How Your Digital Habits Impact Your Cybersecurity

The FBI recently warned about two scams that have been circulating this year. Neither is new. But what is new is how cheaply and easily criminals can now use AI tools to pull them off. Old scams with new technology become faster, more believable, and far harder to detect. 

What both scams have in common is simple: Hackers exploit your digital habits. What you post, what you click, what you assume is “legitimate,” and how you respond to urgency all shape your risk. Below is a quick look at the two scams, and more importantly, the digital behaviors that make them possible. 

The ‘Virtual Kidnapping’ Scam

FBI Advisory: Criminals are using AI-generated audio and altered photos scraped from social media to convince victims that a loved one has been kidnapped. 

How the scam works: 

• Scammers gather publicly posted photos, videos, and voice clips. 

• They use AI to generate realistic images or voice imitations of the supposed “victim.” 

• They spoof the victim’s phone number or a local number to make the call appear legitimate. 

• The target receives a frantic call demanding immediate ransom, often under threats of harm. 

This scam works because most people’s social media accounts reveal far more than they realize: names, faces, locations, routines, friends, schools, vacations. With enough material online, AI can convincingly recreate anyone. 

The habit this scam exploits: 

• Posting too much information publicly 

• Assuming caller ID is reliable 

You don’t need to erase your online presence, but locking down your privacy settings and reducing what you post publicly goes a long way. 

The Bank Impersonation Scam

FBI Advisory: Criminals are using sophisticated social engineering to take over bank, payroll, and HSA accounts.  They then quickly move funds into untraceable crypto wallets. 

How the scam works: 

• Scammers impersonate your bank using realistic text messages, emails, or calls. 

• They often claim your account is facing immediate harm, typically (and ironically) informing you your account has a security breach. 

• Once they get you to respond, they trick you into providing login information or MFA codes. 

• They access your accounts, lock you out, and rapidly transfer funds to cryptocurrency. 

• In many cases, funds are unrecoverable once moved. 

This scam isn’t about guessing passwords.  It’s about manipulating behavior. 

The habits this scam exploits: 

• Trusting unsolicited calls or texts that appear to be from your bank 

• Reacting emotionally to urgent warnings 

• Using the same passwords across multiple accounts 

• Approving MFA prompts without verifying the source 

A bank will never pressure you to act immediately without giving you a chance to independently verify the request. 

Adjust Your Digital Habits 

Cybersecurity is no longer just technical.  It’s behavioral.  That is, the old image of the code-obsessed hacker is outdated and has been for a long time.  Cybercrooks need very little technical sophistication – only ill intent. 

What does that mean for you, as a business owner or in your personal life?  It means your digital behaviors matter as much as your technical defenses.   

Here are the simplest high-impact habits that prevent scams like these:

• Reduce public personal info

Limit what strangers can see on social media. If a criminal can learn your life story with a 30-second scroll, you’re an easy target.  Most people love to paste pictures of their children all over the internet because they are all, ya know, cute and stuff.  Don’t.  Be extremely judicious in WHAT you post, WHERE you post, and WHO has access to it.

• Never trust caller ID

Phone numbers can be spoofed. If something sounds urgent, hang up and call the organization using a verified number.  The same goes for emails and texts you receive from folks you know.  If it sounds suspicious, you need to double-check.  If you are being asked to DO ANYTHING or give ANY information, take a step back and re-assess.

• Slow down when you see “IMMEDIATE ACTION REQUIRED”

Urgency is a tool attackers use to override good judgment.  There are virtually no situations which require this level of urgency.  If you are given a stunning warning from a stranger, be calm, take a deep breath, and coldly analyze the situation.  NOTE: Everyone convinces themselves that they are too smart to fall for this, that they would be able to identify a scammer. 

That’s why they are called “con” artists.  The old word is a “confidence man” – that is, someone who takes advantage of YOUR confidence in yourself and in your judgment.

• Use strong, unique passwords

One compromised password should not give access to multiple accounts.  Passwords should also be combined with an MFA code or some other such access option.  A very good option is to get a password manager (we like Password Boss) to help keep up with all 1.2 million accounts you have. 

• Protect your MFA codes like they’re cash

No legitimate bank employee will ask for them. You should have MFA enabled on all your accounts. Yes, it can be annoying, but it is a vital tool in the cybersecurity toolbox. 

Final Thought 

Cyber hygiene isn’t about tools.  It’s about good digital habits. Attackers rely on our routines, assumptions, and emotional responses far more than our technology. Strengthening the human side of cybersecurity — your digital habits — will do more to protect you from modern scams than any single security product.