NEXLOX Shield Logo
NEXLOX
Scam Shield Security Center — Fight Back
Support This Tool
SHIELD ACTIVE
Spot It Verify It Report It Snellville • Gwinnett County • Atlanta, GA
🔍
ALERT
🔍
Spot It Identify the threat
🔬
Verify It Check what you received
🚨
Report It Take action now
28Scam Types Covered
10Guided Scenarios
4Threat Vectors
8Report Agencies
ATL GWINNETT AUGUSTA MACON SAVANNAH
00:00:00
--- -- ----
---
GA Population
Est. 11.4M
Last Updated
May 2026
Step 1
Spot It
Figure out what type of scam you are dealing with
🔎
Not sure if it's a scam? Answer 2 quick questions
Quick Risk Check
2 questions. 60 seconds. We tell you exactly where you stand and what to do next. No pattern matching, no guessing — you answer, we route.
Know what type of scam this is? Select it
Step 2
Verify It
Check the specific thing you received using the right tools
🔬
What do you have to check?
📧 Checking an email address
The most important thing to check is the domain — the part after the @ symbol. Scammers use domains that look like real brands but aren't. These tools help you verify.
Verify a suspicious email you received
MXToolbox Email Headers
Open the suspicious email, view raw headers (Settings → More options), paste them here to trace where the email truly originated.
Paste headers
Google Header Analyzer
Paste raw email headers and see a clear timeline of every server the message passed through, plus SPF and DKIM authentication results.
Paste headers
How to read email header results
✅ Looks legitimate when…
The "From" domain exactly matches the company's real domain (paypal.com, not paypal-billing.net). SPF and DKIM both show PASS. The sending server IP belongs to the company or a known email provider like Sendgrid or Mailchimp.
🚩 Treat as spoofed when…
SPF shows FAIL or SOFTFAIL. DKIM shows FAIL or is missing. The originating IP is from a different country than the company. The "Reply-To" address is different from the "From" address. Any part of the domain doesn't exactly match.
Check your own email health
MXToolbox Email Health
Enter your own email domain to see if your outgoing mail is configured to prevent spoofing. Use this to check your own accounts, not suspicious senders.
Your domain
HaveIBeenPwned
Check if your personal email address appeared in any known data breach. If it has, change that account's password immediately. Free, no signup required.
Paste your email
How to read HaveIBeenPwned results
✅ Good result
"Good news — no pwnage found." Your email address has not appeared in any known breach database. Continue using strong unique passwords and enable 2FA.
🚩 Action required
Your email appeared in one or more breaches. The site tells you which services were breached. Change your password for every listed service immediately — and any other site where you used the same password.
Real companies email from their actual domain. support@paypal-helpdesk.com is not PayPal. support@paypal.com is. Always check the exact domain after the @ symbol before clicking anything.
📞 Checking a phone number
Remember: caller ID can be completely faked by anyone. Even if it shows your bank's name, it means nothing. These tools check community reports and carrier data — not the caller ID.
NumLookup
Free reverse lookup for US numbers. Shows the carrier, line type (mobile, landline, or VoIP), and sometimes the registered owner. No signup required.
Paste number
Should I Answer
Community-powered spam call database. Real people rate numbers and leave comments. Shows you if others have already flagged this number as a scam.
Paste number
FCC Complaint Center
Report robocalls, spoofed numbers, and phone scams to the Federal Communications Commission. Your report feeds the government's enforcement database.
Report it
How to read phone lookup results
✅ Lower risk when…
NumLookup shows a real mobile or landline registered to a known business or person. Should I Answer has no negative ratings or comments. The number exactly matches the company's published contact number.
🚩 Treat as suspicious when…
NumLookup shows the line type as VoIP — scammers prefer VoIP because it's cheap and easy to spoof. Should I Answer has 1-star ratings or comments mentioning IRS, Social Security, or warranty. The number is out of state but the caller claims to be a local business. No results found at all — newly created numbers are common in scam campaigns.
The IRS, Social Security Administration, Medicare, and your bank will never demand immediate payment by phone — especially not by gift card, wire transfer, Zelle, or crypto. Hang up and call the agency directly using the number on their official website.
💬 Checking a suspicious text message
Text scams (smishing) are now the #1 delivery method for fraud in the US. Before clicking any link, replying, or calling any number in a text, take 60 seconds to verify.
🚩 Red Flags — Read Before Anything Else
  • Claims to be USPS, FedEx, your bank, or the IRS from a regular 10-digit number — real companies text from short codes (5–6 digit numbers like 22000 for USPS or 48773 for FedEx), not random 10-digit numbers
  • Contains a link — especially a shortened URL like bit.ly or tinyurl.com — real companies use their own domain in links
  • Unexpected delivery fee or "address update required" when you have no pending package
  • Urgent language: "Your account will be closed," "Respond within 24 hours," "Final notice"
  • Prize, lottery, or gift card offer from a number you don't recognize
  • Awkward phrasing, odd spacing, or unusual punctuation — often a sign of automated translation
  • Asks you to reply STOP or click a link to opt out — doing either confirms your number is active and live
⚠️ Received a verification code you did NOT request? Someone already has your password and is attempting to log into your account right now. Change that account's password immediately from a trusted device. If someone then calls and asks you to read the code back to them — hang up. That is a live account takeover in progress.
Verify the Text
Bitdefender Scamio
Paste the full text message and Scamio analyzes the content for scam patterns — the only tool here that reads what the message actually says. Free account required for full use; basic analysis available without one.
Paste message text
NumLookup
Check the sender's line type instantly — no account needed. VoIP is the strongest single indicator of a scam text. Real companies text from registered business lines, not throwaway internet numbers.
Paste sender number
RoboKiller Spam Lookup
Spam database covering both 10-digit numbers and short codes. Shows community reports, scam type, and how many people flagged that sender. Basic lookup is free; full history requires an account.
Paste number or code
🔗 Text Contains a Link?
The link in the text is where credentials get stolen or malware gets installed. Click here to open the Link checker — VirusTotal, URLScan, WHOIS — and verify the URL before you touch it.
Open Link panel →
How to read the results
✅ Lower risk when…
Scamio finds no scam patterns in the message. NumLookup shows a real business mobile or landline — not VoIP. RoboKiller shows no spam reports or scam flags. Any link in the text passes VirusTotal and WHOIS shows the domain is years old and legitimately owned.
🚩 Treat as a scam when…
Scamio flags the message as a scam or phishing attempt. NumLookup shows VoIP — highest confidence scam indicator for a text sender. Any link in the text fails VirusTotal, has a newly registered domain, or uses a URL shortener.
Report the Text
📲 Forward to 7726 (SPAM)
Works on all US carriers — AT&T, Verizon, T-Mobile. Your report flags the number for everyone.

