A Trusted Friend in a Complicated World

16 Clear Signs You’re About to Be Hacked

Updated: Apr. 10, 2024

Cybercriminals are hoping you'll make these common online mistakes. Here’s how to protect yourself—and avoid getting hacked.

Hacker with computers in dark room. Cyber crime
boonchai wedmakawand/Getty Images

Protecting yourself from hackers

You may think you’re doing enough to prevent getting hacked … but are you really? Cybercriminals are getting sneakier, not to mention more prevalent. Recent data shows that more than 42 million Americans experienced identity theft—and $52 billion in losses—in 2021 alone, and even worse, cyberattacks increased by 38% in 2022. We could throw a lot more disturbing statistics at you, but they all come back to this: Things are bad, and they’re getting worse.

That’s why you have to educate yourself about all the ways someone might try to steal your financial and other personal information—from online scams, including Facebook scams, to phishing, smishing and vishing scams. It’s a lot, we know, but we’re going to make it easy for you: We talked to internet-security experts to get the scoop on everything you should and shouldn’t be doing in your online life, as well as the surprisingly simple ways you can boost your smartphone security. And if the unthinkable has happened, check out our guides on how to recover a hacked Facebook account and Instagram account.

Get Reader’s Digest’s Read Up newsletter for more tech, travel, cleaning and fun facts all week long.

Worried young woman working at home
damircudic/Getty Images

You get contest information you didn’t sign up for

“Don’t respond with personal information (social security number, credit/debit card info, banking info, address, phone number) to contests, raffles and other web forms that you didn’t explicitly sign up for. Don’t click on links in text messages from numbers you do not recognize.” —Rene Kolga, senior director of product management at cybersecurity tech company Nyotron

Over the shoulder view of young Asian woman receiving an incoming suspected call from unknown caller on her smartphone and rejecting the call at home. Device screen showing warning sign as detected by the network provider. Phone scam and fraud concept
d3sign/Getty Images

You receive a suspicious email and phone call

“Today’s hackers often use a coordinated hybrid approach that includes the computer, phone and other means. For example, a person will call you on the phone, claim to be from your bank and ask you to update your credentials because they’ve just updated the system. If you say you’d prefer to do so via a website rather than over the phone, they’ll give you the URL to a site that looks exactly like your bank’s site but isn’t.” —Mark Gazit, CEO of ThetaRay, a provider of big data analytics solutions

Here are more examples of spoofing (a scam in which a criminal pretends to be someone else) and how to avoid it.

Important task. Close-up of hands of young african manager is sitting and holding laptop on his knees while typing on keyboard
Olena Yakobchuk/Shutterstock

You have the same password for everything

“When we recycle passwords, we increase the chances that hackers gain access to not one but many of our online accounts. Instead of repeating an easy-to-remember password across multiple sites, a user should choose a unique password for each site or use a password manager.” —Ashley Boyd, vice president of advocacy at Mozilla

Young pregnant businesswoman at home office, working with laptop on sofa
Oscar Wong/Getty Images

You believe unbelievable deals

“When presented with unexpected offers, ask yourself whether it’s too good to be true. Would I trust this person/situation if it were to happen in the physical world (i.e., offline)? Ask for a second opinion from a technically savvy friend, colleague or family member.” —Rene Kolga

Make sure you’re also aware of these Facebook Marketplace scams and OfferUp scams.

Woman typing electronic mail using laptop, sending e-mail, maili
fizkes/Getty Images

You engage with suspicious emails

“If you receive a suspicious email from a friend’s email address, don’t reply ‘Is it really you?’ because the fraudster will answer ‘Yes.’ If a suspicious email from your bank contains a phone number, don’t call it. Instead, look up the bank’s phone number in the Yellow Pages or Google it.” —Mark Gazit

If you’re already dealing with a breach, here’s how to remove spyware from your phone.

Online password management with keyborard, notes, pen.
vinnstock/Getty Images

You have a weak password

“Most people are afraid of forgetting login information, or they simply don’t feel their password use is a security risk. When someone is apathetic toward passwords, they resort to weak password behavior, leaving themselves open to risks. People create short, easy-to-remember passwords and then reuse those passwords across accounts. In addition, most individuals haven’t changed a password in the last year, even after hearing of a breach in the news. That same research found that 15% of consumers would rather do a household chore and another 11% would prefer to sit in traffic than actively change their passwords.” —Rachael Stockton, director of product marketing for LastPass

Businesswoman reviews document on laptop
SDI Productions/Getty Images

You don’t think it could ever happen to you

“Assume you will be hacked, because one day you will. You can’t assume that because you live a quiet, low-profile life that you will not be a target.” —Mark Gazit

Plus, did you know these everyday things can be hacked?

Laptop and yellow paper on screen with text written 'Time to update'
photograph by dorisj/Getty Images

You never update your apps and operating systems

“Software updates are like oil changes—they may seem bothersome at the moment, but they prevent major problems down the line. By neglecting updates and running older versions of software, you could be operating programs with known vulnerabilities.” —Ashley Boyd

And if you still have these apps on your phone, someone could be spying on you.

laptop with coffee cup on old wooden table

You left your computer unguarded in a coffee shop

“A combination of leaving your computer unlocked in a public space and storing passwords in spreadsheets or documents on your computer can leave you very susceptible.” —Tom DeSot, executive vice president and CIO of Digital Defense

Beyond this, you should also set up a VPN to keep your info safe.

