Cyber Mistakes That

Can Cost You

Everything
(A Practical Guide to Avoiding Online Scams and
Protecting Your Digital Life)

1|Page
 Introduction

• Theme: Staying safe in the digital age through

awareness, not fear.
• Goal: Teach readers practical, everyday habits
to protect themselves from scams, hackers,
and cyber frauds.
• Tone: Simple, non-technical, relatable
examples.

2|Page
 Index
1. Passwords & Account Security …………….4
2. Phishing & Social Engineering Attacks ……7
3. Social Media & Privacy Risks ……………..10
4. Device & Software Security ……………….13
5. Public & Unsecured Networks……………..15
6. Online Shopping & Payment Safety……….17
7. Fake Support & Tech Scams……………….19
8. Financial & Investment Frauds…………….21
9. Smart Devices & IoT Security……………..23
10. Cyber Safety Habits & Awareness………..25

3|Page
 Chapter 1
Passwords & Account
Security
The Common Mistakes
Many people still believe a single strong password is enough. In
reality, password reuse, ignoring two-factor authentication (2FA),
casually sharing OTPs, forgetting to log out from shared devices, and
not checking bank statements regularly are some of the most common
security blunders.
Cybercriminals thrive on these mistakes. A single leaked password
from one account can give them access to your entire digital life.
OTPs — meant to be your last line of defense — get handed over to
fraudsters every day. And while you may think a small unauthorized
bank charge is “just a glitch,” it’s often the start of something much
bigger.

Example 1 – The Reused Password Disaster

Meera, a school teacher, used the same password — Meera@1983 —
for her email, Facebook, and net banking. Hackers stole it from a

4|Page
shopping website data breach and reset her bank login, draining her
account before she even realized what happened.
Example 2 – The “Trusted” OTP Trap
Rajesh shared an OTP with a caller claiming to be from his bank.
Within minutes, ₹50,000 vanished from his account. The bank
informed him the transaction was authorized — by him — because he
gave away the OTP.
Example 3 – The Forgotten Logout
Rajat forgot to log out from his email on a university library
computer. The next user reset his bank password and stole his money
within hours.

The Solution
1. Use Unique Passwords for Every Account
o Make them 12–16 characters with a mix of uppercase,
lowercase, numbers, and special symbols.
o Avoid personal details like birthdays or pet names.
2. Enable Two-Factor Authentication (2FA)
o Use authentication apps like Google Authenticator or
Authy instead of SMS when possible.
o Enable 2FA on email, banking, and social media accounts.
3. Never Share OTPs — Ever
o Banks and companies will never ask for them over phone,
email, or chat.
o Treat your OTP like your ATM PIN — for your eyes only.
4. Always Log Out from Shared Devices

5|Page
 o Use incognito/private browsing when using public or work
computers.
o Clear saved passwords and session data.
5. Check Bank Statements Regularly
o Look out for even tiny suspicious charges — they may be
test transactions by hackers.
o Enable SMS/email alerts for every transaction.

Cyber Safety Checklist

• Use different passwords for different accounts.
• Enable 2FA on all important accounts.
• Never share OTPs with anyone.
• Always log out from public/shared devices.
• Review bank and credit card statements monthly.

6|Page
 Chapter 2
Phishing & Social
Engineering Attacks

The Common Mistakes

Phishing isn’t just about fake emails anymore — it’s an entire toolkit
of social engineering tricks designed to make you act before you
think.
Cybercriminals send emails, messages, or calls that look legitimate
but are actually traps. They exploit urgency, fear, or curiosity to get
you to click malicious links, download infected attachments, or reveal
sensitive data.
Modern phishing uses advanced tools — AI-generated emails,
spoofed SMS, deepfake voices, and even chatbots — making scams
harder to detect. Unverified surveys, fake government calls, and viral
misinformation also fall under this category.

7|Page
Example 1 – The Perfect Fake Email
Raj, a freelance designer, got an email from “PayPal” saying his
account would be deactivated unless he verified his details. The email
looked real — logo, formatting, grammar — but the link led to a fake
login page. Within minutes of entering his credentials, ₹50,000 was
gone from his account.

