Be Cyber Smart
There are some simple, but important, ways you can help protect yourself online from fraud and identity theft.
Your passwords are the keys to your own personal kingdom, including your sensitive data, finances, assets, and identity. To help protect yourself, it is important to create passwords that are easy for you to remember, but difficult for bad actors to crack.
Here are a few suggestions for creating strong passwords:
Make your passwords long and strong.
According to the U.S. Cybersecurity and Infrastructure Security Agency, the most common password in the country is 123456. 1 Basic passwords like this can be cracked instantly by computers, or easily guessed by bad actors. When creating a password, rather than using a single word or series of numbers, consider choosing a longer password that includes a mix of upper and lowercase letters, numbers, and special characters. 2
Avoid using personal information (like a name, birthdate, pet’s name,
The UK National Cyber Security Centre found that 1 in 6 people use their pet’s name to protect their accounts, and almost as many people use a family member’s name or significant date. 3 Refrain from creating passwords that can be easily guessed based on your personal information, especially if this information is known by friends, shared on your social media, or available online.
Consider using a passphrase.
A passphrase is a short sentence or random combination of unrelated words, such as BirdsWaveSunnyPlane. Passphrases are easy to remember, but their lengths make them stronger passwords.4
Create a unique password for each of your accounts.
Just like you use a distinct key for your house, garage, car, and office, you should also create a different password for each of your online accounts. If someone steals your car key, they can’t also break into your home. The same should be true online. Avoid reusing passwords to help protect each of your accounts. Many bad actors sell email addresses and passwords on the dark web. If you reuse credentials and they are compromised, bad actors could access your accounts on other platforms.
Consider using a password manager.
Let’s face it, we all have a lot of online accounts and creating unique passwords for each one can lead to confusion. When you create so many long, strong, and unique passwords, it can be tempting to write them down, but think of the risk if someone got hold of that list—they would have complete, unabated access to each of your accounts. Instead, consider a password manager: a computer program that securely generates, stores, and retrieves passwords for you.5
Enable multi-factor authentication (MFA).
When possible, enable multi-factor authentication, which requires a second factor of information to log in to an account, such as a one-time numeric code sent to you via text. This extra step of security can help minimize risk even if a bad actor discovers your password.
Your first and most critical line of defense for cyber security is your password.
The number of ways criminals can trick you into clicking and revealing personal identity or financial information is steadily growing.
A strong password can help protect your online accounts, but it is important to stay vigilant online, even when you are not logged into an account. The websites you visit and information you share can often be accessed by others and used to gain access to your personal and financial information.
Whenever you spend time online, consider the following online safety suggestions:
Your web browser is your gateway to the Internet. Because we spend so much time online, exploiting vulnerabilities in web browsers has become a popular way for bad actors to compromise computer systems. Regularly update your browser, or enable automatic updates, to ensure that you are protecting yourself and your computer from known security issues. Additionally, review your browser’s privacy settings, where you can block pop-ups, advertisements, and limit the information your browser shares with the websites you visit.6
Before entering any personal or financial information online, confirm that your connection to a website is secure. You can validate this by checking that the website begins with “https” or shows a lock icon in your browser’s address field. These signs indicate that your data is encrypted when shared between your browser and the website.
When online, ensure that you are interacting with reputable, established websites. Bad actors can impersonate legitimate websites by making subtle changes to the website domain name, like adding an l and r to transform firstam.com to “flrstarm.com”. Always double check the address bar to confirm you have not found yourself on a fraudulent website. If you have never heard of the website before, do some research on the site or organization before handing over your information.7
Think twice if a website asks for payment via an obscure payment method, such as cryptocurrency or gift cards. These payment methods are difficult to track, which makes them attractive to bad actors looking to steal your money. The SANS Institute suggests using an electronic payment service or e-wallet, such as PayPal, as a safer option for online purchases, since they do not require you to disclose a credit card number to the website directly.8
Web-Surfing On The Go
According to the Pew Research Center, 85% of American adults go online at least daily, and more than a quarter of those adults are online almost constantly, thanks to the widespread availability of smartphones and other Internet-connected devices.9
In today’s digital age where you can work, stream, and connect from almost anywhere, you may find yourself needing Internet access when you are away from home. In these cases, before you connect to a public Wi-Fi network, keep in mind that you often have no idea how that network is managed or who else is connected to it. An unsecure public Wi-Fi connection could expose your private information and browsing habits.10
Instead of accessing the Internet through public Wi-Fi, consider using the personal hotspot feature of your smartphone or a Virtual Private Network (VPN).
