When you consider that hackers attack every 39 seconds, according to a 2017 study from the University of Maryland, you start to grasp just how very real the danger is. Yet, “most people don’t think about security until it’s too late,” Guemmy Kim, lead of account security initiatives at Google tells Reader’s Digest. “The horror stories exist.”

Take for example this story of Laura, that Kim shares:

Laura was at work when she received a text alert from her bank confirming a $700 transfer request.

She immediately panicked because she hadn’t made the request. When she tried to log into her bank account to cancel the transfer, her password was rejected. She tried the “reset my password” option but found that she couldn’t log into her email to access the reset link from her bank.

That’s when Laura knew she’d been hacked—and it was because she’d used the same password on both accounts, and maybe not the most secure one, at that—her pet’s name.

Though Laura was able to cancel the transfer with a phone call to the bank, the email hack was trickier to fix. She ended up being locked out of her account for days. The hackers also had gotten into her online shopping account using the same password and ordered $500 in gift cards, which were sent to a different email address.

All told, it was about a week before things were back to normal with her accounts. Even after Laura regained access, she was haunted by what the hackers could’ve accessed through her email account. She spent many sleepless nights thinking about the social security number listed on tax document attachments and her home address that appeared in numerous emails.

This frustrating and time-consuming hacking horror story is actually not uncommon for people to find themselves in.”

You’ll also want to learn these 20 cybersecurity secrets hackers don’t want you to know.

The problem

Now that many of us do our banking online, our online accounts are often connected to your email accounts. That means if a hacker gets control of your email, they can get control of other things as well.

If a hacker gets into your email you could be accidentally giving them the ability to reset your passwords on other sites with disastrous results. “The hacker will go to your Amazon account or your banking account and then they’ll just say, ‘Oh, I forgot my password.’ Then that service will just be, ‘Don’t worry, I’ll just send you a reset link to your email.'” Now that they have access to your email, it’s very easy for them to go into the other site and change it the password, Kim warns. Then that locks you out of the account. “Then they go in, steal your money and order things and packages to their own home.”

One easy way hackers gain access to your accounts is when you reuse the same password and username on a number of sites, Kim shares. If one of those sites is compromised, as in the Yahoo customer security data breach when 3 billion accounts were compromised, for instance, then hackers might try the same username and password on other sites to see if it works. Knowing the 16 clear signs you’re about to be hacked is also helpful.

What to do

While having secure, unique passwords is important, Kim suggests going to g.co/securitycheckup to make certain your account is as secure as you think it is. This is Google’s very high-level wizard that will walk you though things like adding a security number to your account or updating your password. You’ll also want to avoid using these 25 worst possible passwords.