Scam › Module 3 › Lesson 3
Hardening After a Close Call
Password manager, MFA, and verification habits that make you a harder target next time
Opening
Turn fear into a checklist
A close call is useful if it changes your defaults. You do not need fancy tools—just fewer reused passwords, MFA on important accounts, and a rule: unusual money or login requests get a second channel.
1. Account Hardening Kit
Password manager
Unique random passwords so one phish does not unlock everything.
MFA everywhere that matters
Email, banking, work SSO, social admins. Prefer authenticator apps or hardware keys over SMS when possible.
Less public bait
Tighten social privacy so AI clones and job scammers get less material.
Family / work codes
Agree how you verify urgent money requests before the emergency happens.
2. Daily Habits That Block Bait
Type important URLs yourself. Hover/long-press links. Never share OTPs. Treat gift-card payment requests as fraud. For work wires, follow written procedure even if a "CEO voice" screams. Review account recovery emails and phone numbers quarterly so attackers cannot reset you first.
Email is the keys to the kingdom
Harden your primary email first—MFA, recovery codes offline, forwarding rules reviewed. Most other account takeovers start there.
Knowledge Check
Which change most reduces damage from one phished password?
Multiple choice
Knowledge Check
True or False: A family challenge code helps against AI voice scams.
True or False
Knowledge Check
Which account should you harden first after a phishing scare?
Multiple choice