Example 2 – The Government Call Scam

Rajesh received a call from someone claiming to be from the Reserve
Bank of India, saying his PAN card was linked to money laundering.
Panicked, he gave away his bank details and OTP. Minutes later, his
account was empty.
Example 3 – The Giveaway Trap
Neha saw an Instagram ad for a brand giveaway and filled in her
name, phone, and email. Within days, she was flooded with phishing
emails and scam calls — her details had been sold to fraudsters.

The Solution
1. Verify Before You Click
o Check the sender’s email or phone number carefully.
o If unsure, contact the organization through their official
website or helpline.
2. Ignore Urgent Threats or Offers
o Banks, government agencies, and genuine companies will
never pressure you to act immediately over calls or
messages.

8|Page
 3. Avoid Random Surveys & Giveaways
o If a reward seems too good to be true, it usually is.
o Use a separate email and phone for non-essential sign-ups.
4. Recognize Deepfake & AI Manipulation
o Look for unnatural lip sync, robotic voices, or unrealistic
lighting in videos.
o Always confirm urgent requests with a direct phone call to
the person involved.
5. Use Spam Filters & Report Scams
o Mark phishing emails as spam so your provider can block
future attempts.
o In India, report suspicious calls/messages to 1930 or
[Link].

Cyber Safety Checklist

• Verify sender details before clicking links.
• Never share OTPs or banking info over calls or messages.
• Avoid unverified giveaways and surveys.
• Fact-check news and videos before sharing.
• Enable spam filters on email and messaging apps.

9|Page
 Chapter 3
Social Media & Privacy
Risks

The Common Mistakes

Social media is a goldmine for cybercriminals. Oversharing personal
details, leaving privacy settings wide open, accepting friend requests
from strangers, and trusting manipulated deepfake content all make it
easier for scammers to target you.
Many people believe they’re “too ordinary” to be a target, but
fraudsters don’t need celebrity-level fame — they just need enough
personal information to guess security questions, impersonate you, or
build trust before a scam.
10 | P a g e
Example 1 – Oversharing Without Thinking
Neha, a marketing executive, loved posting about her daily routine
and vacations on Instagram. When a fraudster called pretending to be
from her bank, he already knew her mother’s maiden name from a
birthday post she made. That was enough to reset her banking
credentials.

Example 2 – The Fake Friend Trap

Rohan accepted a friend request from a woman with mutual friends.
Over time, she gained his trust and convinced him to share personal
details. Eventually, his accounts were hacked, and the scammer
impersonated him to request money from his contacts.
Example 3 – The Deepfake Deception
Aman received a video call from someone who looked and sounded
exactly like his CEO, instructing him to transfer ₹5 lakh urgently. It
was a deepfake. By the time Aman realized, the money was gone.

The Solution
1. Limit what you post publicly — avoid sharing location, travel
plans, and personal milestones in real time.
2. Adjust privacy settings on all platforms so only trusted contacts
can see personal details.
3. Verify unknown friend requests before accepting; check their
profile history, photos, and connections.

11 | P a g e
 4. Be sceptical of urgent requests in calls or videos, even if they
appear to be from someone you know.
5. Avoid posting long videos or audio clips online that could be
used for AI-based voice or face cloning.

Cyber Safety Checklist

• Review and tighten social media privacy settings regularly.
• Avoid accepting requests from strangers.
• Share personal updates cautiously and preferably after events
have passed.
• Confirm unusual requests through direct, offline
communication.
• Limit audio and video content that could be used for
impersonation.

12 | P a g e
 Chapter 4

Device & Software

Security

The Common Mistakes

Our devices are only as secure as the software running on them.
Failing to install updates, downloading apps from unverified sources,
ignoring permission requests, or installing pirated software can open
the door for hackers.

13 | P a g e
These actions create vulnerabilities that attackers can exploit to steal
data, install spyware, or take remote control of your device.

Example 1 – Ignoring Updates

Ravi postponed his laptop’s operating system updates for months. A
hacker exploited a known vulnerability in his outdated OS through a
malicious email attachment, locking his files with ransomware and
demanding payment.
Example 2 – Blind Permission Acceptance
Meena downloaded a free wallpaper app and allowed all permission
requests without reading them. The app secretly read her OTPs and
forwarded them to hackers, leading to bank fraud.
Example 3 – The Free Software Trap
Rahul installed a pirated video editing program from an unofficial
site. Hidden malware stole his saved passwords, leading to
unauthorized access to his email and bank accounts.

