The FBI has privacy advice for you, and it's actually pretty simple

In late 2024, Chinese government-linked hackers broke into the networks of AT&T, Verizon, and other major U.S. telecom providers. They could read text messages and listen to calls. In response, FBI and CISA officials did something unusual: they went public with specific advice for ordinary people.

That guidance, combined with the FBI's broader 2026 cybersecurity campaign, adds up to a pretty clear to-do list. Most of it is free, takes under an hour, and doesn't require any technical knowledge.

The Big One: Switch to an Encrypted Messaging App

Regular SMS texts are not encrypted. Neither are standard phone calls. Both can be intercepted by anyone with the right access to your carrier's network, which the Salt Typhoon hack proved is not a hypothetical.

The FBI and CISA specifically recommended Signal, a free app for iPhone and Android. Every message and call through Signal is end-to-end encrypted, meaning only the people in the conversation can read or hear it.

The Checklist

Messaging and Calls

• Download Signal and use it for sensitive conversations (signal.org)

• Stop using SMS codes for two-factor authentication where possible. Switch to an authenticator app like 2FAS, Proton Authenticator or Bitwarden Authenticator instead. SMS codes can be intercepted; app-generated codes cannot.

• Call your phone carrier and set an account PIN. This prevents SIM-swapping, a scam where criminals call your carrier and convince them to transfer your number to a new device.

Passwords

• Use a different password for every account. If one site gets breached and you reuse passwords, attackers will try that same password on your bank, your email, and everywhere else. A password manager like Bitwarden (free) or 1Password handles this for you.

• Make passwords longer rather than more complex. A phrase like riverboat-lamp-cloud-purple is harder to crack than P@ssw0rd! and easier to remember. The FBI calls these "passphrases."

• Turn on two-factor authentication (2FA) on every account that offers it. This means logging in requires something you know (your password) plus something you have (your phone). A stolen password alone won't get anyone in.

Devices and Software

• Turn on automatic updates for your phone, computer, and apps. Most successful hacks exploit security flaws that already had a fix available. People just hadn't installed it yet.

• Check whether your phone and computer still receive security updates. Devices that have reached "end of life" no longer get patches, which makes them increasingly easy targets. If yours has stopped receiving updates, it's worth replacing.

Online Habits

• Be skeptical of unexpected emails, texts, or calls asking you to click something, open an attachment, or confirm personal information. Even if the message appears to come from your bank or a government agency. Verify through a separate channel before doing anything.

• Only download software from sources you recognize and trust. Malware is frequently delivered through downloads from sketchy or unfamiliar sites.

• Check your bank and credit card statements once a month. Catching a fraudulent charge early limits the damage significantly. Most banks let you set up transaction alerts to make this easier.

• Do not send money, gift cards, or wire transfers to someone you have not met in person. This applies regardless of how convincing the story is or how long you've been communicating online.

If You've Already Been Hacked or Scammed

• Contact your bank immediately to freeze or reverse any suspicious transactions

• Change your passwords, starting with email and banking accounts

• Place a credit freeze with Equifax, Experian, and TransUnion. It's free and stops anyone from opening new credit accounts in your name.

• File a report at IC3.gov, the FBI's cybercrime reporting center. They track patterns across reports and can sometimes freeze stolen funds.

• Visit IdentityTheft.gov for a step-by-step recovery plan tailored to your situation.

• If you're over 60, the National Elder Fraud Hotline is 1-833-FRAUD-11.

Based on FBI and CISA guidance issued in 2024 and 2026, including the Salt Typhoon telecommunications advisory and the FBI's Operation Winter SHIELD campaign.