16 Clear Signs You’re About to Be Hacked
Cybercriminals are hoping you'll make these common online mistakes. Here’s how to protect yourself—and avoid getting hacked.
Protecting yourself from hackers
You may think you’re doing enough to prevent getting hacked … but are you really? Cybercriminals are getting sneakier, not to mention more prevalent. Recent data shows that more than 42 million Americans experienced identity theft—and $52 billion in losses—in 2021 alone, and even worse, cyberattacks increased by 38% in 2022. We could throw a lot more disturbing statistics at you, but they all come back to this: Things are bad, and they’re getting worse.
That’s why you have to educate yourself about all the ways someone might try to steal your financial and other personal information—from online scams, including Facebook scams, to phishing, smishing and vishing scams. It’s a lot, we know, but we’re going to make it easy for you: We talked to internet-security experts to get the scoop on everything you should and shouldn’t be doing in your online life, as well as the surprisingly simple ways you can boost your smartphone security. And if the unthinkable has happened, check out our guides on how to recover a hacked Facebook account and Instagram account.
Get Reader’s Digest’s Read Up newsletter for more tech, travel, cleaning and fun facts all week long.
You get contest information you didn’t sign up for
“Don’t respond with personal information (social security number, credit/debit card info, banking info, address, phone number) to contests, raffles and other web forms that you didn’t explicitly sign up for. Don’t click on links in text messages from numbers you do not recognize.” —Rene Kolga, senior director of product management at cybersecurity tech company Nyotron
You receive a suspicious email and phone call
“Today’s hackers often use a coordinated hybrid approach that includes the computer, phone and other means. For example, a person will call you on the phone, claim to be from your bank and ask you to update your credentials because they’ve just updated the system. If you say you’d prefer to do so via a website rather than over the phone, they’ll give you the URL to a site that looks exactly like your bank’s site but isn’t.” —Mark Gazit, CEO of ThetaRay, a provider of big data analytics solutions
Here are more examples of spoofing (a scam in which a criminal pretends to be someone else) and how to avoid it.
You have the same password for everything
“When we recycle passwords, we increase the chances that hackers gain access to not one but many of our online accounts. Instead of repeating an easy-to-remember password across multiple sites, a user should choose a unique password for each site or use a password manager.” —Ashley Boyd, vice president of advocacy at Mozilla
You believe unbelievable deals
“When presented with unexpected offers, ask yourself whether it’s too good to be true. Would I trust this person/situation if it were to happen in the physical world (i.e., offline)? Ask for a second opinion from a technically savvy friend, colleague or family member.” —Rene Kolga
You engage with suspicious emails
“If you receive a suspicious email from a friend’s email address, don’t reply ‘Is it really you?’ because the fraudster will answer ‘Yes.’ If a suspicious email from your bank contains a phone number, don’t call it. Instead, look up the bank’s phone number in the Yellow Pages or Google it.” —Mark Gazit
If you’re already dealing with a breach, here’s how to remove spyware from your phone.
You have a weak password
“Most people are afraid of forgetting login information, or they simply don’t feel their password use is a security risk. When someone is apathetic toward passwords, they resort to weak password behavior, leaving themselves open to risks. People create short, easy-to-remember passwords and then reuse those passwords across accounts. In addition, most individuals haven’t changed a password in the last year, even after hearing of a breach in the news. That same research found that 15% of consumers would rather do a household chore and another 11% would prefer to sit in traffic than actively change their passwords.” —Rachael Stockton, director of product marketing for LastPass
You don’t think it could ever happen to you
“Assume you will be hacked, because one day you will. You can’t assume that because you live a quiet, low-profile life that you will not be a target.” —Mark Gazit
Plus, did you know these everyday things can be hacked?
You never update your apps and operating systems
“Software updates are like oil changes—they may seem bothersome at the moment, but they prevent major problems down the line. By neglecting updates and running older versions of software, you could be operating programs with known vulnerabilities.” —Ashley Boyd
And if you still have these apps on your phone, someone could be spying on you.
