Source: Federal Bureau of Investigation (FBI)
Zadik said companies do not generally ask for your passwords. If you receive an unsolicited request via text or email, don’t click on anything. Look up the company’s phone number on your own (not the one a potential scammer is providing). Call the company or bank to ask if the request is legitimate. It is probably a would-be scammer.
It’s also important to set up two-factor (or multi-factor) authentication on any account that it allows it and never disable it.
Be careful of how much information you share online or on social media. If one of your security questions is your pet’s name, and you reveal your pet’s name on a social media account, someone can easily guess your answer.
In some cases, Ford convinced his victims to disable their two-factor authentication or to give him the answers to their security questions. Then, once he had their passwords, he had automatic access to their accounts, Zadik said.
“Everyone—especially high-profile or high-net worth individuals—needs to be aware that your personal information is very valuable. You are likely being targeted,” Zadik said. “You wouldn’t give out the alarm code to your house or the combination to your safe. You shouldn’t give out your passwords, either.”