The number of Americans impacted by financial fraud has increased every year since 2014, and security experts predict it will only become more common.
More than 16 million Americans were victims of fraud last year, resulting in almost $17 billion of losses for U.S. consumers, according to a study by Javelin Strategy & Research. As tactics used by fraudsters advance, it’s become harder for the average consumer to identify a scam when they see one.
It’s no surprise, then, that fraud protection was the service most valued by bank customers in a survey conducted for MONEY by market research firm Morning Consult. Eighty percent of Americans rated fraud protection as “very important,” more than any other feature.
Yet, the simplest and most effective way to protect yourself from bank fraud isn’t necessarily something provided by your bank. Instead, it’s about educating yourself.
Learning to be a skeptical consumer who can identify different kinds of fraud is one of the most effective methods for keeping your accounts safe in 2018, security experts told MONEY. Here’s how to avoid falling victim to cyber scammers.
Don’t Click That Email Link
The vast majority of cyber crime, including a significant percentage of bank fraud, starts with a phishing email, Roger Grimes, computer security specialist at KnowBe4, a security awareness training company, tells MONEY. Phishing emails are messages sent by scammers made to look as if they are from legitimate companies. Hackers send them out hoping you’ll think the email is real and open it, and then unwittingly provide sensitive information so they can gain access to your accounts.
“Consumers have to be super skeptical of any email that arrives asking for any personal information,” he says. “Even if it’s claiming that your account has been hacked or your bank account is overdrawn.”
If an email claiming to be from your bank, or even someone on the phone, asks you to provide your pin number or password to confirm your account, that’s a red flag, says Grimes. Your bank should never ask you for either.
“As soon as they ask you for your pin or your password, that’s a bad guy,” he says.
This all may sound obvious, but phishing emails have grown more sophisticated as consumers have grown more aware. It can be hard even for wary customers to spot them while quickly reading through their inbox. One habit you can develop to avoid the trap? Don’t click any links in emails you receive claiming to be from your bank, says Kurt Long, creator and CEO of FairWarning, a data security company.
“Instead, go directly to your bank’s site, log in and see if there are any problems with your account,” he says. Phishing is so prevalent that banks do not ask for any kind of account verification via email.
Request Multi-Factor Authentication
Multi-factor authentication offers an additional layer of security by confirming your identify through multiple devices. One of the most common types is two-factor authentication, when a code is sent to your cell phone when you try log on to certain websites or apps. Sending a code to your cell phone helps the bank or other institution confirm it is in fact you.
Some banks allow you to set up two-factor authentication yourself. For example, if you use Bank of America, you can simply sign into your account and under the Profile & Settings section go to the Security tab. Then scroll to “Extra Security at Sign-In.” From there, you can choose whether you want authorization codes sent to your cell phone or email address moving forward.
If your bank doesn’t automatically provide you with an option for multi-factor authentication, ask if they can set it up for you.
“This way, cybercriminals cannot gain access to your account because they do not have access to your personal device that supplies the additional verification,” Long says.
Know How Your Bank Communicates
One of the easiest ways to cultivate an eye for bank fraud is being familiar with the kinds of messages and notifications your bank does and does not send to customers.
Long suggests bank customers reach out before a specific incident occurs to ask how a bank will contact you and what type of information it usually requests. “If your account’s login credentials are stolen, how would the bank contact you to reset your login information?”
Once you have a clear understanding of the typical forms of communication used with customers, you are less likely to be tricked when scammers contact you in an unusual way.
Always take a second look or listen when it comes to an email, text message or phone call from someone claiming to represent your bank. Trust your gut if something doesn’t feel right about the message, and go directly to your bank’s website or call them back yourself instead.
“If you’re skeptical,” Grimes says, “you’re going to be safer.”