You left your computer unguarded in a coffee shop
“A combination of leaving your computer unlocked in a public space and storing passwords in spreadsheets or documents on your computer can leave you very susceptible.” —Tom DeSot, executive vice president and CIO of Digital Defense
Beyond this, you should also set up a VPN to keep your info safe.
You gave information to an unencrypted site
“Entering sensitive information—like your credit card number—on an unencrypted website is risky. When entering personal information online, ensure the site is encrypted. How? Browsers like Firefox and Chrome will put a lock icon next to the URL to signal if a site is encrypted. Or, check to ensure the URL is ‘https’ not just ‘http.'” —Ashley Boyd
“Many people cannot be bothered with entering additional information to verify their identity. They want to access their accounts in the most efficient and quickest manner possible. Unfortunately, this comes at a potential increased risk. The typical manner to access an online account is a username and password. So if an attacker gains access to this password, they have access to your account. Enabling MFA [multi-factor authentication] on critical accounts such as online banking or email helps to minimize this risk because the attacker now needs another piece of information to access your accounts.
“Not all MFAs are created equal. A common choice is to receive a code via a text message (SMS). This is not the most secure manner to use MFA, as an attacker can port a phone and receive the verification PIN to access your account (as mentioned above). The better option is to have an authentication application such as Google Authenticator, which allows you to enter a PIN directly from the application.” —Will Mendez, vice president of cybersecurity and testing operations at Marcum Technology
You ignore account alerts
“Many people do not pay enough attention to alerts they receive concerning changes to accounts, especially password changes. This can be a sign of someone trying to access your account by resetting your password. If you notice an alert and you do not remember requesting a password reset, then call your provider immediately.” —Will Mendez
You do your banking via public Wi-Fi
“A common mistake that we see consumers make that puts them at risk for being hacked is connecting to unsecured Wi-Fi hotspots. While it can be convenient to plug into free Wi-Fi while on the go, it is very easy for attackers to intercept internet traffic sent over an unsecured network. Some cybercriminals even create fake Wi-Fi hotspots in public locations in an attempt to steal data from those who connect. Avoid connecting to Wi-Fi networks that are not password protected, and never connect to banking or other sensitive sites when on any public Wi-Fi network.” —Brian Anderson, a security expert at Kaspersky Lab North America
You don’t have a passcode on your phone
“Sure, everyone knows it’s more than just a good idea—it’s the smart, responsible thing to do—but still, so many people fail to put a passcode or password on their smartphones. One survey by Pew Research found that 28% of smartphone owners say they do not use a screen lock or other security features to access their phone. But even if you (mistakenly) think you have nothing to hide, remember that your phone holds troves of data regarding just about everything in your life—from your bank accounts to your grocery shopping lists. Without a passcode or password, it’s just an open book, waiting to be hacked.” —Andrew Newman, founder of Reason Software
You never back up your stuff
“Getting hacked is very possible, so always make backups of your important data! Do it at least once a week, if not more often.” —Daniel Dolev, Berthold Badler Chair in Computer Science at the Hebrew University of Jerusalem and a member of the European Research Council
You give away too many hints on social media
“Posting sensitive information on social networking profiles like your date of birth, your pet’s name, family names—these can all be used against you.” —Jason Hart, former vice president and CTO of data protection at Gemalto
Next, find out what hackers can do with just your cell phone number and email address.
- Check Point: “Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks”
- Javelin: “Identity Fraud Losses Total $52 Billion in 2021, Impacting 42 Million U.S. Adults”
- Rene Kolga, senior director of product management at Nyotron
- Mark Gazit, CEO of ThetaRay
- Ashley Boyd, vice president of advocacy at Mozilla
- Rachael Stockton, director of product marketing for LastPass
- Tom DeSot, executive vice president and CIO of Digital Defense
- Will Mendez, vice president of cybersecurity and testing operations at Marcum Technology
- Brian Anderson, security expert at Kaspersky Lab North America
- Andrew Newman, founder of Reason Software
- Daniel Dolev, Berthold Badler Chair in Computer Science at the Hebrew University of Jerusalem and member of the scientific council of the European Research Council
- Jason Hart, former vice president and CTO of data protection at Gemalto