iPhone: Press & hold message → More… → Forward arrow → Type 7726 → Send
Android: Press & hold message → Forward → Type 7726 → Send
Action on your phone
FTC ReportFraud
File a report with the Federal Trade Commission. Your report feeds the national fraud database and triggers enforcement action when patterns emerge across victims.
Report it
Free Built-In Spam Text Protection — Enable Now
Most people never turn these on. All of them are free:
  • iPhone (iOS Messages): Messages from unknown senders show a "Report Junk" link at the bottom — tap it to report to Apple and your carrier simultaneously
  • Android (Google Messages): Open the conversation → Tap ⋮ → "Report spam" — reports to Google and enables automatic blocking
  • T-Mobile: Download the free Scam Shield app — blocks spam texts and calls, no cost on any T-Mobile plan
  • AT&T: Open the AT&T app → ActiveArmor → enable spam text blocking (free tier available)
  • Verizon: Open My Verizon app → Call Filter → enable spam detection (free tier available)
Never click a link or reply STOP to a text from an unknown number — not even to opt out. Both actions confirm your number is active and can lead to more scam texts or malware. Navigate to any company's website directly by typing it yourself.
Step 3
Report It
Take action, stop the damage, and file your official report
Skip to reporting agencies ↓
🚨
Still happening right now?
🚨
I Think I Am Being Scammed Right Now
Stop. Do not send money. Do not give access. Read the 6 emergency steps immediately.
What happened to you?
1

Hang up or stop responding immediately

No explanation needed. Scammers are trained to keep you engaged. Disengage completely.

2

Do not call back numbers they gave you

Look up the real company number yourself on their official website or the back of your card.

3

Screenshot everything

Capture the number, email, messages, and exactly what they said. You will need this for reports.

4

Block the contact on all platforms

Phone, email, and social media. They may try other channels after you stop responding.

5

Warn family members

Scammers often target multiple people in the same network after a failed attempt.

6

Report the attempt

Use the reporting links below. Your report protects others in your community.

1

Disconnect from WiFi immediately

Turn off WiFi or unplug ethernet. This stops any active data transfer to the attacker.

2

Do not enter any information on the page

Close the browser tab now. If you already did, assume that information is compromised.

3

Run a malware scan right now

Use Malwarebytes Free or Windows Defender. Do not wait until later.

4

Change passwords from a different device

Any account you were logged into is at risk. Start with email and bank accounts.

5

Enable two-factor authentication

On your email, bank, and social accounts. This stops attackers even if they have your password.

6

Monitor your accounts for 30 days

Watch for unauthorized charges, password resets you did not request, or new accounts you did not open.

1

Call your bank or payment app right now

Ask to reverse, recall, or stop the transaction. Use the number on the back of your card.

2

Gift cards - call the issuer immediately

Call the number on the back of the card. Keep the card and your receipt. Some issuers can freeze unused balances.

3

File a local police report

Gwinnett County PD non-emergency: (770) 513-5700. You need a report number for bank disputes.

4

Report to the FTC

reportfraud.ftc.gov generates an official report ID your bank can use in a dispute. Takes 5 minutes.

5

Document everything

Screenshots, transaction IDs, phone numbers, all communications. More evidence means better recovery.

1

Change passwords immediately

Start with email - it is the master key to everything else. Then bank accounts, then social media.

2

If SSN was shared - freeze your credit now

Free at all 3 bureaus: Equifax.com, Experian.com, TransUnion.com. Takes about 10 minutes each.

3

Check haveibeenpwned.com

See if your email appeared in known data breaches. Free and instant.

4

If bank or card info was shared - cancel and reissue

Call your bank now. Request new card numbers. Set up transaction alerts.

5

File at identitytheft.gov

Official government recovery plan tailored to what was stolen. Creates a personal recovery checklist.

Walk through your exact situation step by step
💸 Someone sent me money by mistake
🛒 Marketplace buyer acting suspicious
💼 Job offer seems too good
📦 Suspicious delivery text
💻 Someone wants remote access
💔 Online relationship asking for money
🏛️ Government agency called me
🖥️ Tech support popup
🏦 I received a check I didn't expect
⚡ Utility company threatening shutoff
Reference Library
🎯
Scam Library
All 28 scam types with full playbooks, red flags, and what to do
🔎
Deep Investigation
Advanced tools: sandboxing, identity investigation, forensics
📍
Local Resources
Snellville, Gwinnett, Atlanta contacts and neighborhood safety maps
📚
Learn and Stay Safe
Daily habits, golden rules, phishing quiz, password tools
🔒
Privacy Tools
Free tools that block ads, protect your connection, and reduce your exposure to scams before they happen
🏠
Home & Physical Security
Doors, locks, cameras, lighting, dogs, perimeter security, and emergency preparedness for your home
🌐
Digital Footprint & Privacy
Reduce your online exposure, opt out of data brokers, protect your identity, and understand authentication security
📡
BOLO Alerts
Be On the Lookout — active threat alerts and breaking scam news for your community
These tools do not react to scams — they prevent them. A VPN encrypts your connection. A private browser and search engine reduce the tracking scammers exploit to target you. Encrypted email keeps your real inbox out of the wrong hands. Two-factor authentication stops account takeovers even when a password is stolen.
Proton VPN
VPN
Genuinely free VPN with no data logging, no credit card required. Encrypts your internet connection so scammers, hackers, and trackers cannot see what you are doing online. Based in Switzerland with strong privacy laws.
protonvpn.com ↗
Brave Browser
Browser
Free privacy browser with built-in ad blocking, anti-tracking, and fingerprint protection. No extensions needed to get strong privacy out of the box. The fastest option if you want privacy without configuration.
brave.com ↗
Firefox
Browser
Free, open source browser with strong privacy defaults and full support for uBlock Origin. Best choice if you want more customization and control over your privacy settings.
firefox.com ↗
Opera Browser
Browser + VPN
Free browser with a built-in VPN, ad blocker, and tracker protection all included - no extensions needed. The only major free browser with a VPN built directly into the interface. Good option if you want everything in one place.
opera.com ↗
DuckDuckGo
Search Engine
Private search engine that does not track your searches, build an advertising profile on you, or sell your data to third parties. Use it instead of Google for everyday searching. Free, no account needed.
duckduckgo.com ↗
Proton Mail
Encrypted Email
Free encrypted email account not tied to your real identity. Use it when signing up for any site you are unsure about — keeps your primary inbox safe from harvesting and spam. End-to-end encrypted, based in Switzerland. No ads, no data selling. Same company as Proton VPN.
proton.me/mail ↗
Authenticator App
2-Factor Auth
A stolen password alone is not enough to break into your account when 2FA is on. Install Authy or Google Authenticator — both free — and enable two-factor authentication on your email, bank app, and social media accounts. The single most impactful account protection step you can take.
authy.com ↗
Bitwarden
Password Manager
Free, open source password manager that generates and stores a unique password for every account. Reusing passwords is one of the most common ways scammers break in — one leaked password unlocks everything. Bitwarden eliminates that risk entirely. Works on every device, no credit card required.
bitwarden.com ↗
🚨
I Think I'm Being Scammed Right Now
Follow these steps in order. Do not skip ahead. Every second counts.
STOP WHAT YOU ARE DOING. Read this before you do anything else.
1

Do not send any money or gift cards

Do not wire money, send Zelle, buy gift cards, share crypto, or make any payment regardless of what they say will happen if you don't. No legitimate emergency ever requires gift card payment.

