4 Things to Do to Protect Yourself from Scams and Online Attacks in 2025

The cyberattack on the US Treasury Department in late 2024 is a stark reminder that if even the government is not immune to technological failures, then neither are we as individuals. Therefore, protecting your online accounts and personal information is something you cannot take lightly.

Etay Maor, a cybersecurity expert at Israeli technology company Cato Networks, said that while state-sponsored hackers, like the group suspected of attacking the US Treasury Department's computers, possess sophisticated skills, the threat from small-scale cybercriminals has not diminished.

However, there are many tactics individuals can employ to protect their information from hackers and scammers. While some of these measures have been used for years, with the explosion of AI and new technologies, it is necessary to update modern security strategies, Maor said.

Maor admits that remembering an extra password or receiving verification messages from another app can be a hassle. But he emphasizes that these simple steps can protect you from becoming an easy target for small-time hackers.

Here are four tips to boost cybersecurity and avoid hackers and scammers using social engineering attacks in 2025.

Use strong passwords

Etay Maor warns that reusing the same password for multiple accounts will inadvertently create opportunities for scammers to exploit more easily.

Instead, he recommends following basic but effective security principles, which are to use unique passwords for each account and make sure they are strong, which means using a combination of letters, numbers, and special characters, and avoiding common passwords like '123456' or easily guessed words.

Managing a variety of passwords can be a challenge. Maor says he uses a template to generate new passwords, and while it's relatively secure, he admits that hackers could crack it if they gathered enough information.

Additionally, password managers are a popular solution, but they are not completely immune to cyber attacks.

Maor suggests that sometimes low-tech solutions are more secure. “For me, writing down your passwords on paper is much safer than using the same password for every account,” he says. However, he stresses that you should keep the paper in a safe place, out of plain sight.

Be wary of methodsnon-technical attack

A social engineering attack is a type of cyber attack in which an attacker takes advantage of human psychology, behavior or trust to steal sensitive information, gain unauthorized access to a system or commit fraud without having to exploit technical vulnerabilities in the system.

Some scammers don't need AI, but instead leverage their skillful communication skills and ability to build trust to extort money or information from victims.

Maor explains that simple versions of this scam often come in the form of direct messages from strangers on Facebook or other social media. They try to establish a relationship, build trust, and then ask for money or personal information.

Set the rulesKeep it secret from family and friends to avoid AI-based scams

Some scammers have used voice-generated AI technology to create convincing recordings of people they know who are in trouble and need financial help. They then call the victim’s friends or family, using the fake voice to carry out sophisticated scams.

Cybersecurity expert Etay Maor said he has come up with a plan to protect his family from such scams. They have agreed to use a “secret word,” a special code that members can request to verify their identity if they receive a suspicious request, especially one that could potentially involve an AI-generated voice.

Maor explained that the secret word his family chose was not something that was too common or predictable. “I think we should not hesitate to use this method, both in our professional and personal lives, as a simple but effective way to verify identity and enhance security,” he stressed.

AI has taken online scams to the next level, making fake emails from trusted sources more sophisticated and convincing, making it easier for recipients to be tricked into giving up personal information.

In the past, guides to spotting email scams often advised users to look for spelling mistakes or incorrect grammar structure, Maor said.

However, with the help of AI, scammers can now create complete, grammatically correct emails, written in any language they need, making identification more difficult.

Use authentication2 factors

Despite its age, two-factor authentication (2FA) remains an effective way to protect accounts from unauthorized access, Maor said. This method requires users to enter an additional verification code sent via email, text message, or phone call, in addition to their regular password, to complete the login.

As recommended by the US Federal Trade Commission, users can take additional security measures to protect their online accounts. One effective way is to use an authenticator app like Microsoft Authenticator, which allows you to receive an authentication code or prompt for confirmation each time you log in.

Additionally, a physical security key is another option that acts as an identity verification device. It needs to be plugged into your computer or connected via Bluetooth or Near Field Communication (NFC), ensuring that it is you who is logging in. These methods provide an additional level of security, especially when faced with the threat of phishing.