10 Everyday Habits That Make You a Target for Scammers
By Dr. Kimma Wreh
In today’s hyper-digital world, cybercriminals don’t always need to hack complex systems. Often, human behavior is the easiest point of entry. According to the FBI’s Internet Crime Complaint Center (IC3), U.S. citizens lost over $12.5 billion to cybercrime in 2023—a significant portion of which stemmed from common, avoidable habits.
Here are 10 daily behaviors that might be putting your digital identity and finances at risk—plus how to protect yourself.
1. Oversharing on Social Media
Why it’s risky: Birthday posts, vacation check-ins, or pet names may seem harmless—but scammers use this info to crack passwords, guess security questions, or impersonate you.
Real example: In Florida, a scammer reset a victim’s email password using clues from her Facebook profile, then accessed her online banking.
Tip: Limit who can see your posts. Avoid sharing sensitive personal details like your birthdate, hometown, or travel plans.
2. Reusing the Same Passwords
Why it’s risky: If one account is breached, cybercriminals can try your reused password across dozens of other accounts.
Real example: In the wake of a 2019 DoorDash breach, attackers accessed user emails, bank apps, and social platforms by exploiting reused credentials.
Tip: Use a password manager like LastPass or 1Password to generate and store strong, unique passwords for each account.
3. Ignoring Software Updates
Why it’s risky: Updates often include critical patches for known vulnerabilities. Delaying them means you’re leaving the door open.
Real example: The Equifax breach in 2017 exposed personal data of 147 million Americans—all because of a missed software patch.
Tip: Enable automatic updates for your phone, laptop, antivirus software, browser extensions, and even routers.
4. Clicking Suspicious Links or Attachments
Why it’s risky: Phishing emails can install malware or steal your login credentials in seconds.
Real example: A California business owner clicked a fake QuickBooks invoice and lost $20,000 after malware harvested his banking info.
Tip: Hover over links before clicking. If you didn’t request the file or don’t recognize the sender, don’t open it.
5. Using Public Wi-Fi Without Protection
Why it’s risky: Hackers can intercept your data on open networks, especially at airports, cafés, or hotels.
Real example: A traveler at JFK connected to “Free Airport Wi-Fi”—actually a rogue hotspot set up by a cybercriminal who harvested his credentials.
Tip: Use a Virtual Private Network (VPN) when using public Wi-Fi, or avoid logging into banking or personal accounts on unsecured networks.
6. Not Enabling Two-Factor Authentication (2FA)
Why it’s risky: If your password gets stolen, 2FA can block unauthorized access.
Real example: The 2020 Twitter Bitcoin scam involved compromised employee accounts—many of which lacked 2FA—leading to widespread misinformation.
Tip: Enable 2FA on your email, financial accounts, and social media. Prefer app-based authentication (like Google Authenticator) over SMS when possible.
7. Accepting Unknown Connection Requests
Why it’s risky: Fake accounts on LinkedIn and Facebook can lead to social engineering attacks.
Real example: A scammer posed as a recruiter, sent job documents laced with malware, and accessed victims’ sensitive data.
Tip: Only accept requests from people you know or can verify. Be wary of unsolicited offers or links.
8. Believing Every Call or Message
Why it’s risky: Scammers often pose as IRS agents, bank reps, or relatives in distress to extract money or personal info.
Real example: A New Jersey man was scammed out of $7,200 by someone pretending to be from the IRS demanding immediate payment in gift cards.
Tip: Government agencies never ask for payment via phone or gift cards. Hang up and verify through official channels.
9. Responding Emotionally to “Urgent” Requests
Why it’s risky: Scammers use urgency to override your logic and force impulsive decisions.
Real example: A woman wired $9,000 after a fake call claimed her grandson was arrested. The scammer used AI to clone his voice.
Tip: Take a breath. Urgency is a red flag. Verify any emergency independently before sending money or personal info.
10. Ignoring Small Account Activity
Why it’s risky: Hackers often test stolen accounts with tiny transactions before making larger purchases.
Real example: A Seattle resident ignored a $1.17 charge. Days later, $1,500 in fraudulent charges hit her card.
Tip: Enable transaction alerts from your bank and monitor activity regularly—even small charges matter.
Final Thoughts: Your Habits Are Your First Defense
Most scams don’t require hacking—they rely on psychology. A small shift in behavior can make a huge difference.
Simple Ways to Protect Yourself:
- Keep social media private
- Use 2FA and unique passwords
- Update your software
- Pause before acting on emotion
- Monitor bank and credit activity
Resources for U.S. Residents
- FTC Identity Theft Help
- FBI IC3 Reporting
- BBB Scam Tracker
Read my previous article:
The Hidden Costs of Cyber Scams—and How to Outsmart Them
Learn more about me:
About Dr. Kimma Wreh