2

Do not give anyone access to your device

Hang up, close the chat, or stop responding. If you are on a call, hang up right now. You can hang up on anyone. No explanation needed.

3

Screenshot or write down all details

Capture the phone number, email address, website, any names used, and exactly what they said. This becomes evidence for reports and bank disputes.

4

If you already sent money, call your bank NOW

Use the number on the back of your card. Tell them you were scammed and ask to reverse or stop the transaction immediately. Every minute matters.

5

If you clicked a link, disconnect from WiFi

Turn off your WiFi or unplug your ethernet cable right now to stop any data transfer. Then run a malware scan before reconnecting.

6

Report it to get your official report number

File at reportfraud.ftc.gov. This generates an official report ID your bank can use in a dispute. Also report to Gwinnett County PD at (770) 513-5700.

↗ Report to FTC Now ↗ FBI IC3 Report
🎯
Scam Types Library
Select a category, then tap any scam type to see the full playbook.
📧 Phishing (Email) 📱 Smishing (Text) 📞 Vishing (Phone) 📷 QR Code Scams
💸 Zelle Scams 💚 Cash App 🏦 Bank Impersonation 💰 Refund Scams 🐷 Crypto Pig Butchering 🏥 Medicare Scams 🎰 Lottery & Prize Scams
🏪 Facebook Marketplace 🤝 Buyer/Seller Scams 💵 Overpayment 🏠 Rental Scams
🎭 Impersonation 🔨 Contractor Scams 💔 Romance Scams 🤖 AI Voice & Deepfake 🔓 Account Takeover 👥 Clone & Fake Accounts 🛡️ Social Media Safety
👔 Job Scams 🤵 Fake Recruiters 📄 Invoice Scams
📦 Amazon/UPS/USPS
📬 Mail Scams 🧾 Fake Bills
What it looks like
🚩 Red Flags
    ✅ What To Do
      🚨
      What To Do RIGHT NOW
      Choose your exact situation for step-by-step guidance.
      🛑
      Stop all communication immediately. You are in control: hang up, close the chat, or ignore the message. You owe no explanation.
      1

      Hang up or stop responding

      No explanation needed. Scammers are trained to keep you engaged: your best move is to disengage completely.

      2

      Don't call back numbers they gave you

      Look up the real company number yourself: on their official website or the back of your card.

      3

      Screenshot and document everything

      Capture the number, email, messages: everything. You'll need this for reports.

      4

      Block the contact on all platforms

      Phone, email, social media. They may try other channels.

      5

      Warn family members

      Scammers often target multiple people in the same network, especially after a failed attempt.

      6

      Report the attempt

      FTC at reportfraud.ftc.gov. Your report protects others in your community.

      ⚠️
      Act within the next hour. The sooner you respond, the less damage is done.
      1

      Disconnect from WiFi immediately

      Pull the cord or turn off WiFi. This stops any active data transfer to the attacker.

      2

      Do NOT enter any information on the page

      Close the browser tab immediately. If you already did, assume that info is compromised.

      3

      Run a virus/malware scan now

      Use Malwarebytes Free or Windows Defender. Don't wait.

      4

      Change passwords from a different device

      Any account you were logged into when you clicked should be considered at risk. Start with email and bank.

      5

      Enable two-factor authentication (2FA)

      On your email, bank, and all social accounts. This stops attackers even if they have your password.

      6

      Monitor accounts for 30 days

      Watch for unauthorized charges, password resets you didn't request, or new accounts you didn't open.

      7

      If on a work device: call IT now

      Don't wait. Your company's IT team needs to know immediately.

      🔴
      Time is critical. Some transfers can be reversed within minutes to hours if you act now. Call your bank before doing anything else.
      1

      Call your bank or payment app NOW

      Ask to reverse, recall, or stop the transaction. Use the number on the back of your card: not one from the internet.

      2

      Zelle: call your bank's fraud line

      Zelle transfers are often non-reversible, but your bank may have options. Ask specifically about their fraud policy.

      3

      Gift cards: call the issuer immediately

      Call the number on the back of the card. Keep the card and your receipt. Some issuers can freeze unused balances.

      4

      File a police report

      Gwinnett County PD non-emergency: (770) 513-5700. You will need a report number for bank disputes.

      5

      Report to the FTC

      reportfraud.ftc.gov: generates a report ID your bank can use. Takes 5 minutes.

      6

      Report to the FBI IC3

      ic3.gov: for wire fraud, online scams, and large losses. Federal investigation possible.

      7

      Document everything

      Screenshots, transaction IDs, phone numbers, all communications. More evidence = better recovery chance.

      ⚠️
      Personal data exposure can have consequences for months or years. Take action today to limit the damage.
      1

      Change passwords immediately

      Start with email: it's the master key to everything else. Then bank accounts, then social media.

      2

      Enable 2FA on all critical accounts

      Email, bank, and social media. Use an authenticator app (Google Authenticator, Authy) over SMS when possible.

      3

      If SSN shared: freeze your credit NOW

      Free at all 3 bureaus online: Equifax.com, Experian.com, TransUnion.com. Takes about 10 minutes each. Prevents new accounts from being opened in your name.

      4

      Check haveibeenpwned.com

      See if your email appears in known data breaches. Free and instant.

      5

      Monitor your credit report

      annualcreditreport.com: free weekly reports from all 3 bureaus. Look for accounts you didn't open.

      6

      If bank/card info shared: cancel and reissue

      Call your bank now. Request new card numbers. Set up transaction alerts.

      7

      File at identitytheft.gov

      Official government recovery plan tailored to what was stolen. Creates a personal recovery checklist.

