Train to be an Internet Bodyguard

Learn more

Phishing

Phishers are cybercriminals who attempt to obtain your personal and/or financial information by impersonating reputable institutions

Don't take the bait. Learn how to identify scams and protect your data.

Laptop on a fishing hook.

Real Big Phish

Cybercriminals might ask for gift cards, or to wire them money to pay a debt that does not exist. Stay alert and protect your money.

Calling a friend

Phone a friend

Don't know who to trust? Call your bank before you make a money transaction.

Multi-Factor Authentication (MFA)

MFA requires you to provide two or more different ways of proving your identity before allowing access into your devices and accounts.

With MFA, protecting your money, accounts, and identity from cybercriminals is effortless. Learn how MFA is the key to keeping scammers blocked.

Confirm password on your device.

Your Inner Password Wizard

MFA helps prevent scammers from logging into your account, securing your personal information and data.

Locked account

MFA

More than a password

You can be an internet bodyguard, protect yourself before you connect yourself

Be a Protection Agent

Spread the word to help others and your community.

Warning to pause before clicking mouse.

Bye Bye Phishers

Stop, drop, and hover before clicking an unsolicited or suspicious link.

Laptop warning not to enter password in public.

Block the Wannabes

Enable MFA, making it more difficult for unauthorized users to access your personal data.

Share the knowledge

Everyone has an Internet Bodyguard within them. Share this site to help protect your loved ones and community members from cybersecurity threats.

Keep learning

FAQs

General

What topics do these videos cover?

These videos cover phishing, multi-factor authentication, and your role in protecting yourself and the community from cybercriminals.

What is my role in protecting myself and the community from cybercriminals (e.g., my personal agency) and how can I accomplish this?

Everyone can be their own internet bodyguard and stay safe online. But it doesn't stop there. Look after your loved ones, friends and colleagues to help them stay safe, too. Remember to protect all your devices connected to the internet: laptops, phones, tablets, home assistants, TVs, even your car by running software updates and using long, unique passwords for each device. Use the suggested unique, strong passwords offered on your device. Protect yourself and others from being impacted by following just a few simple steps: watch out for phishing, enable MFA on all your accounts where possible, and keep software up to date.

Who should watch these videos?

Everyone! They introduce you to the most common cyber risks and provide information about how you can protect yourself and your loved ones.

What languages are the videos offered in?

We have provided a globally inclusive learning experience with webpage and video closed captioning available in 10 languages including: English (United States), Simplified Chinese, Traditional Chinese, French (France), Korean, Spanish (Latin America), Tagalog (Filipino), Arabic (Modern Standard Arabic), Russian, and Vietnamese. Additionally, this webpage meets the standards of the Web Content Accessibility Guidelines (WCAG) 2.1 AA.

Do these videos cover all I need to know about cybersecurity?

No, these videos cover common cybersecurity best practices. We recommend that you continue to stay one step ahead of cybercriminals. Take training when it's available through your school, workplace or other organizations (e.g., AARP, FTC, etc.), and take advantage of our quiz to test your knowledge and identify areas in which you may need more information or training.

Where can I go to learn more about cybersecurity?

You can review Amazon's Cybersecurity Awareness Training at learnsecurity.amazon.com or visit the National Cybersecurity Alliance (NCA) at https://staysafeonline.org/

What is the National Cybersecurity Alliance (NCA)?

The NCA is a non-profit organization on a mission to create a more secure, interconnected world. They advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime.

Phishing

What is phishing?

Phishers impersonate reputable institutions and businesses to collect your personal and financial information, or to infect your machine with malicious software or viruses. Phishing occurs in many forms, including a malicious link sent to your email or phone, or a call from someone trying to trick you into giving them personal information and access to your accounts.

How does phishing impact me?

By clicking on a malicious link or providing a phisher with personal info over the phone, you can inadvertently give someone access to your personal or financial data. Your data includes, but is not limited to, your mailing address, location, contact details, credit card numbers, bank account numbers, passwords to bank or social media accounts, and more. Phishing can lead to the loss of money or the ability for someone to assume your identity.

How does phishing work?

Depending on the type of phishing, you may open an attachment containing a virus that downloads to your device. A malicious link may also direct you to a fake webpage that looks identical to the legitimate site. As you enter your username and password, this information goes directly to the phisher instead of to the legitimate business, who can then access your accounts using the credentials you provided. Phishers who reach out via phone will try to convince you to provide them with private information, such as financial or personal data.

How can I protect myself from phishing?

Don't click suspicious links. When in doubt, hover over the sender URL and look for inconsistencies, like spelling errors or strange websites. Don't pay invoices for services you did not receive. Go directly to the site to pay your bill, without clicking on the link received. Watch out for emails that contain urgent and/or emotional demands. Don't answer phone calls if you don't recognize the number. If you are on a phone call that you suspect is malicious, hang up the phone and call directly instead.

What if I get a fraud alert?

If you receive an email, text, or phone call claiming to be a security or fraud alert on one of your accounts, don't immediately respond to the text or email by using a link or phone number they provide. Instead, navigate to the company's website, and connect with them directly to determine if the alert is legitimate. Be wary of emails, calls, or texts claiming to be from a government entity: hang up and call the government agency directly when in doubt. United States government entities typically initiate contact through physical mail, first.

Is deleting a phishing email or text enough to keep me safe?

You should delete phishing emails and hang up on phishing phone calls. Don't respond to texts: just delete them. You can also report phishing emails on most email platforms which helps to block future phishing attempts from your inbox. You can report suspicious texts to most phone providers by forwarding them to 7726.

Multi-factor Authentication (MFA)

What is Multi-Factor Authentication (MFA)?

MFA requires you to provide two or more different ways of proving that you're really you before allowing access into your devices/accounts. This typically includes something you know (e.g., a password or PIN), something you have (e.g., a mobile device or a debit card), or something you are, like biometric authentication (e.g., facial recognition or fingerprint login).

Why should I enable MFA?

MFA adds another layer of protection to your accounts, making it more difficult for someone to gain unauthorized access to your personal and financial information. With MFA enabled, even if someone has your password, it will be more difficult for them to login to your account without having access to the second mechanism you use to verify your identity (e.g., fingerprint, phone, etc.). This helps protect your identity and money from scammers.

How do I enable MFA?

Turning on MFA differs by service, but can usually be located within services' security settings. Instructions vary by account type and you generally have to set up MFA on each of the online platforms you access (social media, email, bank, etc.). It is recommended that you enable MFA where possible on all accounts that offer it.

What if I receive an MFA code texted to my phone that I didn't request?

Phishers can use texts that look like MFA requests to attempt to gain access to your accounts. Do not respond to links or use codes you did not request; just delete them. Do not share your MFA code with anyone, this can lead to your account being compromised. If you receive a code you did not request, this can mean that someone has your password and is attempting to log in to one of your accounts, but your MFA is stopping them. When this occurs, it is recommended that you change your password as it may have been compromised, weakening your account security.