Scammers scale with software.
Your defense has to be boring, repeatable, and ruthless.
Do the basics perfectly and you’ll dodge 95% of garbage; spot the tells and you’ll catch most of the rest. Here’s the playbook — tight, practical, no fluff.
Passkeys > passwords
Turn on passkeys (FIDO2) everywhere you can. If not available, use strong uniques + app-based MFA (no SMS).
Password manager
Use one manager, generate randoms, rotate crown jewels quarterly. Never reuse — ever.
Link & file hygiene
Don’t click raw links. Hover, expand, or copy-plain-text first. Treat QR codes and “view document” buttons like live wires.
Payments that protect you
Use credit, not debit. Prefer virtual cards/Apple Pay. Never Zelle/Venmo/crypto to strangers. No gift cards, no wires.
Kill account takeovers
Turn on login alerts. Add a carrier PIN/port freeze to block SIM swaps. Review active sessions and revoke routinely.
Beat social engineering
Urgency, secrecy, payment pivots = fraud tells. Call back on a number you find yourself. Use a family “safe word” for voice-clone scams.
Marketplaces & jobs
Stay on-platform. No off-app messaging, no shipping weirdness, no “overpayment refunds,” no “install our remote tool” interviews.
Lock down identity
Freeze credit at all bureaus (plus Innovis/ChexSystems). Get an IRS IP PIN. Shred mail, mask SSN, opt out of pre-approved offers.
Minimize your data
Scrub data brokers, lock social profiles, nuke “mother’s maiden name” resets — use fake answers stored in your manager.
If you get hit
Airplane mode; change passwords from a clean device; kill sessions/tokens; scan for malware; contact bank and freeze cards; file at identitytheft.gov; freeze credit; document everything.