      🗺️
      Scenario Guides
      Select the situation that matches yours for step-by-step guidance.
      💸
      Someone sent me money by mistake
      🛒
      Marketplace buyer acting suspicious
      💼
      Job offer seems too good to be true
      📦
      Suspicious delivery text or email
      💻
      Someone wants remote access to my device
      💔
      Online relationship asking for money
      🏛️
      Government agency called me
      🖥️
      Tech support popup or warning screen
      🏦
      I received a check I didn't expect
      Utility company threatening shutoff
      Not sure what to do next?
      Book a free 15-minute security check with a NEXLOX advisor. We'll walk through your situation, tell you exactly what happened, and what to do about it.
      📅 Book Free Security Check
      🔍
      Verify & Investigate
      Input-driven lookups. Tools marked AUTO open pre-loaded with your input. Tools marked PASTE open to their homepage for manual entry.
      🔗 Check a Suspicious Link
      VirusTotal AUTO
      70+ antivirus engines, domain scan
      URLScan.io PASTE
      Safe screenshot of any page
      CheckShortURL PASTE
      Reveals where bit.ly links really go
      Google Safe Browsing PASTE
      Google's own blocklist — paste URL to see if it's flagged
      🌐 Check a Website or Domain
      ScamAdviser AUTO
      Trust score - instant, no signup
      WHOIS Lookup AUTO
      Who registered this domain and when
      Netcraft AUTO
      Fraud history, hosting, phishing flags
      📧 Check an Email Address
      HaveIBeenPwned AUTO
      Was this email in a data breach?
      MXToolbox Headers PASTE
      Paste email headers to verify sender
      Google Header Analyzer PASTE
      Trace exactly where an email came from
      📞 Check a Phone Number
      NumLookup AUTO
      Best free US reverse phone lookup
      Truecaller PASTE
      Community-reported spam call database
      WhoCallsMe PASTE
      Crowd-sourced reports — see exactly what others say about a number
      FTC Do Not Call Registry REPORT
      Register your number + report calls that ignore the registry
      🌍 Check an IP Address
      AbuseIPDB PASTE
      Community-reported malicious IPs
      Cisco Talos AUTO
      Enterprise-grade IP and domain rep
      IP WHOIS PASTE
      Geographic location and ownership
      📷 Check a QR Code
      Trend Micro QR Scanner UPLOAD
      Upload QR image - checks destination URL for threats
      VirusTotal URL Check PASTE
      Decode QR code first, then paste URL here
      🛠️
      Deep Investigation Center
      Advanced tools for deeper analysis - file sandboxing, identity investigation, scam intelligence, password security, and education. These go beyond quick lookups and are used when you need to dig further.
      🧪 File and Malware Sandboxing

      Use these when you have a suspicious file, attachment, or download. Open it safely in a controlled environment before touching it on your real device.

      ANY.RUN
      Interactive sandbox, watch malware run safely
      Hybrid Analysis
      Deep behavioral file analysis, free
      MetaDefender
      Multi-engine file scan, different engines than VirusTotal
      Browser Sandbox
      Open a webpage without risk to your real browser
      🌐 Blacklist and Reputation Cross-Check

      Run a domain or URL against multiple blacklist databases at once. Use these when ScamAdviser and WHOIS are not enough and you want a second opinion from different sources.

      URLVoid
      30+ blacklist engines in one scan
      CheckPhish
      AI-powered brand spoofing detection
      PhishTank
      Community database of confirmed phishing URLs
      APIVoid Domain
      Domain blacklist reputation check
      👤 Identity and Social Investigation

      Use these when investigating a fake profile, suspicious seller, or online romantic contact. Find where a username exists across the internet.

      🔍
      WhatsMyName
      Find a username across 300+ platforms at once
      Namechk
      See where an account name is registered online
      📧 Email Forensics

      For when you need to dig into an email's raw headers to prove spoofing or trace where a message actually originated. Requires you to view and copy the raw email headers first.

      EasyDMARC
      Checks if an email was spoofed via DMARC policy
      🖼️ Is This Image or Video Real?

      Use these when a profile photo looks too perfect, an image seems suspicious, or a video doesn't feel right. Reverse image search finds where a photo really came from. AI detectors flag images generated by tools like Midjourney or DALL-E. Run both when investigating a romance scam, fake job contact, or suspicious seller.

      Google Reverse Image Search
      Drag or paste a photo — find exactly where it came from
      TinEye
      Reverse image search — shows the exact date a photo first appeared online
       🔬
      FotoForensics
      Error Level Analysis — detects if a photo was edited, spliced, or faked
      Is It AI?
      Upload image — confidence score on whether it was AI-generated. 5 free checks/month, no account needed
      AI or Not
      Drag-and-drop AI image detector, no account required
      Deepware Scanner
      Upload a video — scans for deepfake face and voice manipulation
      🔑 Password Security Check

      If you were scammed and need to change passwords, use these first to see if your new password is actually strong. Nothing you type is stored or transmitted.