The Solution
1. Enable automatic updates for your operating system, browsers,
and essential apps.
2. Download apps and software only from official stores or
verified company websites.
3. Review permissions before granting access — deny any that
aren’t essential to the app’s function.
4. Avoid cracked or pirated software, as it often contains malware.
5. Use reputable antivirus software and scan devices regularly.

14 | P a g e
Cyber Safety Checklist
• Keep all software and apps updated.
• Install only from trusted sources.
• Check app permissions before installing.
• Avoid pirated programs.
• Maintain an active antivirus program and run periodic scans.

Chapter 5
Public & Unsecured
Networks

The Common Mistakes

Public Wi-Fi networks in cafes, airports, hotels, and malls may be
convenient, but they are also prime hunting grounds for
cybercriminals.
Attackers can intercept your data, inject malware, or set up fake
hotspots to trick you into connecting.
Similarly, using unsecured messaging apps without encryption
15 | P a g e
exposes private conversations and sensitive information to
interception.

Example 1 – The Fake Hotspot Scam

Megha connected to “Cafe_FreeWiFi” while working at a coffee
shop, not realizing it was set up by a hacker a few tables away. He
intercepted her login credentials, accessed her email, and reset her
bank account password.
Example 2 – Messaging App Vulnerability
Amit discussed business deals over a free messaging app that lacked
end-to-end encryption. Hackers exploited a flaw to access his chat
history, leading to a serious data breach.

The Solution
1. Use a VPN to encrypt your data before connecting to any public
Wi-Fi.
2. Avoid logging into sensitive accounts or making financial
transactions on public networks.
3. Disable auto-connect and forget public networks after use.
4. Use messaging apps with end-to-end encryption such as Signal,
WhatsApp, or Telegram secret chats.
5. Never send passwords, banking details, or personal documents
over unsecured chat apps.

Cyber Safety Checklist

• Always connect to public Wi-Fi through a VPN.

16 | P a g e
 • Avoid sensitive transactions on public networks.
• Turn off auto-connect to unknown networks.
• Use encrypted messaging apps for private conversations.
• Keep sensitive information out of chats.

Chapter 6

Online Shopping &

Payment Safety
The Common Mistakes
The convenience of online shopping comes with serious risks when
buyers ignore basic safety checks. Fake e-commerce websites,
insecure payment gateways, phishing links, tampered QR codes, and
17 | P a g e
suspiciously cheap offers are common traps.
Entering card details on unverified websites or sending money
directly to sellers without protection can lead to financial loss and
identity theft.

Example 1 – The Fake Store Trap

Neha bought a luxury handbag from a website found via a social
media ad offering 80% off. The site looked professional, but it was
fake. After payment, the site vanished, and she never received the
product.
Example 2 – The Insecure Payment
Meera found a seller on Instagram who insisted on a direct bank
transfer, claiming her “payment gateway was under maintenance.”
Meera sent ₹5,000 and was immediately blocked.
Example 3 – The Tampered QR Code
Rohan paid his café bill by scanning the QR code on his table,
unaware that scammers had replaced it. Instead of ₹500, ₹5,000 was
transferred to a fraudulent account.

The Solution
1. Verify the website URL before entering any payment details.
Look for “[Link] and check for typos or unusual domain
endings.
2. Use only secure, recognized payment gateways like Razor pay,
PayPal, or Stripe.
3. Avoid direct bank transfers to unverified sellers.
4. Double-check QR codes for signs of tampering. If possible,
enter payment details manually through the official app.
18 | P a g e
 5. Compare product prices with official brand websites to spot
unrealistic offers.

Cyber Safety Checklist

• Verify e-commerce websites before making purchases.
• Use trusted payment gateways, not direct transfers.
• Inspect QR codes before scanning.
• Avoid deals that seem too good to be true.
• Check URLs carefully for authenticity.

Chapter 7
Fake Support & Tech Scams

The Common Mistakes

19 | P a g e
Many people trust phone numbers and websites they find online for
customer or tech support, without verifying if they are genuine.
Scammers posing as bank representatives, e-commerce support
agents, or tech company staff trick victims into sharing sensitive
information, downloading remote access software, or transferring
money to fraudulent accounts.
These scams often create urgency, making the victim feel they must
act immediately to fix a problem.

