In today's world, protecting your personal information feels like an uphill battle. With the rise of sophisticated email and text scams, it's no wonder that many of us are worried about our private messages—whether they are sensitive emails, medical records, or bank statements—falling into the wrong hands. Although the number of fraud reports in 2024 was little changed from the previous year, more people lost a lot more money to fraud. Among the one in three who reported fraud, the overall loss amounted to $12.5 billion (up $2.5 billion from 2023), according to the Federal Trade Commission (FTC). More than $3 billion of this was lost to scams that started online, particularly on social media. By comparison, approximately $1.9 billion was lost to more "traditional" contact methods, like calls, texts, or emails. However, people lost more money per person (a median of $1,500) when scammers on the phone contacted them,

Of those who reported losing money, 79 percent—who sustained a total of $2 billion in losses—were lured into making bank transfers or direct payments in the false belief that they would profit from an investment. The median loss in these cases exceeded $9,000. Cryptocurrency investments were second among the successful scams (leading to an overall loss of $1.9 billion in 2024). Fake employment offers were another source of loss between 2020 and 2024; reports of such scams nearly tripled, and losses in that period grew from $90 million to $501 million. Victims tended to be younger (those aged between 20 and 29 reported losing money more often than did those over 70), but older adults continued to lose more money to scammers than did any other age group.

But here's the good news: you don't have to be a tech expert to guard your privacy. Simple changes to the way you send and receive messages can make a huge difference in protecting your information.

Why Your Messages Are at Risk

Every day, you likely send personal emails or texts containing photos, receipts, or other sensitive documents. You might share your tax files with an accountant or send a prescription record to your doctor. But just like postcards that travel through the mail, digital messages are not always as private as you might think. The reality is that without proper protections in place, these messages and their attachments can be intercepted by people you wouldn't want to see them.

Take John, for example. He received a text that appeared to be from FedEx, notifying him of a delivery. Intrigued, he clicked on the link in the message. Within hours, unfamiliar expenses appeared on his credit card. The link he clicked had immediately installed spyware on his phone. Scams like this are becoming increasingly common, with 3.4 billion phishing emails sent daily around the world. The danger is real and growing.

"Scammers want you to panic and act fast. That's their game," State Senator Marty Flynn of Pennsylvania says. "Always take a moment to verify the information. If you are unsure, go directly to a trusted source … or app before taking any action."

Scammers are increasingly using text messages to scam consumers. Reports to the Federal Trade Commission's Consumer Sentinel Network provide encouraging news for the scammers: text message scams soared in 2024, resulting in overall losses of some $470 million, more than five times what was reported in 2020. Because the reports probably represent only a fraction of the incidents, the actual losses are likely to have been much greater.

How Scammers Target You

Scammers use a variety of strategies to exploit their victims. One common tactic involves the use of public Wi-Fi networks—like those in coffee shops or airports—to "listen in" on emails being sent over the air. If you're not careful, they can easily grab your sensitive information.

Then there are phishing attacks. These are emails that look real, sometimes even appearing to be from your bank or Netflix, which can trick you into revealing your password or downloading malicious software. In fact, 94 percent of malware is delivered via email attachments, so opening a seemingly innocent file can be dangerous. Scammers have two basic objectives: either to steal your personal information or to install malware on your device. Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent daily, and about one-fifth of these originate from Russia. In 2021, one out of every five internet users was victimized by phishing attacks. When a database is breached, hackers often sell it on the dark web, where cybercriminals can purchase and then exploit it, using the leaked addresses for further phishing attacks. The incidence of phishing has only increased since 2021.

BecauseLinkedIn is used by more than 850 million people across more than 200 countries and regions, it has become a primary target for email phishing attacks: 42 percent, compared with 20 percent for Facebook (Meta) and 9 percent for X (formerly Twitter) in 2021.

Phishing is also the principal delivery method for ransomware. In a typical ransomware attack, a computer or network of computers in an organization is encrypted, preventing the user from accessing data until a ransom has been paid, often in cryptocurrency, to the hacker or hackers responsible. The user is tricked into opening a so-called Trojan (deriving its name from the legendary Trojan Horse, which was used by the ancient Greeks to invade the city of Troy) in the belief that it is a legitimate file, which then triggers the malicious software. Health firms, hospitals, health insurance organizations, and even small cities in the United States have been targeted. The ultimate costs reached a peak in 2023—a record $1.25 billion—only to fall off sharply to $813 million in 2024, according to blockchain intelligence firm Chainalysis. This suggests that the hackers no longer regarded this particular crime as being among the most potentially lucrative.

Individuals are frequently targeted by hackers claiming to have compromising information and photos and threatening to send them to the victims' friends and families unless they pay up. "It's just personalized enough to make you stop … no matter how savvy you are, you're going to say, ‘Wait a minute, is this real? Is this me?'" says Dan Ackerman, editor-in-chief of Micro Center News. In a 2024 interview with CBS News, Ackerman pointed out that scammers typically send out hundreds of thousands of emails. He advises potential victims to watch for three signs in particular: urgent deadline, awkward wording, and generic language.

"It never says what you've been doing in your house, on your webcams, on what devices. [There are] no specifics like that, and that's how you know they're not real. They're usually not written very well." In such cases, he advises people not to reply, not to pay any money, and to report the email.

Another risk is sending information to the wrong recipient. A single typo in an email address can expose your private details to unintended recipients.

Easy Ways to Protect Your Privacy

There are a few simple steps you can take to keep your information secure.