      Bitwarden Password Strength
      Free, open source, trusted - shows strength instantly
      Security.org Password Check
      Shows estimated time to crack your password
      📍
      Georgia & Local Atlanta Resources
      Specifically for Gwinnett County and the Greater Atlanta metro area.
      📍
      Primary Service Area: Snellville, GA 30039 / 30078
      NEXLOX is based in Snellville and serves the surrounding Gwinnett County and Greater Atlanta area. Local phone numbers and resources are listed below.
      📍 Snellville Specific Resources
      👮
      Gwinnett County Police (Snellville)
      Snellville precinct serves 30039 and 30078. Non-emergency line: (770) 513-5700. File scam and fraud reports here first.
      🏛️
      City of Snellville
      City Hall: (770) 985-3500. For local ordinance violations and contractor complaints within Snellville city limits.
      ⚖️
      Gwinnett DA Office
      Gwinnett County District Attorney handles financial crimes and fraud prosecutions in the county.
      🚔 Law Enforcement
      👮
      Gwinnett County Police
      Non-emergency: (770) 513-5700. File fraud/scam reports. Emergency: 911.
      🏙️
      Atlanta Police Department
      For incidents within Atlanta city limits. Financial crimes unit handles fraud.
      🔵
      FBI Atlanta Field Office
      Wire fraud, cybercrime, and large-scale scams targeting Georgia residents.
      🏛️ Georgia State Resources
      ⚖️
      GA Attorney General
      Consumer Protection Division: deceptive businesses, scammers posing as companies.
      🏦
      GA Dept of Banking & Finance
      Report unlicensed financial activity and financial fraud in Georgia.
      🏘️
      GA Dept of Community Affairs
      Housing and contractor scam resources for Georgia residents.
      🤝 Community & Support
      👴
      Gwinnett Senior Services
      Resources for seniors targeted by scams. (770) 822-8820. Reporting help and recovery guidance.
      BBB Metro Atlanta
      Check and report businesses. Scam tracker covers the full Atlanta region.
      Georgia 211
      Dial 2-1-1 for local crisis help, assistance, and community resources across Georgia.
      AARP Fraud Watch Network
      Free helpline 1-877-908-3360. Senior fraud resources, alerts, and real-person advice. No AARP membership required to call.
      ⚠️
      GA Sex Offender Registry
      Search the official Georgia registry by address or zip code. See registered offenders in your neighborhood. Maintained by the Georgia Bureau of Investigation (GBI).
      🏥
      GA Adult Protective Services
      Report elder financial abuse or exploitation. Hotline: 1-866-552-4464. Available 24/7 for vulnerable adult emergencies.
      🏥 Neighborhood Safety Maps
      Citizen App
      Real-time incidents and safety alerts on a live map. Covers Gwinnett County and the Atlanta metro. Free to view, no signup required.
      SpotCrime
      Maps actual police report data by zip code. Enter 30039 or 30078 to see recent activity in the Snellville area. Free.
      CrimeMapping.com
      Official police incident data published by Georgia law enforcement agencies. Shows incident type, date, and location on a map.
      📱 Nextdoor Safety Resources
      Nextdoor Fraud and Phishing Guide
      Official Nextdoor page for avoiding fraud, phishing, and spam on the platform. Includes how to report fake profiles and sad story scam requests.
      Cybersecurity and IT Resources
      Gwinnett County Nextdoor group — cybersecurity, scams, fraud, identity theft, AI, and IT support. 125+ neighbors and growing.
      NEXLOX - Gwinnett County & Atlanta
      We provide in-person and remote security sessions for local residents and businesses. We help you identify scams, secure your devices, and set up lasting protection in plain language with no technical jargon. Contact us to schedule a Security Tune-Up.
      📚
      Learn & Stay Safe
      Build habits that protect you every day. Knowledge is your strongest defense.
      0 of 10 habits active , 0% Click each habit to check it off
      • Use a unique password for every account: use a password manager (Bitwarden is free)
      • Enable two-factor authentication (2FA) on email, bank, and social accounts
      • Never click links in unexpected texts or emails: go directly to the website by typing it
      • Verify callers by hanging up and calling back on the official number you look up yourself
      • Check bank and credit card statements at least once per week
      • Keep your phone and computer software fully up to date at all times
      • Freeze your credit if not actively applying for new credit: it's free at all 3 bureaus
      • Never pay with gift cards, wire transfers, or crypto to anyone who contacted you first
      • Look up businesses on BBB.org and read Google reviews before paying them
      • Talk to elderly family members about common scams: they are targeted most often
      • 🚫Never pay anyone in gift cards, crypto, or wire transfer unless YOU initiated and verified the transaction yourself.
      • 🚫Never give remote access to someone who contacted you first: for any reason, ever.
      • 🚫Never send money to receive a prize, lottery winnings, inheritance, or refund.
      • 🚫Never trust caller ID: any number can be spoofed to look like your bank, the IRS, or a family member.
      • 🚫Never keep a transaction secret at someone else's request: legitimate organizations never ask you to.
      • 🚫Never give your SSN, bank login, or card number to someone who called you: even if it looks official.
      • Always hang up and call back on the official number if you're even slightly unsure.
      • Always verify before you pay: even if the request appears to come from someone you know personally.
      • Always take your time: legitimate requests can wait. Urgency is a manipulation tactic.
      ⚠️
      If you notice 3 or more of these signs, have a professional review your device as soon as possible.
      • ⚠️Unauthorized charges appearing on your bank or credit card accounts
      • ⚠️Friends or contacts receiving messages or requests you didn't send
      • ⚠️Apps or programs on your device that you don't recognize
      • ⚠️Battery draining unusually fast with no explanation
      • ⚠️Device running abnormally hot or slow
      • ⚠️Passwords suddenly not working on accounts you haven't changed
      • ⚠️Security alerts or login notifications from accounts you didn't trigger
      • ⚠️Your webcam light turns on when you're not using it
      🧠
      Scam Recognition Quiz
      5 real-world scenarios. Can you spot the scam? Takes about 2 minutes.
      📡
      BOLO Alerts
      Be On the Lookout — active threat alerts and breaking scam news
      🏠
      Home & Physical Security
      Practical security layering for your home — the same principles security professionals use
      🔒 Doors & Locks
      Most break-ins are through the front door. The weakest point is almost never the lock — it's the door frame.
      • Deadbolt on every exterior door — ANSI Grade 1 is the highest residential standard
      • Strike plate with 3-inch screws anchored into the stud behind the trim — this is the most impactful $5 upgrade you can make
      • Door viewers (peepholes) or video doorbells — verify before opening to anyone
      • Sliding glass doors: wooden dowel in the track + a secondary anti-lift pin
      • French doors: surface bolt at top and bottom in addition to the main lock
      • Never leave a spare key outside — use a wall-mounted locked combination lockbox instead
      • Smart locks: ensure they have physical key backup and auto-lock features enabled
      🪟 Windows
      • Window pins drilled through the inner sash into the outer frame — prevents opening even if lock is defeated
      • Window security film slows glass breakage and buys time — 3M and BDF are the most trusted brands
      • Ground-floor windows left cracked for ventilation: use a pin stop that allows airflow but blocks full opening
      • Basement windows: consider window bars or polycarbonate panels
      • Window sensors connected to your alarm — most break-ins through windows go undetected until morning
      • Do not leave ladders accessible outside — they become tools for second-floor window access
      🚗 Garage Security
      The garage is one of the most overlooked entry points. An open garage door for 10 minutes is all it takes.
      • Never leave the garage door open and unattended — even for a quick errand. Thieves move in under 60 seconds
      • The door from your garage into your home should be treated as an exterior door — solid core, deadbolt, no exceptions
      • Change your garage code after any contractor, housecleaner, or service worker has it — change it after any relationship ends too
      • Never use default codes (1234, 0000, the last 4 of your address) — they are the first thing tried
      • Garage door opener left in an unlocked car = house key. A car break-in immediately becomes a home break-in if your address is on anything in the car
      • Use a garage door with rolling code technology — older fixed-code remotes can be cloned with a $30 device