Overhead view of young Asian woman relaxing at home, shopping online with smartphone and making payment online with credit card on hand. Lifestyle and technology. Contactless payment. Comfortable and fast shopping experience
d3sign/Getty Images

You gave information to an unencrypted site

“Entering sensitive information—like your credit card number—on an unencrypted website is risky. When entering personal information online, ensure the site is encrypted. How? Browsers like Firefox and Chrome will put a lock icon next to the URL to signal if a site is encrypted. Or, check to ensure the URL is ‘https’ not just ‘http.'” —Ashley Boyd

Side view of handsome african american guy reading message on phone while standing outdoors in, dark-skinned hipster in shirt with copy space for brand name or label installing application on mobile

You’re impatient

“Many people cannot be bothered with entering additional information to verify their identity. They want to access their accounts in the most efficient and quickest manner possible. Unfortunately, this comes at a potential increased risk. The typical manner to access an online account is a username and password. So if an attacker gains access to this password, they have access to your account. Enabling MFA [multi-factor authentication] on critical accounts such as online banking or email helps to minimize this risk because the attacker now needs another piece of information to access your accounts.

“Not all MFAs are created equal. A common choice is to receive a code via a text message (SMS). This is not the most secure manner to use MFA, as an attacker can port a phone and receive the verification PIN to access your account (as mentioned above). The better option is to have an authentication application such as Google Authenticator, which allows you to enter a PIN directly from the application.” —Will Mendez, vice president of cybersecurity and testing operations at Marcum Technology

Overhead view of young Black woman managing online banking with smartphone sitting on the sofa at home.
Evgeniia Siiankovskaia/Getty Images

You ignore account alerts

“Many people do not pay enough attention to alerts they receive concerning changes to accounts, especially password changes. This can be a sign of someone trying to access your account by resetting your password. If you notice an alert and you do not remember requesting a password reset, then call your provider immediately.” —Will Mendez

Cropped shot of African-American businessman paying with credit card online making orders via Internet. Successful black male holding plastic card making transaction using mobile banking application
WAYHOME studio/Shutterstock

You do your banking via public Wi-Fi

“A common mistake that we see consumers make that puts them at risk for being hacked is connecting to unsecured Wi-Fi hotspots. While it can be convenient to plug into free Wi-Fi while on the go, it is very easy for attackers to intercept internet traffic sent over an unsecured network. Some cybercriminals even create fake Wi-Fi hotspots in public locations in an attempt to steal data from those who connect. Avoid connecting to Wi-Fi networks that are not password protected, and never connect to banking or other sensitive sites when on any public Wi-Fi network.” —Brian Anderson, a security expert at Kaspersky Lab North America

Close up woman hand holding smartphone while entering the passcode. Concept of personal information security
Khanchit Khirisutchalual/Getty Images

You don’t have a passcode on your phone

“Sure, everyone knows it’s more than just a good idea—it’s the smart, responsible thing to do—but still, so many people fail to put a passcode or password on their smartphones. One survey by Pew Research found that 28% of smartphone owners say they do not use a screen lock or other security features to access their phone. But even if you (mistakenly) think you have nothing to hide, remember that your phone holds troves of data regarding just about everything in your life—from your bank accounts to your grocery shopping lists. Without a passcode or password, it’s just an open book, waiting to be hacked.” —Andrew Newman, founder of Reason Software

External backup disk hard drive connected to laptop
simpson33/Getty Images

You never back up your stuff

“Getting hacked is very possible, so always make backups of your important data! Do it at least once a week, if not more often.” —Daniel Dolev, Berthold Badler Chair in Computer Science at the Hebrew University of Jerusalem and a member of the European Research Council

Social media profile page in smartphone screen at work. Woman looking at feed, status update or post with mobile phone. Inefficient lazy worker avoiding job.
Tero Vesalainen/Getty Images

You give away too many hints on social media

“Posting sensitive information on social networking profiles like your date of birth, your pet’s name, family names—these can all be used against you.” —Jason Hart, former vice president and CTO of data protection at Gemalto

Next, find out what hackers can do with just your cell phone number and email address.


  • Check Point: “Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks”
  • Javelin: “Identity Fraud Losses Total $52 Billion in 2021, Impacting 42 Million U.S. Adults”
  • Rene Kolga, senior director of product management at Nyotron
  • Mark Gazit, CEO of ThetaRay
  • Ashley Boyd, vice president of advocacy at Mozilla
  • Rachael Stockton, director of product marketing for LastPass
  • Tom DeSot, executive vice president and CIO of Digital Defense
  • Will Mendez, vice president of cybersecurity and testing operations at Marcum Technology
  • Brian Anderson, security expert at Kaspersky Lab North America
  • Andrew Newman, founder of Reason Software
  • Daniel Dolev, Berthold Badler Chair in Computer Science at the Hebrew University of Jerusalem and member of the scientific council of the European Research Council
  • Jason Hart, former vice president and CTO of data protection at Gemalto