Securing your personal information is a State Farm® priority
We work hard to make sure your account information stays secure. Stay informed of security risks and learn more about how to protect yourself and how State Farm protects you.
Reporting suspicious activity
If you receive an email, letter, phone call or text message which seems suspicious, protect yourself and do not reply or respond. Do not provide any personal information (especially financial account details).
How to report if you did not provide any information
Call a local State Farm agent at a phone number you know is correct (not the number in the email, on caller ID or in a letter). An agent can help determine whether the email, phone call or text message is authentic. If it’s not legitimate, the agent will report the activity to State Farm.
How to report if you did provide information
Call a local State Farm agent at a phone number you know is correct (not the number in the email, on caller ID or in a letter). In addition, you should consider taking the following actions if you believe you are a victim of a scam phone call or you clicked on a link in the email, opened an attachment or responded to the sender, etc.
- Change your State Farm account password.
- Contact credit reporting services and have a fraud alert attached to your credit report file.
- Monitor the activity in your account for a period of time.
- Notify appropriate law enforcement agencies.
Report to:
The Federal Trade Commission or by calling 877-IDTHEFT (877-438-4338877-438-4338).
Local or state police departments (if the activity results in stolen funds or property).
Alerts
Individuals have recently reported receiving letters in the mail which include a check using the State Farm name. The letter states it is from “the desk of the vice president international promotion/prize award department,” includes references to “free lotto promotion” and/or “international lotto commission,” informs the recipient about monetary “sweepstakes” winnings and instructs the person to deposit the fake check in their bank account in order to collect the full cash prize winnings.
The check may:
- Feature the State Farm logo.
- Appear to be drawn from a legitimate banking institution.
- Appear to be signed by a State Farm representative.
These are scam letters and checks. To protect yourself, do not cash or deposit the check. Do not call the phone number included in the letter.
Individuals have recently reported receiving unauthorized survey emails and text messages using the State Farm name. The emails include a link to a customer experience survey along with a promise of a “reward” for completing it.
If you receive a suspicious survey email or text message claiming to be from State Farm, call a local State Farm agent at a phone number you know is correct (not the number in the email or in a text message) for assistance.
How to protect yourself
User ID and password
To access your State Farm account information, you will need to register and create a unique user ID and password. The following password tips will assist in making your account more secure.
- Must be between 5 and 64 characters long
- Must contain any standard English keyboard characters except the following: * ( ) & !
- Must not contain leading or trailing spaces
- Must not contain email address
- Don’t reuse the same user ID on all your accounts.
- Don’t use your address, telephone number, ZIP Code or common dates (e.g., your birthdate, your anniversary).
- Don’t use names including your name or any part of your name (e.g., your initials). Don’t use the name of your spouse, children or pets.
- Avoid using “State Farm.”
- Don’t use the name of your spouse, children or pets.
- Don’t use your Social Security number.
Some operating system developers, such as Google or Apple, allow mobile application users to request deletion of accounts created within an application. If you request deletion of your account, State Farm Insurance may still retain your information for legal, auditing, regulatory and business purposes. Retention periods vary according to specific legal, auditing, regulatory and business needs. A request to delete an account within the mobile application only applies to the credentials and account you created within the application and not to any other accounts you may have with State Farm Insurance.
In order to remove your account, call the Customer Care Center at 1-800-782-83321-800-STATEFARM.
- Must be between 12 and 256 characters long
- All standard English keyboard characters allowed
- Must contain 1 special character
- Must not contain email address
- Must not contain leading or trailing spaces
- Must not contain the User ID
- Must not use the past 5 passwords
- The more characters used, the stronger the password. Use more than 10 characters when possible.
- Mix numbers, special characters, upper and lower case letters to create a strong password, but don’t repeat the same character three or more times in a row (e.g., 111).
- Don't make it easy. Passwords that include your personal information can be easily guessed.
- Never use common words or phrases when creating a password (e.g., football, iloveyou).
- Don't use alphabet and numeric sequences (e.g., abcdefg, 123456) or a keyboard pattern (e.g., qwerty).
- Don’t use the name of your spouse, children or pets.
- Don't use your telephone number, ZIP Code, initials, or any part of your name or address because this information is not confidential.
- Don't use the word “password” for any part of your password.
- Choose a strong password and keep it confidential.
- Don't write down your password, change it in a public place, or let anyone see you use your password.