      • Install a garage door alert sensor — get a phone notification any time the door opens or is left open
      • Padlock the emergency release cord from inside when on vacation — prevents the "slim jim through the top of the door" bypass
      • Detached garages: treat them as a fully separate secured structure — lock everything stored inside
      💡 Lighting
      • Motion-activated lights at all entry points, driveways, and side passages — burglars avoid illuminated areas
      • Timer-controlled interior lights when away — darkness for multiple days signals vacancy
      • Solar path lighting along walkways provides ambient coverage and is maintenance-free
      🐕 Dogs
      A barking dog is one of the most effective deterrents available — studies consistently show burglars bypass homes with audible dogs regardless of breed or size. Even a "Beware of Dog" sign provides deterrent value. The alert is what matters, not the bite.
      🌳 Landscaping & Fencing
      • Keep hedges and shrubs near windows and doors trimmed low — dense concealment benefits intruders
      • Thorny plants (holly, barberry, hawthorn) under windows are a passive and permanent deterrent
      • Fencing: privacy fencing can hide intruder activity once inside — combine with cameras pointing inward
      • Gravel paths and driveways create audible noise when walked on — natural perimeter alert
      • Visible "Protected by [alarm company]" signs in yards and windows — deterrence effect is real
      ⚠️ Motion Sensors & Alarms
      • Door and window contact sensors — alert immediately when any entry point is opened
      • Glass break sensors detect the frequency of breaking glass without a physical contact
      • Smart motion sensors with phone alerts (SimpliSafe, Ring, Abode) — no monthly fee options available
      • Driveway alert sensors — wireless IR beam or pressure hose alerts you when someone enters the driveway
      • Decoy cameras do provide some deterrence but dedicated criminals can identify fakes
      🔫 Secured Weapons (If Applicable)
      If you keep a firearm for home defense, responsible storage is non-negotiable for both safety and effectiveness.
      • Quick-access biometric or keypad gun safe for a defensive firearm — balances speed with security
      • Long guns and additional firearms in a full-size rated gun safe bolted to the floor or wall
      • Never store loaded firearms in unlocked drawers or under mattresses — creates danger for household members
      • Georgia law: no state-mandated storage laws, but you are civilly liable if an unsecured firearm is accessed by a minor
      • Property records show you own a home — burglars know homes likely have valuables; secured storage prevents firearms becoming a burglary prize
      📷 Camera Placement
      • Front door and driveway are mandatory — these capture the majority of incidents
      • Rear and side entry points — often the most vulnerable and least visible
      • Aim to capture faces, not just the top of heads — mount lower than you think
      • Overlap coverage where possible — a camera should see what the adjacent camera misses
      • Interior camera in common area as a last line if entry is made
      ⚙️ Setup & Security
      • Change the default password immediately — default-credential cameras are the #1 way home cameras are hacked
      • Enable local storage (SD card or NVR) in addition to cloud — cloud fails if internet is cut or account is compromised
      • Enable motion alerts for real-time notification
      • Keep camera firmware updated — manufacturers push security patches
      • Place cameras high enough to prevent tampering but angled to capture faces
      📦 Recommended Systems
      Wyze Cam
      Best value entry-level. Local SD card storage, motion alerts, no required subscription. ~$30/camera.
      Ring
      Video doorbell and outdoor cameras. Integrates with Alexa. Good neighbor alert network. Subscription for cloud history.
      Arlo
      Wire-free outdoor cameras with strong night vision. Flexible placement. 30-day cloud free tier.
      Eufy
      Local storage by default — no cloud required or subscription. Strong privacy option. AI person detection.
      Vivint
      Professional installation and 24/7 monitoring. Best for whole-home smart security. Subscription required. Good for seniors or those who want a done-for-you setup.
      SimpliSafe
      DIY setup with optional 24/7 professional monitoring. No long-term contract required. Good middle ground between Wyze and Vivint — easy install, real monitoring.
      ADT
      The most recognized name in professional home monitoring. Hardwired systems with 24/7 response. Best for those who want the highest level of monitored protection and don't mind a contract.
      Reolink
      Budget-friendly wired and wireless cameras with no subscription. High resolution, local NVR or SD card storage. Great value for DIY setups covering multiple entry points.
      Lorex
      Wired NVR/DVR systems with local storage and no monthly fees. Best for permanent multi-camera installs. Higher upfront cost, zero ongoing subscription.
      🎒 Emergency Kit Basics
      Basic preparedness directly reduces vulnerability to disaster-related scams — contractor fraud, FEMA impersonation, and charity scams spike after every natural disaster. A prepared household is less desperate and less exploitable.
      🎒
      Ready.gov Emergency Kits
      Official FEMA guide for 72-hour go-bags and home emergency supplies. Free printable checklists.
      📋
      Ready.gov Household Plan
      Build a family emergency plan — meeting points, contacts, evacuation routes. Free templates.
      🌀
      Georgia Emergency Management
      Georgia-specific disaster prep, weather alerts, and local emergency resources for Gwinnett and metro Atlanta.
      🏘️ Property & Public Records Awareness
      Your property and court records are publicly searchable by anyone — scammers use them to find homeowners, estimate net worth, identify recent transactions, and build targeted pitches.
      • Gwinnett County Property Records — your name, address, purchase price, and mortgage amount are public at gwinnettcounty.com
      • Georgia Superior Court records — civil judgments, liens, and case filings searchable online
      • Divorce and probate records — estate details and asset information are often public; frequently used to target recently widowed or divorced individuals
      • After a death, obituaries + public probate records give scammers the names of heirs and estate size — be cautious about oversharing in obituaries
      • Georgia voter registration (name, address, party) is available for purchase — a vector for targeted political and charity scams
      🏠
      Gwinnett Property Records
      Search your own property record to see what is publicly visible about your home and transaction history.
      ⚖️
      Georgia Court Records (EFTS)
      Search state and superior court filings. Understand what is publicly accessible about you or your cases.
      Hardware keeps people out. Habits let them in. Most break-ins and scams succeed not because a lock was defeated — but because a routine was read, a code was shared, or a post revealed the house was empty. This section covers the human side of home security.
      📱 What You Post Online
      • Never announce vacation dates on social media — "leaving for Cancun Thursday!" is an open invitation. Post the photos after you're home
      • Real-time location check-ins and tags tell anyone watching that you are not at home right now
      • "Just got a new 75" TV" — you just told anyone scrolling what's in your house and that it's worth a visit. Throw boxes in your car and take them to a dumpster away from home
      • LinkedIn and Facebook showing your exact work hours and schedule is public reconnaissance data
      • Photos taken inside your home reveal layout, valuables, and security setup to anyone who looks closely
      • Kids posting "home alone" or "parents are out of town" content — have that conversation directly
      • Obituaries listing survivors' names and addresses make recently widowed family members immediate targets
      🕐 Routine & Schedule Vulnerabilities
      Criminals case neighborhoods. A consistent routine is a green light.
      • Leaving at the same time every day, same route, same return time — predictable down to the minute after one week of watching
      • Car not moved for multiple days signals nobody is home — especially visible from the street
      • Mail and packages piling up is one of the clearest absence signals available
      • Same lights on the same timer every night — automated but obvious. Randomize the schedule
      • Same dog walk time, same route — a watcher knows exactly when the house is empty
      • Fitness tracking apps with public profiles — Strava and similar apps default to public activity maps. Your saved routes and marked "home" location can reveal where you live and your typical departure windows. Worth reviewing your privacy settings
      • Garbage cans left at the curb days after pickup = nobody pulled them in = nobody home
