Lifestyle | MSN Article

Are you an easy target for scammers? A checklist to secure your online life

By Ephraim Miles, on September 5, 2025

This post may contain affiliate links. Please see our disclosure policy for details.

Click to add us as a Google Trusted Source

You may think you’re too smart to get scammed. You’ve seen the warnings. You know the basics. But what if I told you that in 2024, scammers weren’t just targeting the gullible? They were targeting everyone. And they were winning. Big time.

The FBI’s Internet Crime Complaint Center (IC3) reported that Americans lost over $16 billion to online scams in 2024. That’s not a typo. It’s a 33% jump in losses from the year before. The Federal Trade Commission (FTC) supports this, reporting a parallel surge to $12.5 billion in fraud losses.

This isn’t just happening to other people. The average loss for a single victim is now a painful $19,372. One wrong click, one moment of distraction, could cost you nearly twenty grand. Over the last five years alone, the total damage has topped $50 billion, according to new FBI data.

So, what’s going on?

It’s not that we’re getting less intelligent. It’s that scammers are getting terrifyingly good at their jobs. They’ve moved beyond clumsy emails with typos and are now running sophisticated, professional operations. While the number of scam reports has remained relatively constant, the amount lost per scam has skyrocketed, indicating that they’re focusing on bigger, more lucrative heists.

They’re masters of psychological manipulation. As financial psychology expert Alex Melkumian puts it, They use fear-based tactics to get us into our primitive brain, which is always on alert.They trigger our fear, our hope, our sense of urgency, and our trust, bypassing our rational minds.

The sobering truth is that scammers are becoming more sophisticated, effective, and convincing every day, and the cost of a single mistake has never been higher.

But here’s the good news. You don’t have to be a cybersecurity genius to protect yourself. You just need to build a few smart habits. This isn’t a technical manual. It’s a straightforward, no-nonsense checklist to help you identify the pitfalls and safeguard your online life. Let’s get started.

Are you still falling for ‘obvious‘ phishing emails?

Hidden Risks of Doorbell Cameras and How to Protect Yourself
Image credits: Christina Morillo via pexels.com

Phishing—where scammers impersonate legitimate companies to steal your info—is still the most reported cybercrime out there. It’s the front door for hackers, leading to everything from stolen bank funds to full-blown ransomware attacks.

The sheer scale is hard to comprehend. According to AAG, an estimated 3.4 billion phishing emails are sent every single day. It’s a constant, global flood of deception.

And the old advice to “look for spelling mistakes” is officially dead. Why? Scammers are now using Artificial Intelligence to write perfectly crafted, convincing emails. One report found that a shocking 82.6% of phishing emails now use AI to sound flawless. Another study revealed that AI-written phishing emails are more effective at getting people to click, with a 54% success rate, compared to just 12% for those written by humans.

But it’s not just emails anymore. There’s a new threat in town: Quishing,” or QR code phishing. You see a QR code in an email from “Microsoft” asking you to update your security settings. You scan it with your phone, and it takes you to a login page. It appears to be real, but it’s a fake designed to steal your password. Because the QR code is an image, it often bypasses traditional email security filters that are designed to detect malicious text links.

This tactic is exploding. QR code phishing attacks surged by 51% in late 2023, and some security firms have seen a 433% increase in references to this attack method. It’s a devious trick that weaponizes our trust in the convenience of QR codes.

So, how do you protect yourself now?

  • Trust your gut, not the grammar. Modern scams play on your emotions. They create a sense of urgency (“Your account will be closed!”), authority (“We’re from your bank”), or fear (“Suspicious activity detected!”). 
  • Hover before you click. On a computer, always hover your mouse over a link before you click it. A small pop-up will show you the link’s true destination. If it looks weird or doesn’t match the sender, don’t click.
  • Be suspicious of unexpected QR codes. Never scan a QR code in an email you weren’t expecting. If you think it might be legitimate, go directly to the company’s official website instead of scanning the code.
  • Your caution is your best defense.

Is your password from the Stone Age?

Let this sink in: Weak or stolen passwords are the root cause of over 80% of data breaches at companies. For most of us, our passwords are the weakest link in our entire digital life.

For years, we were told to create “complex” passwords by adding a capital letter, a number, and a symbol. The result? Predictable passwords like Summer2024! that hackers can crack in seconds.

The rules have changed. The new gold standard, according to the National Institute of Standards and Technology (NIST), is simple: length is more important than complexity.