- Use different passwords for different accounts (e.g., State Farm, retail accounts, other financial accounts, etc.). If you use the same password on multiple accounts and it gets stolen, hackers have the potential to access all of your accounts which use that password. How to avoid getting hacked.
- If you think your password has been stolen, change it immediately.
- Understand the risks of sharing your password with insurance or financial aggregator websites or mobile apps. Learn more about insurance or financial aggregators.
- If your password needs to be reset due to being locked out or forgetting your password, immediately create a new, strong password.
- Change your password immediately if you suspect it has been stolen or if you suspect someone knows it.
Identity verification
There may be times when you are asked to verify your identity. You can choose the identity verification method that best suits your needs.
State Farm is committed to protecting your personal information. That’s why we provide security features to help ensure only you can access your account. The two-factor verification process provides an extra layer of account security designed to keep your information safe.
If you choose two-factor verification, you’ll see some changes when you access your account online. Here’s what you need to know:
- You will receive a unique verification code by email or text to access your account online.
- You must use it EACH TIME you log in, whether it’s on a desktop computer, tablet or on the State Farm Mobile App.
- You must enter the correct verification code for account access. Please review and update your contact information to make sure it is correct.
Identity verification can be achieved through the use of a temporary Verification Code (VC). In order to utilize a VC, your email address and/or mobile number must be current – this enables State Farm to successfully communicate the 6-digit code. Once you receive the code, enter it within a few minutes to verify your identity.
To update your email address and mobile number, log in to your account and look for “Profile and Preferences”.
You may contact a State Farm representative at 1-800-782-83321-800-STATEFARM.
If you currently have a Canadian address*, your identity will be verified using a temporary Verification Code (VC). In order to utilize a VC, your email address and/or mobile number must be current – this enables State Farm to successfully communicate the 6-digit code. Once you receive the code, enter it within a few minutes to verify your identity.
To update your email address and mobile number, log in to your account and look for “Profile and Preferences".
If you are unable to update your information or enter the Verification Code, assistance from a State Farm representative is available at 1-800-782-83321-800-STATEFARM.
*Return to reference Canadian address: This could be your mailing address, residence address, or a non-U.S. address on any policy or account in your file.
Email fraud/phishing
Scammers use email or text messages to trick you into giving them your personal information (e.g., passwords, account numbers or Social Security numbers) to gain access to your email, bank or other accounts. Their messages create a sense of urgency, curiosity and fear so that you’ll take immediate action. Scammers launch thousands of phishing attacks every day — don’t take the bait.
If you receive an unsolicited email requesting personal information and it appears to be from State Farm, statefarm.com® or has the State Farm logo, do not respond.
Keep this in mind:
- State Farm will not send unsolicited email containing attachments or require customers to send personal information to us via email or pop-up windows.
- State Farm will send customers an email notification when there is a message waiting for them in their secure online inbox.
Although scammers may use our State Farm logo and name to make their messages look legitimate, look for these signs to help you recognize a phishing email:
- The message is unsolicited or unexpected.
- You are asked to click on links or open attachments.
- The message creates a sense of urgency or invokes strong emotions like greed or fear.
- Sensitive information is requested (your password, account number, Social Security number, etc.)
Review the email from top to bottom. Do not just look at the sender’s name and email address. Phishers know that most people will stop there. They are counting on you being too busy to take the time to examine your emails.
- Read the domain of the sender. The “domain” is the portion of the sender’s email address after the @ sign including the domain suffix (e.g., .com, .gov, .edu).
- Beware of attachments — especially if you weren’t expecting one.
- Hover over links with your mouse to reveal the actual URL. Scammers often use links in their emails (or in attachments) to send their victims to either a fake site used to steal your login credentials or a website that will infect your computer with malware.
If you receive an unsolicited email requesting personal information and it appears to be from State Farm, statefarm.com or has the State Farm logo, do not respond.
If the State Farm name or logo is used in an email and you are suspicious, report this activity.
State Farm customers: If you receive an email that looks different from what you normally receive from your agent or State Farm, report this activity.
Scams (phone calls, texts, emails)
Scams take various forms. The most common we hear about are letters, emails or phone calls. If the State Farm name or logo is used in a communication and it seems suspicious, report it to State Farm.
Here are some examples of scams which target State Farm customers. Learn how to spot them and how they work so you can avoid becoming a victim. If you do fall for a scam, report it immediately.