      • Before any trip: USPS mail hold, pause newspaper, arrange package holds or deliveries to a neighbor
      🔑 Access Control — Keys, Codes & Who Has Entry
      • Audit who has a key or code right now — ex-partners, old neighbors, former housecleaners, contractors, family members who moved away. Revoke access you can't account for
      • Change garage and alarm codes after any contractor, repairman, or housecleaner finishes — they may have shared or photographed it
      • Never use default codes: 0000, 1234, your address digits, your birthday. These are the first four numbers tried
      • Smart locks: change the code after any guest stay, service visit, or relationship ending
      • Spare keys: never under a mat, in a fake rock, above the door frame, or in a potted plant — those locations are checked first. Use a wall-mounted locked combination lockbox instead
      • Kids sharing alarm codes with friends is more common than parents realize — set unique user codes so you can track who disarmed what and when
      • Community gate and HOA codes: treat them like a password — don't share casually, and flag when one gets out
      🚚 Deliveries, Contractors & Service Workers
      • Verify before you open the door — utility workers, inspectors, meter readers, and repair crews can be impersonated. Ask for ID. Call the company directly using the number from their official website — not the number on a business card they hand you
      • Never leave a contractor alone inside your home without a household member present
      • Background-check any recurring service worker — cleaning staff, lawn crews, pet sitters. Use licensed, insured companies when possible
      • Delivery instructions that reveal your schedule ("I won't be home until 6pm, leave at door") tell a porch pirate exactly when to strike and confirm the house is empty
      • Use Amazon Key, garage delivery, or a neighbor's address for high-value packages when you're away
      • Fake delivery uniforms are a known entry tactic — a UPS or FedEx shirt from Amazon costs $20. Verify before opening
      • Real estate open houses expose your floor plan, valuables, and security setup to every stranger who walks through — remove or secure anything sensitive before any showing
      • After a contractor job: check that no windows or doors were left unlocked as an exit point for a later return
      🏠 Home Visibility — What You're Advertising
      • Break down boxes from expensive purchases before putting them out for trash — a 75" TV box at the curb is a flyer for what's inside your home
      • Valuables visible through front windows — move them out of sightlines from the street
      • Gun safe, jewelry boxes, or electronics visible through windows from the street — reposition or use window film
      • Firearms visible in vehicles parked in the driveway or on the street are a known burglary trigger — lock them in the glove box or take them inside
      • Expensive cars, bikes, or equipment left outside signals a household worth targeting
      • Alarm company yard signs and door/window decals do provide real deterrence — use them even if you upgrade systems
      🧳 Travel & Extended Absence
      • Put mail on hold at usps.com before any trip — mail piling up is the most visible absence signal
      • Have a trusted neighbor collect packages, pull in garbage cans, and vary the driveway appearance
      • Set interior lights on randomized timers — same time every night is obviously automated
      • Do not tell more people than necessary that you're leaving — keep travel plans off social media entirely until you return
      • Leave a car in the driveway if possible, or ask a neighbor to park in yours occasionally
      • Secure your garage door emergency release with a zip tie or padlock from the inside before a long trip — prevents the slim-jim-through-the-top-of-the-door bypass used by experienced burglars
      👨‍👩‍👧 Family Coordination
      • Every adult in the household should know the alarm code, the emergency plan, and who to call
      • Kids need to know: do not open the door to strangers, do not tell anyone the house is empty, and who to call if something feels wrong
      • Designate a trusted neighbor as an emergency contact — someone who can respond faster than anyone else in a crisis
      • Older family members are disproportionately targeted at the door — impersonators posing as utility workers, charity collectors, or government inspectors. Walk them through how to verify before opening
      • Babysitters and housesitters: give them only what access they need, set a unique alarm code for their visit, and change it after they leave
      • Family group chat or shared calendar for travel and absence — so everyone knows when the house is occupied and when it isn't
      🏘️ Neighborhood Awareness
      • Know your immediate neighbors by face — being able to spot someone who doesn't belong is one of the most effective security tools available
      • Recognize casing behavior: a car slowly circling the block, someone photographing homes, a person ringing doorbells and leaving without packages — report it to Gwinnett PD non-emergency (770) 513-5700
      • Join or create a neighborhood alert channel — Nextdoor, a group text, or a Ring Neighbors group. A 2-minute post warning neighbors about a suspicious vehicle has prevented break-ins
      • If you see something, say something — not just to 911, but to your neighbors. Information shared within hours of a suspicious event is the most actionable
      📡 Smart Home Devices
      Smart home tech adds real convenience — just worth knowing what it shares and how to manage it.
      • Smart speakers (Alexa, Google Home) are always listening for their wake word. Some voice clips are stored and can be reviewed. You can view and delete your voice history: Alexa → Alexa app → More → Activity; Google → myaccount.google.com → Data & Privacy → Web & App Activity
      • Smart TVs with built-in cameras and microphones may use Automatic Content Recognition (ACR) to track what you watch and deliver targeted ads. Most TVs let you limit this in Settings → Privacy. Worth reviewing when you first set one up
      • Security cameras and baby monitors on factory-default passwords are easy targets. Change the default login immediately — it's the single most important step after setup
      • Isolate smart devices on a guest network — most routers let you create a separate Wi-Fi network for IoT devices (smart plugs, cameras, thermostats). Keeps them away from your computers and phones if one gets compromised
      • Location-sharing apps (Life360, Find My, Google Family Sharing) — useful for family coordination, but they create a continuous location trail. Be aware of who has access and review sharing settings periodically
      🚗 Vehicle Security
      • Always lock your car — even in your own driveway, even for 2 minutes. Unlocked cars parked overnight are the #1 source of vehicle break-ins in Gwinnett County
      • Nothing visible = nothing stolen: phones, chargers, bags, change, tools, sunglasses — if it's visible through the window, it's a reason to smash the glass. Move everything to the trunk or take it inside
      • Garage door opener in your car is a house key — if your car is broken into or stolen, whoever has it can drive back and open your garage. Keep it inside or use a keychain remote instead of the visor clip
      • Registration and insurance documents reveal your home address. If your car is stolen, that's your address in the thief's hands. Store copies in your phone or wallet instead of the glove box
      • Don't warm up your car unattended — an idling, unlocked car in a driveway is one of the easiest targets. In Georgia, leaving a running unattended vehicle on a public street can also result in a fine
      • Park near cameras when you can't use your garage — in parking lots, pick spots near visible cameras or well-lit areas. Thieves target isolated vehicles away from foot traffic
      • Tinted windows reduce visibility of interior contents and make smash-and-grab less rewarding. Keep tint within Georgia's legal limit (front side windows must allow 32%+ light transmission)
      • Car alarm systems matter — a triggered alarm draws attention and deters most opportunistic thieves. Factory alarms are a baseline; aftermarket systems with smartphone alerts add a layer of awareness
      • Your car signals your absence: same car in the driveway for 5 days straight, or no car at all for a week — both patterns tell observant thieves when a home is occupied or vacant
      • Check for hidden tracking devices — Bluetooth trackers like AirTags have been placed in wheel wells and under bumpers in parking lots to follow vehicles back to home addresses. iPhones automatically alert you if an unknown AirTag has been traveling with you. Android users can download the AirGuard app for the same detection. If you find one, don't confront anyone — call Gwinnett PD non-emergency at (770) 513-5700
      🌐
      Digital Footprint & Privacy
      Reduce your online exposure, understand authentication, and protect your digital identity
      👤 How Scammers Profile You
