11 things you need to know to avoid scams when donating to help Ukraine

Beware of scams tied to the Russian invasion of Ukraine. That’s the warning to all New Yorkers.

Savvy scammers are using social media, email, phone calls and texts.

They often ask people to wire money, use an offshore bank account, or send a pre-paid gift card. Some even use cryptocurrency.

The New York State Office of Consumer Protection is offering these tips, so you don’t fall victim:

• Report it. If you’re a victim or believe you may be a victim of tax-related identity theft, alert us immediately. We will track your information to help keep it private and protected. Visit the Tax Department’s Report fraud, scams, and identity theft webpage.

• Be wary of unsolicited emails and telephone calls asking for personal information. Never share personal information, such as your Social Security number, in response to an unsolicited email or telephone call. If the email or call claims to be from a company with which you do business, call it directly to confirm the contact is legitimate. Scammers often use scare tactics and threats related to tax debt to get you to share your personal and financial information.

• Secure your mobile devices. Apply software updates that patch known vulnerabilities as soon as they become available. Use security features built into your device, such as a passcode, and use programs that encrypt data and remotely eliminate contents if the device is lost or stolen.

• Be careful with Wi-Fi hotspots. Public wireless hotspots are not secure, which means that it’s easy for cyber thieves to see what you are doing on your mobile device while you are connected. Limit what you do on public Wi-Fi and avoid logging into sensitive accounts.

• Know your apps. Thoroughly review the details and specifications of an app before you download it. Review and understand the privacy policy of each mobile app. Be aware that the app may request access to your location and personal information.

• Be cautious about the information you share on social media. Avoid posting your birthdate, telephone number, home address, or images that identify your job or hobbies. One reason: this type of information can be used to determine answers to security questions used to reset passwords, and makes you a target of fraudsters who seek to access your accounts and personal information.

• Use strong passwords. Create different passwords for all your accounts. When it comes to passwords, try to use one with at least 14 characters, the current industry standard. Use a combination of letters (uppercase and lowercase), numbers, and symbols. Consider passphrases in which you use the first letters of a memorable phrase to create a complex password that is difficult to guess. Regularly change your passwords/passphrases.

• Vary your security questions. Don’t use the same security questions on multiple accounts. Select security questions for which the answers cannot be guessed or found by searching social media or the internet.

• Use two-step verification to access accounts. To enhance the security of online accounts, whenever possible, require a password and an extra security code to verify your identity when you sign in.

• Beware of phishing. Don’t click on links, download files, or open attachments in emails from unknown senders. Open attachments only when you are expecting them and know what they contain, even if you know the sender.

• It’s important to regularly review the steps necessary to secure your sensitive information.

The Tax Department uses advanced encryption, firewalls, intrusion-detection systems, and other security measures to safeguard our systems and sensitive data, but taxpayers must also take a proactive approach to protecting themselves online.