Prize scammers try to get your money or personal information through fake lotteries, sweepstakes or other contests. Many of these fake contests ask you to pay a fee to collect your winnings. Others require you to provide personal information to enter a “contest.” These scams can reach you by mail, email, phone calls, robocalls or text messages.
Example of a lottery or sweepstakes scam to a State Farm customer
What happens: You are notified you have won a lottery or other monetary prize. In the case of a letter or email, scammers may use the State Farm logo, or otherwise try to make it appear that the "contest" is sponsored by State Farm.
How it works: You may be given a claim number and asked to contact an "agent" or prize administrator to claim the rest of your “prize.” A bogus check for a smaller amount is often included to cover "administrative costs," taxes or fees. The check may:
- Feature the State Farm logo.
- Appear to be drawn from a banking institution.
- Appear to be signed by a State Farm representative.
What to do: Call your agent at a phone number you know is correct (not the number in the letter or email) and report this activity.
Scammers use email to trick you into giving them your personal information (e.g., passwords, account numbers or Social Security numbers) to gain access to your email, bank or other accounts. Learn more about phishing and how to recognize, review and report phishing email messages.
Telephone scammers try to steal your money or personal information. They may contact you through a phone call from a real person, a robocall (an automated call which delivers a recorded message) or a text message.
Example of a telephone scam to a State Farm customer
What happens: You receive a phone call from someone you don’t know saying they are from State Farm. You’re asked for your credit card information to immediately pay your premium to avoid cancellation or a lapse in coverage.
How it works: Callers will pretend to be with State Farm to gain access to confidential or personal information, including your credit card information. Some callers may try to provide a quote for insurance to "lower your rate" and will eventually ask for credit card or bank account information.
What to do: If you have doubts about the caller’s identity, hang up and call your agent at a phone number you know is correct and report this activity.
Spoofing is when a caller deliberately falsifies the phone number displayed on your caller ID to disguise their identity. Scammers often use spoofing so that an incoming call appears to come from a local number, a company or a government agency that you may already know and trust.
What happens: You receive a phone call and your caller ID shows a phone number from State Farm. You answer, but you don’t recognize the caller and the caller seems suspicious.
How it works: Scammers can mask the phone number they are dialing from and display another number on caller ID. To trick you, they’ll often use a phone number with a local area code or even the same number for your neighbor, a government agency or a local business — such as your State Farm agent’s number. You might hear a recorded message which asks you to press a number to speak with someone.
What to do: If you have doubts about the caller’s identity, hang up and call your agent at a phone number you know is correct and report this activity.
Scam artists will send a fake invoice or bill to an individual or business hoping to trick them into paying for products or services that they did not order, that have little or no value, or that are never delivered. Many of these “invoices” appear at first glance to be legitimate bills, and may include threatening or confusing legal jargon to create a false sense of urgency to pressure recipients to make quick payments.
What happens: You get an authentic-looking State Farm bill in the mail indicating you are in "Past Due" status. You don't remember the purchase or other transaction the bill is for.
How it works: Scammers create a fake bill using the State Farm name and logo and mail it to you.
What to do: If the bill seems suspicious — or if you don’t even receive paper bills in the mail from State Farm — call your State Farm agent at a phone number you know is correct and report this activity.
Spoofed websites
To trick victims into providing their personal information, bad actors may create a fake or “spoofed” website which may look like a legitimate company’s website. They’ll even create a similar domain name like “statfarm.com” (without an “e”) which closely resembles “statefarm.com”.
Oftentimes, a phishing email will include a link to a spoofed website and prompts victims to enter personal information such as driver’s license and Social Security numbers and bank account or credit card info. Fake sites might also prompt victims to enter their user names and passwords. Bad actors then use those credentials to try logging in to victims’ accounts on legitimate websites to potentially access bank accounts, open credit cards, or steal the victim’s identity.
To protect yourself from falling victim to a spoofed site, here are some tips:
- Don’t click on links in suspicious emails. A fake site might look like a legitimate site, but they request information that real websites may not ask for, including your account and Social Security number.
- Never reply to a suspicious email. If you need to contact or correspond with an organization or business, navigate directly to their website by typing the address into your browser. Or, call them at a phone number you know is correct.
- Always double check the website’s address by clicking on the lock symbol to verify that a security certificate was issued to that site. A security certificate is a sign that it’s a legitimate, trusted website.