First, password-protect your files before you send them. If you're sharing sensitive material like bank statements or legal documents, add a password to the file. For Word documents, go to "File > Info > Protect Document > Encrypt with Password." For PDFs, tools like PDFtkorAdobe Acrobat work well. Even images or folders can be zipped and protected with passwords. Just don't send the password in the same email; text or call the recipient with it instead.

Next, consider using cloud links instead of attachments. Upload your files to a secure cloud service like Google Drive, Dropbox, iCloud Drive, or OneDrive and share a view-only link. These services even allow you to add password protection and expiration dates.

Nonetheless, scams targeting cloud storage are still prevalent. Scammers sometimes send messages claiming that your cloud storage is full, pressuring you to click a link and "resolve" the issue. Here's how to spot such scams and stay safe. An email or text that appears to be from Apple, Microsoft, or Google, claiming you're out of storage, should be treated with skepticism, even if the message looks legitimate. First, ensure you have cloud storage with the company that appears to be emailing you. If you do have such an account, contact them directly. But don't click the link in the message. Instead, use a number or website you know to be real, or log into your cloud account to see if you really need more cloud space. Otherwise, the message might be a phishing scam that you should report and delete.

Take a cue from Kevin, a college student, who shared his scholarship paperwork with his advisor using OneDrive, a cloud-based service. He could track when the file was opened and even revoke access if needed. It's a safer, smarter way to share files in the cloud. The same precaution holds in working on a Google Doc. In one Google Docs phishing scam, users were tricked into clicking fake document-sharing links that spread malware. If someone invites you to edit a file in Google Docs, don't open it—it may be spam from a phishing scheme. As detailed on Reddit, the attacker sends targets an email invitation from someone they may know, takes them to a real Google sign-in screen, and then asks them to "continue to Google Docs." What the victims don't know is that by doing this, they're giving permission to a (malicious) third-party web app that's simply called "Google Docs," which gives phishers access to their email and address books.

If you suspect a phishing scam, forward the email to the Anti-Phishing Working Group at report phishing@apwg.org. Report phishing text messages in the messaging app you use or forward the text message to SPAM (7726). You can also report the phishing attempt to the Federal Trade Commission at ReportFraud.ftc.gov.

Another helpful tip is to switch to privacy-focused email services. If you're concerned about security, consider providers likeProtonMail, which offers end-to-end encryption; Outlook Encryption; or iCloud Mail, which automatically protects your messages on Apple devices. With services like these, you can even unsend messages or set them to expire after a specific period, giving you more control over your communication. Organizations like Altra Credit Union have avoided data breaches through cloud-based email encryption, which has built customer trust and security.

Before hitting "send," take a moment to double-check. Ask yourself if you're sending something sensitive. Are you sure the recipient's email or phone number is correct? Would you be okay if this information became public? If something feels "off," trust your instincts and verify the sender's identity before you act.

And don't forget the basics: keep your devices updated. Hackers love exploiting outdated software, so make sure to turn on automatic updates for your computer, phone, and apps. Also, use strong, unique passwords for each account, and enable two-factor authentication (2FA) wherever possible to add an extra layer of protection.

"Using only one factor—say, something you know, like a password—to log in to your account is like having one lock on your front door. And not a very secure one," according to the Federal Trade Commission. "Using two-factor authentication is like using two locks on your door—and is much more secure. Even if a hacker knows your username and password, they can't log in to your account without the second credential or authentication factor."

What to Do if You're Hacked

If the worst happens and your information is compromised, don't panic, but act quickly. Begin by updating your passwords on critical accounts, such as email and banking, as well as any other services that share the same password. Then, warn your contacts. Let them know that your account was hacked so that they don't fall for follow-up scams. Finally, monitor your accounts closely. Regularly check your credit card and bank statements for suspicious activity, and consider setting up fraud alerts through services like Credit Karma or Experian.

Real-Life Examples

A few real-world cases will illustrate how these protections work. Take cloud-storage security. Scammers often trick users into clicking on fake links to Google Docs, spreading malware across devices. But with the proper security practices, cloud storage can be a safe way to share files.

In the case of ProtonMail, a software company, which, in contrast to other email services such as Gmail and Microsoft, promises users privacy, asserting that it is free from surveillance. Similarly, companies like Altra Credit Union have been able to protect their clients by using end-to-end encryption, keeping sensitive customer data safe from prying eyes. By integrating these privacy measures, they've built trust with their clients and safeguarded their personal information.

Proton has also established a reputation for security with the introduction of Lumo, a privacy-first artificial intelligence (AI) chatbot. In contrast to other AI platforms introduced by companies such as Google, Meta, OpenAI, and Anthropic, Proton's AI system was trained on publicly available sources, including books, articles, and websites, up to October 2023, which the company maintains minimizes the possibility of hallucinations (false information) and protects privacy, since it doesn't store logs of conversations on its server, even though it cannot browse the web, use conversations, or update information.

You don't have to be a tech wizard to protect your privacy; just follow these simple steps, and you'll be ahead of the game. Remember, if something feels off, don't click on it. Take a moment to verify the sender's identity before taking any action. After all, your privacy is worth the few extra minutes it might take to protect it.

Gaurav Mittal is an expert in cybersecurity, data science, and IT. For two decades, he has led high-performing teams in cloud computing, machine learning, and data security. A thought leader in AI and automation, Mittal has published articles on optimizing ML (machine learning) deployment, securing email communications, and automating workflows. He is an AWS (Amazon Web Services)-certified cloud practitioner, a Lean Six Sigma–certified professional, and a contributor to the Observatory.

This article was produced for the Observatory by the Independent Media Institute.