Privacy & Security Tips


If another individual logged into your account and locked you out by changing your password and/or setting up 2FA, the best option is to go through the recovery steps specific to each account, and you may be able to regain access to your account


After you regain access, secure your account with the following tips:

  • Do not use similar/common passwords between accounts. Each password should be completely unique and should not contain any personal information.
  • Strong passwords are long and use a good mix of different types of characters (numbers, lower/uppercase, special).
  • Set up 2FA or 2-factor authentication to keep your accounts safe even if the passwords are breached. 2FA will add an extra layer of security to your logins by asking for a unique code every time you login.
  • Use a password manager to keep track of your passwords and keep them secure.



If you receive an email/text from what seems to be your bank, ISP, mortgage company, etc. asking you to share your personal information such as your password or SSN, do not share this information as this is a phishing attempt. Phishing is a type of scam where another individual poses as a company in order to trick you into revealing sensitive information. Institutions such as your bank will never contact you through email/text asking you for your personal information.

How do I recognize phishing attempts? Phishing emails/texts will often pose as a well-known company such as your bank and will create a story to trick you into following a link, opening an attachment with malware, etc. For example, the message may say that your account has been hacked or that you must update your payment details to continue using the service.

How do I report a phishing message?

  1. Forward the message you received to the APWG (Anti-Phishing Working Group) at [email protected]. If you received a text message, you can forward it to SPAM (7726) instead.
  2. Report the phishing attempt to the FTC (Federal Trade Commission).
  3. After reporting, make sure to delete the message.

What should I do if I responded to a phishing message?

  1. If you provided any of your personal information such as your SSN, credit card, etc., immediately visit the FTC's website where you can explore options to mitigate potential risks.
  2. Make sure your accounts are secured by changing your password and following these tips.
    • Do not use similar/common passwords between accounts. Each password should be completely unique and should not contain any personal information.
    • Strong passwords are long and use a good mix of different types of characters (numbers, lower/uppercase, special).
    • Set up 2FA or 2-factor authentication to keep your accounts safe even if the passwords are breached. 2FA will add an extra layer of security to your logins by asking for a unique code every time you login.
    • Use a password manager to keep track of your passwords and keep them secure.



Jumbo is currently only available on mobile devices, but there are still ways you can ensure that your computer and the information on it stays safe.


A VPN offers privacy and security by routing your Internet traffic through an encrypted tunnel to a remote server. Encryption essentially scrambles your data, making this information unreadable to anyone who is not authorized to view this (e.g. hackers, ISPs, etc.). Using a VPN offers other different benefits such as masking your IP address, avoiding tracking, accessing geo-restricted content, and more.

When choosing a VPN service provider, there are several important points to consider: if there is a no-log policy (i.e. the provider does not keep logs on your activity), how much data you're allowed, what security protocol is used, and where the servers are located.




By using a password manager, you can store all of your passwords in one secure location, either locally or on cloud-based servers. Protected by one master password that you choose, password managers make it easy for you to make sure that all of your passwords are unique and secure. This is important because reusing passwords across different accounts is incredibly risky--if one account is breached, hackers can access other accounts using your information.

Password managers also save you time when logging into different websites by saving your credentials, and some password managers can even help you auto-generate secure passwords or check if a particular password was compromised in a data breach.




A great, free way to protect yourself is to make sure that you're practicing safe browsing habits while on the web. Just changing a few of your habits will help you and your information stay more secure:

  • Do not use similar/common passwords between accounts. Each password should be completely unique and should not contain any personal information.
  • Strong passwords are long and use a good mix of different types of characters (numbers, lower/uppercase, special).
  • Set up 2FA or 2-factor authentication to keep your accounts safe even if the passwords are breached. 2FA will add an extra layer of security to your logins by asking for a unique code every time you login.
  • Only visit websites that you trust, and when logging into your accounts, make sure to check the url of the sites that you're logging into (For example, fake sites may slightly change the address .com vs. .zz).
  • Before clicking on links on desktop, you can hover over them to see the address. Make sure that you are not following any links to suspicious websites.
  • Don't use unsecured wifi networks when in public.
  • Make you're using a pop-up blocker on your browser.



If you notice that there is an unknown device connected to one of your accounts, you can remove these devices through your user settings. After you remove these devices, immediately change your passwords for these accounts as well as set up 2FA for extra security.


  1. Open the Settings app.
  2. Tap your name at the top.
  3. Scroll down to view your list of connected devices.
  4. Tap the device you want to remove.
  5. Tap Remove from Account, and confirm your choice.



  1. Log into Google on your desktop.
  2. Go to your account settings.
  3. Select Security in the left sidebar.
  4. Under the Your devices section, select Manage devices.
  5. Click the three dots next to the device you want to remove.
  6. Click Don't recognize this device?, and follow the prompts.



Receiving spam calls can be tiresome, but there are ways to reduce the number of spam calls you receive on your device.


Turn on Silence Unknown Callers

  1. Open the Settings app.
  2. Tap Phone.
  3. Tap Silence Unknown Callers.
  4. Switch the toggle from OFF to ON.

Use an app to filter spam calls

  1. Open the App Store app, and download an app of your choice that filters spam calls.
  2. Open the Settings app.
  3. Tap Phone.
  4. Tap Call Blocking & Identification.
  5. Switch the toggle for the app(s) you want to use from OFF to ON. To reorder apps by priority, tap Edit in the upper righthand corner.

Block known spam numbers

  1. Open the Phone app.
  2. Tap the Recents tab on the bottom.
  3. Tap the Info button next to the number you want to block.
  4. Tap Block this Caller.



Block unknown callers

  1. Open the Phone app.
  2. Tap the three dots towards the top.
  3. Tap Settings.
  4. Tap Block numbers.
  5. Switch the toggle from OFF to ON.
  6. Add specific numbers you would like to block by tapping Recents and selecting the relevant numbers.



If you're seeing strange events in your Calendar app that mention your device has a virus or that your information is exposed, be assured that this is spam, and you should not follow the links on these events. These spam events are spread through emails and messages that contain invitations, but you can delete these unwanted events from your Calendar.

  1. Open the Settings app.
  2. Tap Calendar.
  3. Tap Accounts.
  4. Select the calendar account that you do not recognize.
  5. Tap Delete Account.


Did this answer your question? Need more help? Contact [email protected] There was a problem submitting your feedback. Please try again later.