Keeping scammers from your accounts

Q. Do scammers send unsolicited text messages about credit card fraud? How do I know what is real?

A. Scammers will try just about anything to steal your money or your identity, so bogus credit card fraud alerts are certainly possible.

Many credit card companies have a warning system in place to automatically notify you of suspicious activity on your account, and will you by the method specified in your account settings — usually by text message, telephone call or email.

If you get a text message or email alert about fraud out of the blue and want to confirm its authenticity, call the customer-service number on the back of your card and ask to speak to a representative. If you prefer an online approach, log into your account on the company’s website (or mobile app) over a secure network connection and check for notifications about suspicious account activity. To be on the safe side, do not call the number or open any links that may have been included with the message, even though some can be legitimate.

Many financial institutions have sophisticated and automated fraud-detection algorithms that can quickly detect signs of unusual activity on your account — often before you are aware of it. Your purchasing history, geographic location of the charge, merchant choice and spending amounts are some factors typically used in fraud-detection systems.

If you want to see what other account protections are available from your bank or credit-card company, browse its website and look for its safety and security section. American Express, Discover, Mastercard and Visa all offer alerts and other security tools, as do many banks that issue cards, like Chase and HSBC.

Fraud happens year round, but because the Internal Revenue Service is on many people’s minds this month, also be on guard for tax-related scams. The IRS.gov site has information on the latest ruses and how to report them.

How to bolster your email defences

Q. Could you please review best practices if one’s email is hacked? Is changing the password for that email sufficient? Is it necessary to change the email address (use a whole new email) for each site, like Amazon, that uses the hacked email as the user login?

A. If you still have access to the compromised account, changing the password is one of many steps you should take to protect yourself. If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers. Tell your friends that your account was hacked and to ignore any odd messages that appear to have come from you.

Your account may have been hacked through malicious software, so scan your computer for malware and viruses with a security program. If you do not have security software installed, you can use Microsoft’s built-in Windows Defender or Microsoft Security Essentials. Avast and AVG are among the many companies that make free basic anti-virus software for Windows and Mac. Malwarebytes has free and trial versions of its malware-scanning program for Windows and Mac that can work alongside anti-virus software. You should also update your computer and devices with the latest security updates.

Next, check your mail settings to make sure nothing has been changed — like copies of your messages set to forward to an unfamiliar addresses, unfamiliar entries in your address book, or new links or information added to your email signature file. Take this time to change and update your security questions and answers that your provider uses to confirm your identity if you use the Forgot Password option.

While you are in your mail settings, set up two-factor authentication or two-step verification if you have not already and the feature is available from your mail provider. You will need to provide a code or acknowledge a login attempt on another device after you enter your password, but the extra step helps keep your account more secure.

If you have rescued your account and bolstered its defences, you should be able to keep using the address as a login for other sites, but go in and change the password you used with it, along with all the other passwords for other sites where you used the address as your login. You should also update any site where you repeatedly used the same password as the one for the hacked mail account.

The Federal Trade Commission has an online guide to dealing with a hacked mail account. And to avoid being hacked again, follow basic precautions like avoiding public wireless networks without using a virtual private network.

— New York Tmes News Service