax, and TransUnion)." 

FYI, you can freeze your credit for free, and it will prevent anyone from setting up new accounts in your name without your authorization. And if you're confused about credit (aren't we all?), we debunked some common credit score myths.

How do you protect your data online? Share your favorite tips in the comments.

And for more stories about life and money, check out the rest of our personal finance posts