How does a VPN work?
A VPN works by creating a private, encrypted tunnel between your local network and the VPN provider that you use. This enables you to connect to the Internet securely and privately, even when using public Wi-Fi. A VPN can help protect your browsing history, location, devices, and web activity from anyone else on your same Wi-Fi network, preventing them from spying on your activity.
Whenever you are on the go, consider the following:
- Disable Wi-Fi and Bluetooth any time you are not actively using them.
- Do not log into websites that contain sensitive information, like your banking profiles, from public Wi-Fi or a shared PC.
Remember that unless you configured a network yourself, you do not know how secure it is. Anytime you use a Wi-Fi that is not your own, even at a trusted friend or acquaintance’s house:
- Ask about the network’s security.
- Only join networks that are password protected.
- Log out of accounts after you are done using them.
Signs Your Account is Compromised
Unfortunately, you can never be fully immune from a cyberattack. Monitor your online accounts regularly and watch for these common indicators that one of your accounts may have been hacked.11
- You are unable to log in to your account, even though you know the password you are using is correct.
- You receive MFA codes or access pins when you are not actively logging into your account.
- Your account activity records show suspicious login times from unknown locations.
- Your family and friends receive unusual messages from your account that you did not send.
- You see suspicious activity—such as unknown charges on your credit card or posts on your social media that you did not create.
If you see any of these red flags or have other reason to believe one of your accounts has been compromised, remain calm and consider the following steps immediately to regain control of the account:
- If you use this account for work, contact your company’s IT department and report the suspicious activity.
- If you still have access to the account, change your password.
- When you change your password, some websites will ask you if you would like to sign out of all other sessions. When possible, use this option to ensure you are the only one logged into your account.
- Review the configuration settings to confirm that the account is set up as you intended. For example, on your email accounts, ensure automatic forwarding has not been enabled without your knowledge. A quick Internet search will show how to configure forwarding for most major email providers.
- If you don’t have access to the account, contact the website or organization and inform them that you suspect your account has been compromised.
Additionally, a compromised account could indicate that your computer itself has been hacked and is recording all activity. Consider running a virus scan and changing your computer login password for further protection.
Once you regain control of your account, visit our Protecting Your Identity page and learn about what to do if your data falls into the wrong hands.
No matter how Cyber Smart you are, you can never be fully protected against cybercrime. The above tips can help reduce your risk of cyberattack, but this is not an exhaustive list of all cybersecurity best practices. Please remain vigilant and, for more information, review the references below.
- U.S. Cybersecurity & Infrastructure Security Agency — Multifactor Authentication
- U.S. Cybersecurity & Infrastructure Security Agency — Security Tip (ST04-002)
- U.K. National Cyber Security Centre — Password Advice
- SANS Institute — Making Passwords Simple
- SANS Institute — Password Managers
- U.S. Cybersecurity & Infrastructure Security Agency — Securing Your Web Browser
- U.S. Cybersecurity & Infrastructure Security Agency — Holiday Online Shopping
- SANS Institute — Shopping Online Securely
- Pew Research Center — Online Study
- SANS Institute — Top Cybersecurity Tips for Vacations
- SANS Institute — Hacked
Stay Informed with the Latest Updates.
Sign up to receive updates about new Security and Privacy resources.
Report Suspicious Activity
If you are a current First American customer, please report any suspicious activity directly to your First American representative through an independently verified telephone number.
If you are not a current customer, be cautious of:
- Phishing emails or websites spoofing First American.
- Unexpected phone calls from someone claiming to be a First American employee.
- Questionable text messages about your First American account or activity.
If you encounter any of the above, please send us an email at email@example.com so we can help you verify the message or website.
Nothing is too trivial to report. If you have any doubt about the legitimacy of a message from us, please report it.