Reducing Fraudulent Account Takeover Risk: Recommended Practices for Participants
Published on July 18th, 2024
Preventing fraudulent account takeovers starts with awareness and education. Beyond the prevention features built into the Alegeus platform, participants also play a vital role in keeping their accounts safe.
As a benefits administrator, you can foster awareness and promote risk reduction by communicating the following recommended practices to your participants. Any of these suggestions could be their own standalone outreach or part of a larger awareness campaign.
Update contact information
Keep your contact information up to date (SMS, email) as this is used for multifactor authentication and account activity alerting. You don’t want your sensitive information routed to the wrong place.
Who you gonna call?
Know where to call to report suspicious activity and what actions to immediately take. This includes login credential updates, correcting false data in your account, and any other notification of actions you did not take.
Scam indicators
Watch for scam indicators in your interactions with others. The method of payment is a key indicator. Scammers often ask for payments in more difficult-to-trace formats such as reloadable gift cards, cryptocurrency, and money transfers.
Ten Two Rule
Do not act immediately to fund requests. Always use the “Ten Two Rule”: Take ten minutes to think about the request and talk to two trusted people before acting.
Social media mindfulness
Use caution when posting on social media. Personal information can provide criminals with clues to answer security questions or craft believable, targeted scam messages.
Cybersecurity recommended practices
Use cybersecurity recommended practices: enable anti-phishing protection on your web browser, avoid clicking unsolicited or unknown links, add multifactor authentication to account logins, and use strong, unique passwords for different accounts.
Recognize phishing attempts
Be wary of phishing emails, smishing texts, and suspicious calls that request your information. You should never be asked for your PIN, CVV, online username, password or social security number via a phone call.
Further suggested reading:
- Experian Credit Bureau identity theft advice
- Federal Trade Commission Consumer Online Advice
- FBI cybercrime reporting form and recommendations
- BMO Bank Security Checklist
- FDIC Security