New technology, meet an old playbook.
Cybercriminals have embraced sophisticated artificial intelligence (AI) tools, such as large language models (LLMs), to expand the scale and precision of their scams. It’s not just more fake emails, text messages and phone calls — there are also unsettling re-creations of real humans cobbled together from video or audio posted to the internet.
It can seem like a daunting menace, but there’s good news: Sturdy defenses exist, and many of them are time-tested and easy to implement.
We recently invited two Capital Group professionals with deep experience in digital safety — chief information security officer Michael Antico and equity portfolio manager Mark Casey — to discuss cybersecurity in the modern age. In that live webinar, they brought up several ways to better secure your personal and financial lives. You can watch a replay on our website, and we’ve reproduced some of the tips here.
Every few months, there’s another story about a massive data breach. Hackers gain access to a company’s supposedly secure server and swipe the personal information of millions of people — including usernames, passwords and sometimes even Social Security numbers. The reality of the modern world is that, sometimes, you’re a victim of a crime that never targeted you and you couldn’t prevent.
“The email address I’ve been using the longest has been in 33 data breaches,” Casey explains. Another address he uses was one of 2 billion, along with more than a billion passwords, exposed in a long-term hack that was made public in 2025.
But there is something you can do to mitigate the harm, at least in cases like these: use a password manager. It’s a program that tracks your login information and suggests strong, randomized passwords for your accounts. Most managers can be used across devices, meaning your login information will stay current on every device that has the app installed.
Part of the appeal is that you need only remember a single password — that of the password manager — rather than the scores applying to your individual accounts. But there’s more than convenience. Another goal is to use a variety of unique and meaningfully different passwords across all your accounts. If you’re using the same password in multiple locations, then they’re all in danger if any one is compromised.
You’ll still need to monitor large breaches and routinely update passwords, but a password manager can go a long way toward mitigating the potential fallout from a data breach.
While passwords are the bare minimum required to secure an account, you can easily augment that by including two-factor authentication (2FA), also called multifactor authentication (MFA).
2FA superficially resembles a traditional password — when you log in to, say, your bank, you’ll be prompted to enter a code. However, it differs in some key ways. First is that 2FA doesn’t use a password — instead, as you log in, you’ll receive a code from the website (usually via email or text message) or from a specialized app called an authenticator. You’ll use that in addition to your password to log in. Second, that code changes every few seconds, so you won’t use the same one twice. Every time you log in, you’ll be asked to enter the current code.
Authenticators are generally considered more secure, as they’re harder to mimic or infiltrate than an email or phone number. They can be downloaded from online storefronts such as Google Play or Apple’s App Store.
“Turn two-factor authentication on, on everything, everywhere,” Antico says. “Your email, your banking, your brokerage, airline … everything. And when you have the choice … use an authenticator.”
Even with dazzling new AI tools, a scammer’s most potent weaponry is still your fear and uncertainty. If they can get you to panic, you’re less likely to consider the situation and make a collected decision.
That’s why scammers send so many messages — they know it’s a numbers game. They only need to catch someone when they’re distracted or unguarded, when an appeal to emotion can set their mind running.
Many people in the field recommend taking a moment to evaluate any message you receive before engaging with it, especially if it’s making your heart race.
“If you’re ever looking at a message and it’s making you feel panicky, like you have to do something right away, that's all the signal you need to know that something is wrong,” Casey says. “My actual bank representative, my actual doctor? They’re always trying to be soothing.”
When you’re worried that a message might be genuine, you should reach out — but critically, don’t reply directly to the message. If you’re being told to contact, say, your credit card company, look it up independently and contact customer service directly. Likewise, if you’re being asked to assist a loved one, contact them directly to confirm they’re in need.
In the end, cybercriminals are part and parcel of modern life. Taking steps to protect your data — and responding to breaches that might sweep up your personal information — is no different than brushing your teeth or visiting the doctor. And just as with those practices, a little regular maintenance can go a long way toward preventing a costly disaster.
“If everyone did a handful of these things consistently, I think a huge chunk of what comes across my desk every day would probably just go away,” Antico adds.
One of the most common questions we received after our cybersecurity webinar was: “What happens if my password manager gets hacked?”
The short answer: Treat it like any other breach. Update or switch your password manager, change its password and change any passwords
it was tracking. Monitor accounts that might have been affected.
There’s good news, though: Any reputable password manager will store
your passwords in an encrypted form. That will make it difficult to get at
your real data — often, too difficult to be worth the effort. Still, if your
password manager was compromised, even if your data was encrypted,
you’ll want to take the steps outlined above.
Remember, password managers aren’t a ticket to a fraud-free life —
they’re one tool that can help protect your online presence. Just as a
toolbox becomes more useful as you add tools to it, your internet
security hygiene will become more robust as you implement more
security measures, such as two-factor authentication (2FA).
Of course, also keep doing all the regular vigilance: Keep track of
major breaches through a trusted source, keep your devices up to
date and regularly change your passwords. (Many internet security
programs will alert you if you’ve been affected by a breach; you can
also set up a Google alert for your password manager’s name or
check a news aggregator.)
And, of course, we live in a connected world — but that doesn’t
mean we have to be online all the time. If you’re concerned about a particularly sensitive account, you can store the password in a
securely stored notebook. That offers its own security challenges,
but it can’t be hacked.
U.S. Federal Reserve
Economic Indicators