A modern computer can guess an 8-character password in minutes. But a 16-character password? That could take a billion years to crack. The best way to create a long, strong password you can actually remember is to use a passphrase. Just string together 4 or 5 random, unrelated words. Something like BlueCloudRiverTiger is challenging for a computer to guess but easy for you to recall.

Of course, the next question is, “How am I supposed to remember a unique, long passphrase for every single account?

The answer is simple: you don’t. You use a password manager.

These are secure digital vaults that create, store, and automatically fill in your passwords for you. You only have to remember one strong master password to unlock the vault. Yet, despite their effectiveness, only 36% of American adults use a password manager, according to Bitwarden’s 2025 World Password Day survey. This is a significant security gap, especially given data that shows people who use them are far less likely to become victims of identity theft.

As tech expert Chris Pirillo famously said, Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers. (A quick update to that great advice: NIST now says you only need to change your passwords if you suspect an account has been compromised).

The bottom line is that the biggest weakness in password security isn’t technology—it’s human psychology. We’re wired to take the easy route. By switching to simpler, human-friendly systems like passphrases and password managers, you significantly strengthen your security.

Are you skipping that ‘annoying‘ extra login step?

We’ve all been there. You log into an account, and it asks for a six-digit code from your phone. It feels like an annoying extra step, so you may have put off setting it up.

That “annoying” step is called Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), and it is arguably the single most powerful tool you have to protect your accounts.

Think of it this way: your password is like the key to your front door. 2FA is the deadbolt on the inside. Even if a thief steals your key, they still can’t get in without getting past that second, tougher lock.

The effectiveness of 2FA is mind-blowing. Both Microsoft and Google have reported that enabling MFA blocks 99.9% of automated attacks that try to take over your accounts. It’s as close to a silver bullet as we have in cybersecurity.

So why doesn’t everyone use it? In one survey, 33% of people said they found it too “annoying.” However, that minor inconvenience is a small price to pay for nearly total protection against automated hacks.

Of course, scammers are adapting. They know they can’t easily break the technology, so they’ve started trying to trick us into defeating our own security. Even with MFA enabled, clever bypass tactics still target 28% of users. These include:

  • SIM Swapping: Scammers trick your mobile provider into transferring your phone number to a SIM card they control, allowing them to intercept your text message codes.
  • MFA Fatigue Attacks: They get your password, then spam you with dozens of login approval notifications on your phone, hoping you’ll get annoyed and accidentally approve one just to make them stop.

This shows that the battle has shifted. Attackers aren’t just trying to hack your password anymore; they’re trying to hack you.

Here’s how to stay safe:

  • Enable 2FA on every important account—especially your email, banking, and social media.
  • Use an authenticator app (like Google Authenticator or Microsoft Authenticator) instead of SMS text messages for your codes. These apps are not vulnerable to SIM swapping.
  • If you get a login approval request you weren’t expecting, deny it immediately. That’s a sign that someone has your password and is trying to gain access. Change that password right away. That one simple habit can save you from a world of hurt.

Are you oversharing on social media?

Common Marriage Mistakes Divorce Attorneys Avoid
Image credit: firmbee/pixabay

Your social media profile is a gold mine for scammers. It’s where they go to learn about you, build trust, and launch their attacks.

The numbers are shocking. The FTC reports that one out of every four people who lost money to fraud stated that the scam originated on a social media platform. Between 2021 and 2023, Americans lost a staggering $2.7 billion to scams that originated from posts, ads, or messages on social media.

And it’s not just one age group. While everyone is at risk, younger people are hit particularly hard. For those aged 18-19, an incredible 47% of all their reported fraud losses originated on social media.

Scammers are skilled at turning your innocent posts against you. Here’s how:

Save this article

Enter your email address and we'll send it straight to your inbox.

  • Answering Your Security Questions: You post a cute photo of your first dog, Fluffy. You share a throwback picture from your hometown, Springfield. You wish your mom a happy birthday and mention her maiden name. A scammer collects these details and uses them to reset your passwords on other, more important sites, such as your bank or email.
  • Crafting Perfect Phishing Attacks: They see you work at Acme Corp, love hiking, and bank with First National. They can then send you a highly personalized email that looks like it’s from your boss, a local hiking club, or your bank. It’s far more convincing than a generic scam email.
  • Impersonating Your Friends: They create a fake profile using your friend’s name and picture, send you a friend request, and then, a few days later, a desperate message: “I’m stranded and lost my wallet! Can you wire me $500?

