3 ways you’re exposed to cyber threats — and what to do about it


If you’re interested in setting up multi-factor authentication but don’t want to use your phone as the secondary approval device, consider getting a security key. Security keys are small USB devices dedicated to being a second factor — so when properly set up, once you enter your username and password, all you have to do is tap your security key to confirm the login.

BestReviews is reader-supported and may earn an affiliate commission. Details.

What are the ways you’re exposed to cyber threats?

In the age of online security, it’s easy to get overwhelmed. It feels like new breaches get announced every week and traditional advice like “pick a password you can easily remember” is no longer enough to keep our most important accounts safe.

It’s not all bad news, though: by adopting a few new habits, you can minimize the risk of identity or data theft, and even minimize the impact of a potential cyber threat. Here are the three most common ways you might be at risk — and what you can do about each of them.

If your information was stolen in a data breach

If a vendor or website has contacted you to alert you that some of your information was stolen, don’t panic — there are plenty of ways to make sure you’ll be all right in the long run. The first step to take is to find out specifically what information was stolen, and then respond accordingly. For example:

Demographic information

If demographic information was stolen, such as your name, phone number, and home address, the good news is that hackers can’t do very much with that information alone. The bad news is that you’ll need to apply a little more caution to the mail and phone calls you receive — scam phone calls are big business, and so is junk mail — which is never a bad idea, regardless of the circumstances.

Personal information

If personal information like your birthday or social security number were part of a breach, the risk is more severe, because the information can be used to open new credit cards or steal existing funds. To prevent any immediate theft, your best bet is to freeze your credit with all three credit reporting agencies (Experian, Equifax, and TransUnion). Freezing your credit means no new lines of credit can be established in your name until you personally unfreeze your credit with all three agencies. To protect yourself moving forward, you can sign up for a credit-monitoring service which will automatically send you an alert if anyone attempts to use your information without your permission.

Website passwords or account information

If website passwords or account information were stolen, the first step to take is to change your password — and if you’re using that same password on any other account, you’ll need to update it there too (most hackers count on users recycling passwords). While you’re establishing new passwords, consider using a password manager service like LastPass or DashLane to generate strong passwords and manage them for you so you don’t have to remember long strings of characters. Once your passwords are squared away, set up multi-factor authentication on any accounts you have that support it. Multi-factor authentication, sometimes called MFA or 2FA, makes it so that once you log in to a site with your password, you must approve the login on a separate device like your smartphone, so stolen passwords won’t be enough to access your information. Google, Facebook, Amazon, Microsoft, and DropBox all support MFA — if you have accounts with any of them, start there first.

Credit card information

If credit card information was stolen, contact your credit card company immediately. In most cases, they’ll deactivate your current credit card number and issue you a new one within 24 hours.

If you get phone calls claiming to be from Microsoft or the IRS

More than half of the phone traffic in the United States is comprised of robocalls: automated phone dialers hoping to scam recipients out of their money. Sometimes they pretend to be from important businesses, and other times they rely on cagey language like, “We have an important update about your account.” No matter who a caller says they are, there are three things to remember to stay safe:

If it’s obviously a recording trying to sound like a person, hang up.

While there are legitimate uses for automated calling such as non-profit fundraising or public emergencies, most robocalls are scams. If a recorded voice attempts to engage you in conversation, hang up.

If you get a call from a live person, start by asking them to tell you your name.

Some fraudulent calls will have a live person on the other end, often claiming that they need access to your computer or your banking information in order to help you. Before giving them any information, ask them to tell you your own name. Most phone scammers are just calling long lists of numbers, and won’t be able to respond. If they can’t — or if they simply seem untrustworthy — hang up.

Always remember: the vast majority of companies don’t call customers, and the IRS never does.

To help protect consumers from fraud, most companies have a policy stating they don’t make outbound calls, and the IRS has explicitly stated they will never contact consumers over the phone. If someone calls you claiming to be from a company or branch of government, hang up.

If you get a lot of suspicious emails

Believe it or not, the most common (and effective) method of stealing information isn’t through hacking passwords or credit card numbers — most successful hacks happen through “phishing”: fooling users into clicking dangerous links or inadvertently providing personal information. You’re probably already familiar with unwanted spam emails, but spam has evolved, and now what may look like an innocuous email from a trusted contact could be an attack on your accounts and information. Here are two rules to remember when it comes to protecting yourself against phishing attempts.

Pay close attention to the “from” field.

In many instances, you can spot a scam simply by noting inconsistencies in the sender’s email address. An email may look like it’s from your friend Jane Doe’s Gmail account, but if it comes from “janedoe@gmail.iz.tn,” treat the email with caution. Before you click any links in the body of the email, consider following up with the sender to make sure it was them who sent you the message. (If you’re certain the message isn’t genuine, simply delete it.)

Exercise caution before clicking any links in an email.

The purpose of most phishing attempts is to either get you to click on a link that will install malware on your computer, or to get you to provide your username and password to an impersonated service (e.g., they’ll take you to an interface that looks like Google, but isn’t, and prompt you for your credentials). Before you click any link from an email, hover over it with your mouse to see the destination — and if it’s not going to the site you’re expecting, don’t click it.


Hackers and online criminals will continue to find new ways to get your information, so your most valuable defense is awareness. If something about an email or phone call feels off to you, trust your instinct, and take extra precautions — now, more than ever, “better safe than sorry” is your best bet for keeping your most valuable information secure.


Sign up here to receive the BestReviews weekly newsletter for useful advice on new products and noteworthy deals.

Jaime Vazquez writes for BestReviews. BestReviews has helped millions of consumers simplify their purchasing decisions, saving them time and money.

Copyright 2021 BestReviews, a Nexstar company. All rights reserved.

Trending Stories