      Scammers build target profiles from social media, data brokers, public records, and breach databases before ever contacting you. The more specific they sound, the more you trust them.
      • Your full name, address, employer, relatives, and estimated income are often on data broker sites
      • Social media reveals your schedule, location patterns, relationships, and financial situation
      • Public records (property, court, voter registration) are freely searchable
      • AI tools can clone your voice from as little as 3 seconds of publicly available audio
      📱 Social Media Oversharing
      • Vacation posts: broadcasting you're away tells burglars your home is empty
      • Geotagged photos: image metadata reveals your home, workplace, and routine locations
      • Family details: pet names, children's schools — all used in spear-phishing to sound credible
      • Financial posts: new car, inheritance, major purchase — flags you as a high-value target
      • Voice and video: any public video of your voice can seed an AI voice clone
      ✅ Reduction Action Steps
      • Set all social accounts to private — friends only, not public
      • Disable geotagging: iPhone → Settings → Camera → Location; Android → Camera → Settings → Location tags
      • Remove phone number and home address from Facebook, Instagram, LinkedIn profile fields
      • Use a separate email for online shopping and account signups
      • Search your own name on Google quarterly — see what's publicly visible
      • Establish a family voice code word — one word only real members know — to verify any emergency call
      • Limit ad tracking: iPhone → Settings → Privacy → Tracking → off; Android → Settings → Privacy → Ads → opt out
      • Sign up for USPS Informed Delivery at informeddelivery.usps.com — get daily email previews of your incoming mail so you instantly know if a piece goes missing or if a package notification is fake
      • Blur your home on Google Street View — search your address on Google Maps, open Street View, click "Report a problem" in the bottom-right corner, and request blurring of your home, vehicle, and license plate. The blur is permanent and free. Worth doing if your property is clearly visible from the street
      • Request removal of your personal info from Google Search — Google's "Results About You" tool lets you flag search results that show your home address, phone number, or email and request their removal. Visit myaccount.google.com/results-about-you — sign in, search your name, and submit removal requests on any results showing your contact information
      Understanding how authentication works helps you recognize when something is wrong — a site that skips 2FA, a call asking for your OTP, or a login page that doesn't support passkeys are all red flags.
      🔐 Authentication Types Explained
      🔑 Password Authentication
      The most common form — you know a secret string. Weaknesses: reuse, breaches, phishing. Best practice: unique password per site using a password manager (Bitwarden is free and open source). Minimum 16 characters for important accounts.
      📱 2FA — Two-Factor Authentication
      Requires a second proof after your password — typically a code sent by SMS or generated by an app. SMS 2FA is better than nothing but can be intercepted via SIM swap. App-based 2FA (Google Authenticator, Authy) is significantly stronger. Enable on every important account.
      🛡️ MFA — Multi-Factor Authentication
      The general term for requiring two or more authentication factors from different categories: something you know (password), something you have (phone/token), something you are (biometric). More factors = more security. Your bank likely uses MFA whether they call it that or not.
      ⏱️ OTP — One-Time Password
      A code that is valid for only one use or a short time window (30-60 seconds). Generated by an authenticator app (TOTP) or sent by SMS. Never share an OTP with anyone who calls or texts you asking for it — legitimate services never ask for your code over the phone. Sharing it hands over your account.
      🪪 Hardware Tokens
      Physical security keys (YubiKey, Google Titan) that you plug in or tap to authenticate. Cannot be phished — even if a scammer has your password, they cannot log in without the physical key. The strongest form of 2FA available to consumers. ~$25-$55. Recommended for high-value accounts (email, banking, crypto).
      🫆 Biometrics
      Fingerprint, face recognition, iris scan — something you are. Convenient and strong for device unlock. Not a standalone account security measure — always paired with a PIN or password as fallback. Face ID and Touch ID on iPhones are processed on-device; the biometric data never leaves your phone.
      🔏 Passkeys (FIDO2 / WebAuthn)
      The newest and strongest standard — replaces passwords entirely. A passkey is a cryptographic key pair stored on your device. You authenticate with your biometric or PIN locally; no password is ever sent over the internet. Phishing-resistant by design because the key is bound to the exact domain. Google, Apple, Microsoft, and most major sites now support passkeys. Enable them wherever offered.
      🔗 Federation / Single Sign-On (SSO)
      "Sign in with Google / Apple / Facebook" — you authenticate with one trusted provider who vouches for you to other sites. Reduces password reuse risk but creates a single point of failure: if your Google account is compromised, every federated account may be too. Use a strong, unique password and hardware 2FA on your SSO provider account.
      🤖 CAPTCHA
      Completely Automated Public Turing test to tell Computers and Humans Apart. Challenges designed to be easy for humans but hard for bots — used to prevent automated attacks. Not an authentication method itself, but a gatekeeping layer. Scammers increasingly use CAPTCHA-solving services, so sites use behavioral analysis and invisible CAPTCHAs as well.
      🚨 The #1 auth-related scam: A caller claims to be your bank and says they're sending you a verification code to confirm your identity. You receive an OTP. They ask you to read it back. The moment you do, they use it to log into your real account. No legitimate company will ever ask you to read an OTP to them over the phone.
      A credit freeze blocks lenders from pulling your credit report — so a scammer who has your Social Security number cannot open new accounts in your name. It's free at all three bureaus, takes about 10 minutes each, and does not affect your credit score.
      📋 Do This Today — In Order
      1. Pull your free credit reports at AnnualCreditReport.com — look for accounts or inquiries you don't recognize
      2. If you spot fraud, report it at IdentityTheft.gov before freezing
      3. Freeze all three bureaus below — each one separately, takes ~10 min each
      4. Save your PINs/passwords in a password manager or written in a secure place — you'll need them to thaw later
      🧊 Freeze All 3 Bureaus
      You must freeze each bureau separately — one freeze does not cover all three.
      Equifax Freeze
      Free online. Create an account, then "Add Security Freeze." Phone: 1-800-685-1111.
      Experian Freeze
      Free online. Instant freeze available at the Freeze Center. Phone: 1-888-397-3742.
      TransUnion Freeze
      Free online or via their app. Phone: 1-888-909-8872.
      ➕ Also Freeze These (Often Overlooked)
      Beyond the big three, these matter especially if you've already been a victim of identity theft:
      • Innovis — a 4th credit bureau used by some lenders and utilities. Free freeze at innovis.com
      • ChexSystems — used by banks to screen new checking and savings account applicants. Free freeze at chexsystems.com
      ⏱️ Temporary Lift (Thaw) vs. Permanent Removal
      ⏱️ Temporary Thaw — Use This When Applying for Credit
      Log into each bureau and select "Lift" or "Thaw" — you set a date range (e.g., 3–7 days) and it re-freezes automatically. Ask the lender which bureau they use before thawing — most use one, not all three. You only need to thaw that one. Common triggers: applying for a mortgage, car loan, apartment, job, or phone plan.
      🔓 Permanent Removal
      Log in and select "Remove" or "Unfreeze." Takes effect within 1 hour online. Most people keep their freezes active indefinitely — only remove permanently if you no longer want the protection.
      ⚠️ PIN / Password Warning: Some bureaus issue a PIN when you freeze. Do not lose it — you may need it to lift or remove the freeze. Store it in your password manager, not in a text on your phone. Losing it can require mailing identity documents and may take weeks to recover.
      👧 Child Credit Freeze
      Children under 16 don't have credit reports — which makes their Social Security numbers attractive to identity thieves (the fraud can go undetected for years). All three bureaus allow parents and guardians to create and freeze a child's credit file as a precaution. The process requires mailing identity documents; check each bureau's website for instructions. Strongly recommended if a child's SSN was exposed in a data breach.