The very design of social media platforms—which encourages sharing and connection—creates an environment that scammers exploit to establish trust. They can even use the platform’s own advertising tools to target you with fake shopping deals or bogus investment schemes based on your interests.

It’s time for a privacy check-up.

  • Lock down your profile. Go into the privacy settings on Facebook, Instagram, and any other platform you use. Change the setting for who can see your posts from “Public” to “Friends Only.” It’s the most critical change you can make.
  • Think before you post. Before sharing a personal detail, ask yourself: “Could a scammer use this against me?
  • Be skeptical of unsolicited messages. If a “friend” messages you with an urgent request for money, call them on the phone to verify it’s really them. Their account was likely hacked.

As privacy advocate Gary Kovacs said, Privacy is not an option, and it shouldn’t be the price we accept for just getting on the Internet.” Treat your social media account like a public billboard, not a private diary.

Do you treat public Wi-Fi like your home network?

We all do it. You’re at a coffee shop, an airport, or a hotel, and you connect to the free public Wi-Fi. It’s convenient, but it can also be dangerous.

Here’s a simple way to think about it: using public Wi-Fi without protection is like shouting your passwords and bank details across a crowded room. The network is open, and anyone with the right tools can listen in.

Scammers have a few favorite tricks they use on public networks:

  • Evil Twin” Hotspots: A hacker sets up a fake Wi-Fi network with a legitimate-sounding name, like Cafe_Free_WiFi. You connect to it, thinking it’s the real deal, but you’re actually connecting directly to the hacker’s laptop. They can now see everything you do online.
  • Man-in-the-Middle Attacks: Even on a legitimate network, if it’s not secure, a hacker can position themselves between your device and the websites you’re visiting, intercepting all your data as it flows back and forth.

For years, we were taught to “look for the little lock icon” or “https” in the website address bar as a sign of safety. But here’s a critical update from the FBI: scammers now create their own fake websites with that same lock icon. They know we’ve been trained to trust it, so they use it to trick us into feeling secure on their malicious sites.

This means our old visual cues for safety are becoming unreliable. We can no longer just passively check for a lock; we need to take active steps to protect our connection.

The ultimate shield for public Wi-Fi is a Virtual Private Network (VPN).

A VPN is an app for your phone or computer that creates a private, encrypted tunnel for all your internet activity. It makes your data completely unreadable to anyone snooping on the public network. It’s like sending your mail in a locked, armored car instead of on an open postcard.

Here’s your public Wi-Fi safety plan:

  • Always use a VPN on public networks. It’s the single best way to stay safe.
  • Turn off auto-connect. Go into your device’s settings and disable the feature that automatically connects to available Wi-Fi networks. This prevents your phone from joining a malicious network without your knowledge.
  • Turn off file sharing. Features like AirDrop should be turned off in public places to prevent someone from sending malicious files to you or accessing your device.
  • Avoid sensitive activities. If you don’t have a VPN, save your online banking and shopping for when you’re back on a secure, trusted network, such as your home Wi-Fi.
    A little patience can prevent a lot of pain.

Are you tempted by deals that are ‘too good to be true‘?

Scammers are masters of emotional manipulation. They prey on our deepest desires—for wealth, for love, for a great deal—to get us to lower our guard. This is the psychology behind the most financially devastating scams.

Investment scams are, by far, the costliest type of fraud. They were the number one category for financial losses in 2024, with Americans incurring a staggering $5.7 billion in losses, according to the FTC.

The explosion of cryptocurrency has fueled this fire. In 2024, cryptocurrency was involved in $9.3 billion of total fraud losses—a 250% increase from the previous year. Scammers love crypto because transactions are fast, often anonymous, and almost impossible to reverse.

This has given rise to the brutally named pig butchering” scam. It’s a hybrid attack that combines a romance scam with an investment scam. A scammer will spend weeks or even months building a deep, emotional connection with you online. Once they’ve earned your complete trust (a process they call “fattening the pig”), they’ll start casually mentioning a “can’t-miss” cryptocurrency investment opportunity that has made them rich. They’ll guide you through creating your first small investment on a fake platform they control and even let you withdraw some “profits” to prove it’s real. Then, they convince you to invest your life savings before disappearing forever.

This convergence of tactics is incredibly effective because the emotional bond of the romance scam completely dismantles the victim’s logical skepticism about the investment scam.

Even if you’re not looking for love or riches, online shopping scams are everywhere. They are the most common type of fraud reported on social media, making up 44% of all reports. You see an ad for a product at an unbelievably low price, you order it, and it either never arrives or you get a cheap counterfeit.