- If you believe a bad actor has created a spoofed State Farm website, call your State Farm agent at a phone number you know is correct and report this activity.
More information about protecting yourself
For more information, visit the following:
The Federal Trade Commission (FTC) (Protecting America's Consumers)
FTC Facts for Consumers (About counterfeit check scams)
Browser electronic document security
Which are recommended browsers? Statefarm.com is currently compatible with the following major browsers:
- Microsoft Edge
- Apple Safari
- Mozilla Firefox
- Google Chrome
Please Note: statefarm.com commonly supports the most recent version and the previous version of the above browsers. In order to have the best online experience, we suggest upgrading to a more recent version or using a different browser. Customers who currently use Internet Explorer should also consider using one of the supported browsers above.
All of these browsers provide encryption technology to keep your personal information private. Encryption is the way your browser translates everything that you send into a code that can only be deciphered by our computers at State Farm. Communication containing confidential information (e.g., financial transactions) between State Farm and its customers is encrypted using the most recent release of Secure Sockets Layer (SSL) technology with encryption keys of up to 128 bits.
During any secure transaction with our company, you can verify encryption key strength by clicking on the lock or key icon located at the bottom of your browser window. If your Cipher strength is less than 128-bit, you will need to update your browser. To upgrade your browser, please select one of the following:
In order to help preserve your privacy when using a public computer, we suggest you always clear your browser history and close the browser when you're finished.
Viewing electronic documents
In order to view your documents electronically, you will need software that enables you to view files in the Portable Document Format (PDF). If you do not have a PDF Reader installed on your computer, you may download a free copy of Adobe Reader.
Vulnerability disclosure policy
State Farm is dedicated to maintaining the confidentiality, integrity and availability of State Farm systems and information. We care about protecting our customers and associates from the security risks of everyday life. If you have noticed an information security issue in a State Farm system while using www.statefarm.com or a State Farm mobile application, we want to hear about it.
How we protect you
State Farm is committed to the protection of customer information. State Farm uses Knowledge Based Authentication (KBA) as a part of our customer verification process.
We use a provider who specializes in identity verification for companies, healthcare and government entities. Verification questions are generated randomly during each customer interaction, making it impossible to determine which questions will be presented in a quiz. The provider pulls answers for the verification questions from a wide variety of customer information databases, but not from State Farm customers' personal information.
This approach has become common in the industry and will help to keep your information safer from those who might want to illegally access it or use it for fraudulent purposes.
Most customers will continue to log in through the devices (computer, mobile phone, tablet, etc.) they use today. You may experience the following: U.S. customers or customers with a non-U.S. address (insurance only).
Brand Indicators for Message Identification (BIMI) is a technical standard enabled at State Farm that allows participating email providers to display the State Farm logo next to emails in inboxes. This page includes a list of email providers currently supporting BIMI.
Using the BIMI standard to display the State Farm logo in customers’ inboxes provides a visual for email authentication to help customers be less likely to fall for phishing attacks and spoofed emails.
If it is necessary to verify your identity, you will be asked to answer randomly generated verification questions called a "quiz" or, if available, you can request to receive a temporary verification code via email or text message.
You must pass the quiz or enter a valid verification code received via email or text message to be considered "verified". If you're unable to pass the quiz or enter a valid code, you must call State Farm at 1-800-782-83321-800-STATEFARM. You also have the option to create and manage a personal identification number (PIN) when you call a State Farm response center. This PIN is used to help verify your identity and is only available through a State Farm response center.
If you currently have a non-U.S. address1 on file with State Farm, you will not see randomly generated questions, but can request to receive a temporary verification code via email or text message in order to verify your identity. This process will replace your previous security questions and answers.
You must enter valid verification code received via email or text message to be considered "verified". If you're unable to enter the code, you must call State Farm at 1-800-782-83321-800-STATEFARM.
1Return to reference Non-U.S. address: This could be your mailing address, residence address or a non-U.S. address on any policy or account in your file.
State Farm (including State Farm Mutual Automobile Insurance Company and its subsidiaries and affiliates) is not responsible for, and does not endorse or approve, either implicitly or explicitly, the content of any third party sites hyperlinked from this page. State Farm has no discretion to alter, update, or control the content on the hyperlinked, third party site. Access to third party sites is at the user's own risk, is being provided for informational purposes only and is not a solicitation to buy or sell any of the products which may be referenced on such third party sites.