Avoid online fraud

Although it's generally secure and convenient to conduct your personal and financial business online, you still need to look out for criminals on the internet trying to defraud you of your money or steal your identity.

Sallie Mae is constantly evaluating and improving its systems and processes to protect you. Use this information to help keep your personal and financial data secure.

Take these simple steps to protect yourself


Protect yourself from email and Internet fraud by being alert and avoiding unnecessary risks. Just as you would not give your credit card to a person you do not trust, do not give your personal contact or account information to a website that looks suspicious.

  • Avoid conducting personal financial business on shared or public computers, like an Internet café or a library.
  • If you use a public computer, don't save your passwords or user IDs on the browser. After you're done, log out of all websites, clear the browser's cache and history, and close the browser. This makes it harder for the next person using the computer to see what you've done.
  • Avoid conducting financial transactions over public wireless hotspots.
  • Make sure your browser is up to date and that your computer has the latest security patches.
  • Install the latest version of an established anti-virus software. If you already have an anti-virus program installed, make sure you get the latest updates by keeping your subscription current.
  • Protect your privacy against spyware or malware by installing established spyware blockers.
  • Make sure no one has hijacked your identity: Periodically check your credit reports with the major credit reporting agencies. Make sure your information is correct and that no one has tried opening fraudulent lines of credit in your name.

Watch out for these fraud warning signs

  • Sensationalist or emotional language. Take a breath before acting on an unexpected email solicitation. Fraudulent emails are written in a way to get you to react immediately.
  • Obvious spelling or grammar errors. Fraudsters and Internet criminals are often better at coding malicious software than they are at spelling. Sallie Mae communications are written by servicing and marketing professionals. AI is making it easier to spoof a compelling message. Always double check the actual sender(s) email address, not the “alias” that you see from the sender. 
  • The email is not addressed to you. A company you do business with knows your first and last names.

Pay close attention to emails you receive

  • Don’t click on the links in suspicious emails. Hackers can make their fraud sites look legitimate — even by using a real company’s name in the URL. Instead, go to the company's website by typing the URL directly into your browser. If you're still in doubt, phone the company using the phone number on their official site NOT one included in a suspicious email.
  • Don't fill out forms in email messages asking you for personal or financial information. Only communicate these pieces of information with a company you're working with over the phone or on a secure website.
  • Make sure you're on a secure Web page when entering sensitive information. Secure Web pages will have https: (note the "s") at the beginning of their Web address instead of just http:. 
  • Use the official app. Make sure you access the company’s app through your respective app store on your device instead of clicking through a suspicious email to ensure you’re communicating with the real organization. 

If you're concerned about an email you received regarding your account with us, report it to abuse@salliemae.com.

Please forward the entire email and any attachments, not just the text in the body. This will help us better trace the email and determine whether it's legitimate.

If you’re concerned about our website security, report it to security@salliemae.com.

Here’s some more helpful information

What is phishing?

Phishing is an Internet scam where criminals try to trick you into divulging sensitive personal information, such as user names, passwords, PINs, or Social Security numbers. Phishing begins as unsolicited emails — or spam — that seem to be from a legitimate company. The emails impersonate the company's look, name, logo, and URL. The emails often use threatening language — such as saying your account will be closed if you do not respond — and "require" that you provide sensitive personal information.

What other damage can phishing do?

Some phishers have been known to send out emails linking to websites rigged to install viruses or Trojan horses on your computer. Such malicious software could take over your computer or record all the sites you visit along with your login information.

Lastly, check out the U.S. Federal Trade Commission’s and National Cybersecurity Alliance websites for additional articles and information on protecting your online privacy.