Whether it’s an investment, a romance, or a shopping deal, scammers use the same psychological playbook:

  • Urgency:This crypto price is about to explode! You have to invest now!
  • Authority: They pose as expert investors or impersonate legitimate companies.
  • Hope: They promise you a life of financial freedom or a future with your soulmate.

How do you fight back?

  • Remember the golden rule: If a deal seems too good to be true, it almost certainly is.
  • Slow down. Scammers want you to act on emotion, without thinking. Give yourself time to think and do your research.
  • Use credit cards for online shopping. Credit cards offer robust fraud protection, allowing you to dispute charges if you are scammed. Debit cards, which pull money directly from your bank account, offer far less protection.
    This simple choice can be the difference between a minor inconvenience and a significant financial loss.

Do you trust a voice just because it sounds familiar?

common annoying phone habits in public
Image Credit: Roberto Hund via Pexels.

This is the new frontier of scams, and it’s terrifying. Imagine your phone rings. It’s your son, and his voice is filled with panic. “Mom, I’ve been in a car accident. I’m hurt, and I need you to wire money for the hospital right now.

You’d do anything to help, right? But what if it wasn’t your son? What if it was a scammer using an AI-generated clone of his voice? This isn’t science fiction. It’s happening right now, and it’s incredibly effective because it hijacks our most primal instinct: the need to protect our loved ones.

The technology has become shockingly accessible and easy to use. It takes as little as three seconds of audio—grabbed from a social media video or an old voicemail—to create a clone with an 85% voice match.

The statistics are chilling:

  • A recent global survey found that one in four people have already experienced an AI voice cloning scam or know someone who has.
  • A staggering 77% of victims who were targeted by these scams lost money. 
  • Most worryingly, 70% of people surveyed were not confident in their ability to distinguish between authentic and fake voices.

Scott Hermann, an identity protection expert, calls it without hesitation, the scariest thing I have ever seen,” noting that the technology is so good that “a mother can’t tell the difference between her own child and a machine.”

This technology represents a fundamental breakdown of something we’ve trusted our entire lives: the sound of a loved one’s voice. Our own senses can now be turned against us. This means we must consciously override our instincts and adopt new methods to verify who we’re talking to.

Fortunately, the best defense against this high-tech threat is surprisingly low-tech.

  • Hang up and call back. If you get a frantic call asking for money, no matter how real it sounds, tell them you’ll call them right back. Then, hang up and call the person at a phone number you know is theirs. A scammer can spoof a phone number to make a call, but they can’t answer the real person’s phone.
  • Create a family “safe word.” This is a proactive step that can stop a scammer in their tracks. Agree on a secret word or phrase with your family that would only be used in an actual emergency. If a loved one calls asking for help, ask them to provide a safe word. If they can’t offer it, it’s a scam.

This isn’t just a security tip; it’s a new social protocol for the age of AI. We have to learn to trust, but verify, even with the people we know best.

Key takeaway

Securing your online life can feel overwhelming, but it doesn’t have to be. You don’t need to be a tech expert. You simply need to establish a few simple yet powerful habits. If you remember nothing else from this article, remember this checklist:

  • Question everything: Be deeply skeptical of any unexpected email, text, or call that creates a sense of urgency or fear. Scammers play on your emotions, not your logic.
  • Go long, not complex: Your best defense is a long password. Use a memorable passphrase of at least 16 characters and let a password manager handle the rest.
  • Double your security: Enable two-factor authentication (2FA) on all critical accounts. It’s like a deadbolt for your digital life, blocking 99.9% of automated hacks.
  • Lock down your social media: Stop oversharing. Change your privacy settings from “Public” to “Friends Only.” Treat your profile like a public billboard, not a private diary.
  • Use protection in public: Never use public Wi-Fi without a VPN. It creates a private, encrypted tunnel that keeps snoops out of your business.
  • Trust, but verify: If a deal seems too good to be true, it is. If you get an urgent call for help, hang up and call the person back on a number you know is theirs.
  • Create a safe word: Establish a secret family password that only you and your partner know. It’s a simple, low-tech defense against the terrifyingly high-tech threat of AI voice cloning scams.

These aren’t complicated chores. They are small, empowering actions that put you back in control. In a world where scammers are working harder than ever, these simple habits are your best defense against them. Stay safe out there.

Disclaimer This list is solely the author’s opinion based on research and publicly available information. It is not intended to be professional advice.

Like our content? Be sure to follow us.