Following up-to-date best practices can reduce your risk of becoming a victim.
Driven by rapid leaps in AI, cyber fraud is accelerating in scale and sophistication at a worrying pace. The FBI reports that cyber-enabled crimes cost Americans nearly $21 billion in 2025, with a 26% year-over-year increase in financial losses and a 17% increase in incident reports.1 AI-powered attacks have surged, with phishing volumes increasing sharply and deepfake-enabled impersonation rising across industries.2 These tools allow bad actors to convincingly mimic trusted contacts and insert themselves into routine financial, legal and personal workflows.
As fraud tactics become more sophisticated, relying on passwords alone is no longer enough. The strongest defense combines informed decision-making with modern security capabilities that help identify and stop suspicious activity. Below, we provide 10 simple best practices you can take now to protect yourself and family in a rapidly changing fraud environment.
Protect Yourself from AI-Driven Impersonation
AI has made phishing (email, text fraud), vishing (phone fraud) and other impersonation attempts more convincing and easier to scale. Criminals can use public information, breached data and generative tools to create polished messages that reference real relationships, recent activity or familiar business context — without the spelling errors or awkward phrasing that once made scams easier to spot. They may also use voice cloning or deepfake audio and video to impersonate executives, advisors, vendors, family members or other contacts.
In 2026, tone, grammar, caller ID and even a familiar voice are insufficient proof of authenticity. Verify any unexpected request involving money movement, account access or other sensitive information through a separate, trusted channel — not a link, number or reply path in the message. When in doubt, pause before acting and escalate anything unusual to a trusted contact.
Tip:
If you do interact with a suspected phishing message, such as clicking a link, act quickly. Disconnect from the network, change your credentials, enable or strengthen multifactor authentication (MFA), contact your financial institutions, and monitor accounts for unauthorized activity (see “Respond Quickly”).
Use Passkeys, Not Passwords…
Passkeys are replacing passwords for a simple reason: They are harder to steal. When possible, move from passwords to passkeys (broadly, biometric authentication like a face scan or fingerprint, or your device's PIN) to make account access more resistant to phishing and interception. For your most sensitive accounts, you may also consider adding a physical FIDO2 hardware security key.
Tip:
With the average person having hundreds of passwords, it can be helpful to prioritize security as a tiered defense, starting with your most critical accounts (email, financial, cloud storage and password managers) as these “gateway” accounts control access to your digital life.
…and MFA
For accounts that still require passwords, use a dedicated password manager to create long, random credentials and enable MFA when available. MFA remains one of the most effective tools available to prevent unauthorized account access, even if criminals compromise a password.
Tip:
App-based authenticator codes are generally preferable to SMS codes or simple push approvals, which can be more vulnerable to attacks. For accounts that still rely on text-message verification, ask your mobile carrier about adding a port-out lock or account PIN to reduce the risk of SIM-swap fraud.
Minimize Your Digital Imprint
Scammers no longer have to guess your personal details: They can buy aggregated information from data brokers and use AI to tailor phishing attacks or mimic family members. Take steps to limit personal details visible through public profiles, search results, data broker sites and inactive accounts; remove outdated information; and close old accounts. When you do maintain an online presence, avoid sharing details that could help bad actors answer verification questions or create a convincing pretext, such as family information, travel plans and pet names.
As AI tools become more integrated into our lives, avoid entering sensitive personal details into public platforms, and use privacy settings that limit how your data and conversations may be stored or used.
Tip:
You can remove your personal information from data brokers en masse with reputable services, and Google’s “Results About You” feature can automatically flag and remove search results containing your phone number, address and email.
Use Modern Anti-Malware
Cybercriminals continuously adapt their methods. Security software is most effective when it is regularly updated to recognize emerging threats.
Modern operating systems come equipped with robust built-in security suites that offer strong baseline defense. To augment this with third-party software, choose a reputable security platform that detects suspicious behavior, not just known viruses. Ensure the software is set to real-time protection and automatic background updates so you are constantly shielded against “zero-day threats” (where bad actors exploit software flaws before developers can patch them) without relying on manual weekly scans.
Tip:
Internet service providers and premium credit cards often offer free or deeply discounted identity theft protection services or bundled security software subscriptions.
Back Up Your Data, and Back Up the Backup
Cybercriminals can compromise or lock even well-protected devices with ransomware, and devices can also fail. Regularly backing up your data is critical to recovery, but not all backups provide the same protection. Cybercriminals increasingly target the backups themselves, encrypting or deleting them to prevent recovery.
To reduce this risk, use a layered approach: Maintain multiple backups, such as a secure cloud backup and an offline or external copy that is not continuously connected to your device. Automate backups (see, “Set Automatic Updates”) and test them periodically. Where available, enable “version history” or “immutable” backup settings: Versioned backups preserve earlier copies of files, while immutable backups protect backup copies from being changed or deleted for a defined period.
Tip:
Test your recovery process before you need it. Confirm that critical files can be restored and keep at least one backup isolated from automatic syncing or deletion.
Proactively Protect Your Personal Data, On- and Offline
Criminals use exposed personal information to impersonate you, bypass verification checks, redirect payments and commit identity fraud. In addition to the best practices discussed across this list, take practical steps to protect personal information in both physical and digital records: mail, billing statements, tax information and account records can all provide the details needed to create a convincing pretext or compromise an account. Reduce your risk by shredding sensitive documents, opting into electronic statements, limiting personal information shared through mail, and reviewing billing portals (such as for utility payments) and statements for unusual activity.
Tip:
Monitor your credit across all major bureaus (including Innovis), consider placing a fraud alert or credit freeze proactively, and establish an IRS Identity Protection PIN to help prevent unauthorized tax filings.
Recover Quickly
The faster you identify suspicious activity, the more options you have to limit financial harm. Regularly monitor your accounts and enable real-time alerts so you can quickly identify unusual activity, unauthorized transactions or new accounts opened in your name.
If you discover that your information may have been exposed, act quickly to contain the risk. If you did not do so proactively, place a fraud alert on your credit file to require additional verification before lenders issue new credit and implement a credit freeze to restrict access to your credit report unless you explicitly authorize it.
Tip:
You can take additional steps to strengthen your protection and recovery efforts, including reporting the incident and creating a recovery plan, at identitytheft.gov.
Set Automatic Updates
Cybercriminals gain access to information by using known flaws in the operating systems and software that run your computer, mobile devices and internet-connected appliances. Because digital ecosystems are increasingly interconnected, leaving a single device unpatched puts sensitive data at risk. With bad actors now able to exploit vulnerabilities faster than ever, a foundational defense is to keep operating systems, software and web browsers up to date. Enabling automatic updates across your devices helps ensure they receive the latest security fixes as soon as they become available.
Talk to Your Family
Young children are vulnerable to even basic cyber tricks. Teenagers are often tremendously active on social media. Older family members often possess what cybercriminals are most looking for: financial assets and limited digital knowledge. Foster open dialogue, and consider scheduling meetings on a regular cadence to discuss safe online practices, including the key steps described above.
Tip:
Google offers an online program, “Be Internet Awesome” to teach kids fundamental digital safety.
1 FBI. “Federal Bureau of Investigation Internet Crime Report 2025.” https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf. Accessed July 7 2026.
2 DeepStrike. “AI Cyber Attack Statistics 2025, Trends, Costs, Defense.” https://deepstrike.io/blog/ai-cyber-attack-statistics-2025. Accessed July 7 2026.


