Fraud & Cyber Cheat Sheet

In an effort to educate people on how to have a safer experience in their financial and digital lives, I am putting together a guide or "cheat-sheet" if you will, on ways to help prevent victimization. Its important to note that there is no "magic bullet" and nothing is fool-proof when it comes to this area of expertise, but if you follow some of the tips provided in this post, it can help mitigate your risk in these areas.
NOTE: This will be a living document, so check back often for the most up to date information regarding this matter.


For Consumers:

  • Follow the "Red Flag" rules: Red Flag Rules are
    • If an email has multiple grammatical errors, this can be a red flag
    • If a communication is too generic or no specifics are given, this can be a red flag
    • If critical information is misspelled (e.g., names), this is almost certainly a red flag
    • If a domain is one you do not recognize, then this can be a red flag
  • Do not provide financially identifying information to strangers or unverified sources
  • NEVER store passwords in an unsecured manner. There are a number of good tools for securing your passwords digitally. Use one.
  • Use a mainstream email service like gmail. Sure privacy is great, but the private solutions out there typically come with a cost, both financially and in terms of technical knowledge. To be frank, the average user does not posses the knowledge to setup, let alone maintain most secure, privacy focused technology. Unless you posses this knowledge, we suggest using
  • Use a mainstream browser. Sure, like the above bullet point, this can lead to your search history being tracked and other privacy concerns, however, commercial software comes with one
  • If an account allows for Multi-Factor Authentication (MFA (or sometimes referred to as 2FA)), use it. There is a fairly steep learning curve on this security measure, so we suggest either educating yourself on the topic of MFA or hiring a consultant on this matter. If you are hiring a consultant, reach out to us as we are happy to help with this subject.

For Businesses, Organizations, Entities, etc...

  • Always have safeguards/checks & balances in place for normal operations
  • Create an SOP for handling of sensitive information
  • NEVER store passwords or other sensitive documents in an unsecured manner.
  • Setup and maintain a secure digital storage infrastructure. Then digitize your documents and upload them to your secure storage. If this is done correctly, this is far safer and more secure than the keeping of physical documentation.
  • Utilize "best-of" standard Multi-Factor Authentication. In an organization, this is best achieved via physical security keys that utilize FIDO2.
  • If you have a website in which sensitive data is exchanged, ensure you have an SSL certificate. NOTE: The easiest way to check if your site has an SSL is to open your site in Google Chrome, then look at the URL bar. If there is an HTTPS preceding your URL and there is a little padlock icon that is in the locked position, then you do. If there is anything but, then you don't. NOTE: Many of the above topics have fairly high learning curves, so we suggest either taking the time to educate yourself on these topics, or hiring a consultant. If you are looking for a consultant on these matters, let me know and my company would be happy to help.

You'll only receive email when they publish something new.

More from Steve Chepp
All posts