In this hyper-connected digital world, it’s not uncommon for online users to share highly personal information without giving it a second thought. Even those who are careful not to post their phone number or address online could find their personal information compromised in other ways. If you want to strengthen your online security and protect yourself from phishing scams, identity theft, and other cybercrimes, here are nine things you should avoid doing online, brought to you by Mental Floss and Discover.

1. Don’t take personality quizzes from unknown sources on social media.

We’ve seen it happen before: A data mining company creates a fun personality quiz on social media for the sole purpose of tricking people into handing over their personal information—even their private messages, in some cases. Hackers also create deceptively innocent surveys to goad people into posting the answers to their password security questions, such as “What was your first pet’s name?” or “What was your first car?” Unless a quiz or survey is posted by a reliable source, resist the urge to find out what age you look or what your spirit animal is.

2. Don’t post your full birth date and hometown online.

Everyone loves getting birthday wishes on social media, but you can still get those greetings without listing your birth year. You might be surprised by what fraudsters can do with your full birth date and hometown—two pieces of information that many people readily post on their social media profiles. For one, they might be able to guess your social security number. The first three digits are based on the zip code that was listed in your SSN application, which was quite possibly your hometown. Some of the digits also correlate with date of birth, making it possible for an algorithm to crack the code and figure out your SSN. That’s why it’s important to have a credit card that looks out for you: Discover monitors thousands of Dark Web sites and alerts you if your Social Security Number is found. Discover will also monitor your Experian® credit report every day and alert you when there’s a new credit card, mortgage, car loan or other account in your name. Signing up for both alerts is free. Learn more at Discover.

3. Don’t use public Wi-Fi without verifying that it’s a legitimate network.

Let’s imagine you’re on vacation and you’re lounging by the hotel pool when you decide to log onto a Wi-Fi network called “Pool Wi-Fi.” You’ve been spending more money than you bargained for on this trip, so you decide to check your bank account balance—and while you’re at it, you log into your work email to check up on things. The problem is that “Pool Wi-Fi” is a fraudulent network designed to track your activity and steal your personal information.
Whenever possible, check with a staff member to figure out which Wi-Fi network is genuine, and never check your bank account or log onto website containing sensitive data if you’re not using a secure, password protected network.

4. Don’t follow up a gaming session with some online banking.

If you or your kids visit gaming or movie streaming websites that have lots of pop-ups, you could be putting malicious malware on your computer or electronic device. When you use that same device to check your bank account or pay your credit card bill, you face an increased risk of hacking and potentially even identity theft. Experts recommend using different devices for online banking and recreational uses, if possible.

5. Don’t click on links or attachments in emails without verifying the source.

Phishing scams are getting more and more sophisticated. Using a specific kind of targeted attack called “spear phishing,” hackers can make it look like a file was sent by someone you know—perhaps a significant other, colleague, or boss. If you receive a link or attachment that seems a little fishy, double-check the sender’s address and be on the lookout for typos. Hackers sometimes buy domains that look similar to a reputable company’s domain name in hopes that you won’t notice that a “v” has been swapped out for a “w.” This clever technique is called typosquatting, and it’s surprisingly common.

6. Don’t use the same password for multiple accounts.

A lot of people are guilty of recycling passwords. It may seem like a convenient way to keep track of dozens or even hundreds of accounts, but it also makes it easier for hackers to break into multiple accounts. If you’re having trouble remembering the log-in details of 50 different accounts, try using a password manager app (just check the reviews first). These services could technically be compromised, but it’s a lot safer than keeping your passwords somewhere in your cloud storage.

7. Don’t click links to “promotions” sent through SMS.

Unfortunately, people aren’t immune from hacking just because they’re on their phones instead of a laptop. One type of attack, called “smishing,” occurs through SMS. Let’s say you get a message about a discount from your favorite store or phone service provider, or perhaps even an alert that appears to be from your dentist or school. You’re prompted to click the link to follow through, but be careful—it could contain spyware or redirect you to a window that asks for personal details, like your pin number and the last four digits of your social security number. As a general rule, it’s unlikely that a trustworthy company would send an email or text asking you to enter sensitive information. If you’re unsure whether an offer is genuine, search online for the domain name in the link to see if it’s associated with the company.

8. Don’t leave old, inactive accounts open.

If you’ve ever abandoned an email or social network but never got around to deleting your account, you could be leaving yourself vulnerable to hackers. These so-called zombie accounts are easy targets because they aren’t closely monitored. If hackers manage to break into your account, they could gain access to a slew of sensitive information. Plus, if you’ve used the same password on other sites, those accounts are now also at risk. It may take some effort, but try to shut down any accounts you aren’t using.

9. Don’t post photos of your boarding pass online.

Your passport, driver’s license, and other forms of ID contain sensitive information that could make it easy for hackers to hijack your accounts, or worse, your identity. Even your boarding pass contains valuable details that could be reverse engineered to break into your frequent flyer account. Using just your last name and the record locator number on your boarding pass, hackers can likely find your phone number and any information about flights you have booked. It’s sure to put a damper on any vacations you have planned, so be careful about what you’re sharing online.

Whether you’re guilty of these behaviors or not, Discover will monitor thousands of Dark Web sites and alert you if they find your Social Security Number, or if new accounts appear on your Experian credit report. The service is free for cardmembers who sign up and is a good first step to putting you in the know. Terms apply. Learn more at Discover.com.