Avoid these scams and behaviors that lead to financial loss

American Legion partner Aura answers questions about fraud and scams.

American Legion partner Aura, which combines credit monitoring, identity fraud alerts and online privacy tools in one easy-to-use platform, answers questions about scams and behaviors that lead to financial loss.

Through this partnership, Legion members and their families can access Aura’s protection at discounts of up to 75% on family plans and over 60% on individual and couple plans.

Question: What is the non-negotiable rule a Legionnaire should follow when anyone asks for money using these methods, regardless of the story they tell?

Answer: Never send money or financial information in response to an unsolicited request, no matter how urgent or emotional the story sounds. Always stop, verify through an official channel you trust, and only proceed if you can independently confirm the request is legitimate. Another thing to be mindful of is that scammers often demand payment via gift cards, wire transfers or cryptocurrency.

Question: What is the risk of logging into a bank account or VA.gov on a Legion post public Wi-Fi, and what is the single easiest protection tool Legionnaires should be using on their phones and laptops when connecting to any public network?

Answer: Using public Wi-Fi, like at an American Legion post, puts bank accounts and VA.gov logins at risk because attackers on the same network can intercept traffic, spoof the network, or redirect users to fake login pages, exposing passwords and personal data. The single easiest protection Legionnaires should use is a VPN, which encrypts their connection so information can’t be read or altered on public networks. Public Wi-Fi is convenient but untrusted. Turn on a VPN before logging into anything sensitive.

How Aura Can Help Aura includes a built-in VPN that turns public Wi-Fi into a private, encrypted connection, helping keep bank and VA logins safe wherever Legionnaires connect.

Question: How does revealing service history (like unit names, deployments or dates) on platforms like Facebook create a "social engineering" advantage for scammers, and what details should Legionnaires immediately delete or hide from public view?

Answer: Military servicemembers and families are more than twice as likely to be targeted by cybercrime and fraud than the general population. Scammers exploit the extensive personal data collection within the military, including the use of SSNs for identification and the need to share info with various organizations, which increases the risk of data breaches and subsequent identity theft. Publicly sharing detailed service history gives scammers the context they need to sound trusted and legitimate. By referencing unit names, deployments, or service dates, bad actors can impersonate the VA, The American Legion, or fellow veterans to craft personalized messages that lower skepticism – this is social engineering, exploiting trust rather than hacking accounts.

To reduce risk, Legionnaires should hide or delete specific details like unit names or numbers, deployment locations and dates, rank or discharge information, photos with identifying unit insignia and captions, and real-time check-ins at Legion or VA locations, keeping profiles limited to high-level identifiers like “veteran” or general branch only.

How Aura Can Help Aura’s award-winning identity protection provides comprehensive monitoring of your data and identity to catch fraud fast. Aura identity protection not only notifies you if your SSN, login and passwords have been leaked on the Dark Web, Aura helps remove your personal info from Google search results and your data from 140-plus data brokers, including people search sites, junk mail lists, real estate data brokers and more — helping to reduce your data exposure to prevent scams, robocalls and identity theft.

Q: How can a Legionnaire independently verify the caller's identity before sharing any personal information?

Answer: A Legionnaire should never rely on what a caller says. To independently verify identity, they should hang up, then contact the organization directly using a phone number from an official website, ID card or mailed statement; not one provided by the caller. You should also ask for the caller’s full name, department, and reference number, and verify those details through the organization’s official channels. Legitimate organizations will never pressure immediate action or request sensitive information (like SSNs or banking details) over unsolicited calls.

Rule of thumb: stop, disconnect, look it up and call back.

How Aura Can Help Aura helps reduce phone scams with AI-powered scam blocking and call screening, flagging suspicious calls before Legionnaires answer. It also includes text protection on iOS to detect and block scam messages. Together, these tools help Legionnaires protect their personal data and their assets.