Example 1 – The Fake Bank Helpline

Ravi searched online for his digital wallet’s customer service number
and found one on a random webpage. The “executive” asked him to
install a remote access app to “resolve the issue.” Within minutes, the
scammer had taken control of his phone and transferred ₹50,000 from
his bank account.
Example 2 – The Pop-Up Warning Trap
Amit’s laptop displayed a pop-up claiming it was hacked and urging
him to call “Microsoft Support.” The scammer on the line convinced
him to give remote access, stole personal files, and pressured him to
transfer money to a so-called “secure account.”

The Solution
1. Always find official customer support contacts from the
company’s verified website or app.
2. Never install remote access tools like AnyDesk or TeamViewer
at the request of unknown callers.
3. Remember that no legitimate support agent will ask for your
password, CVV, or OTP.

20 | P a g e
 4. Ignore pop-ups that demand you call a support number —
legitimate companies don’t use scare tactics.
5. Use antivirus software to block malicious pop-ups and prevent
remote access exploitation.

Cyber Safety Checklist

• Verify customer support contacts through official channels.
• Never give remote access to unknown individuals.
• Avoid sharing passwords, CVVs, or OTPs over calls.
• Ignore unsolicited pop-ups claiming your device is
compromised.
• Keep your antivirus updated.

Chapter 8
Financial & Investment
Frauds

The Common Mistakes

21 | P a g e
Financial scams are no longer limited to suspicious emails from
strangers.
Fraudsters now use instant loan apps, fake work-from-home job
offers, and get-rich-quick cryptocurrency schemes to lure victims.
These scams often promise fast money, zero paperwork, or high
returns, but the reality is harassment, extortion, or total loss of funds.

Example 1 – The Instant Loan Trap

Anita needed urgent funds and downloaded a loan app from an online
ad. The app granted her ₹10,000 instantly but demanded ₹25,000 in
repayment within a week. When she couldn’t pay, the scammers
accessed her contacts and threatened to share edited photos to
humiliate her.
Example 2 – The Fake Job Offer
Arun got a WhatsApp message offering ₹50,000 per month for rating
YouTube videos. The recruiter asked for a ₹2,000 security deposit to
start work. After payment, the recruiter disappeared.
Example 3 – The Crypto Investment Scam
Rajesh saw an Instagram ad claiming a “guaranteed 5x return” on
cryptocurrency. After investing ₹50,000, he saw fake profits in his
account but couldn’t withdraw any funds. The platform vanished soon
after.

The Solution
1. Verify any loan app with RBI or government-approved lists
before applying.
2. Avoid job offers that ask for deposits, training fees, or
investments to get started.

22 | P a g e
 3. Never believe in “guaranteed” investment returns, especially in
crypto markets.
4. Research investment platforms thoroughly and use only
regulated, well-known exchanges.
5. Report financial scams to [Link] or the relevant
financial authority.

Cyber Safety Checklist

• Check loan apps for official approval before downloading.
• Never pay for job opportunities.
• Be wary of investment schemes promising unrealistic returns.
• Use regulated platforms for trading and investing.
• Report scams promptly to protect others.

Chapter 9
Smart Devices & IoT
Security

The Common Mistakes

Smart home devices like security cameras, doorbells, smart locks, and
voice assistants bring convenience — but also serious risks when left
23 | P a g e
unsecured.
Many users keep default passwords, ignore firmware updates, or leave
remote access enabled. Hackers can hijack these devices to spy,
record, or even control parts of your home.

Example 1 – The Hacked Camera

Raj installed a smart camera but never changed its default password
or updated its firmware. Hackers accessed the live feed, moved the
camera remotely, and later sent him an email demanding payment to
avoid leaking the footage online.
Example 2 – The Compromised Doorbell
Meena’s smart doorbell was hijacked by attackers who spoke through
it to scare her children. The default password was publicly available,
making it easy for hackers to take control.

The Solution
1. Change default passwords on all devices immediately after
installation.
2. Enable two-factor authentication if the device or its app supports
it.
3. Keep device firmware and apps updated to patch vulnerabilities.
4. Connect smart devices only to secure Wi-Fi networks with
strong encryption (WPA3 recommended).
5. Disable remote access unless it is essential.

24 | P a g e
Cyber Safety Checklist
• Replace default passwords with strong, unique ones.
• Enable two-factor authentication for device logins.
• Regularly update firmware.
• Use a secure, encrypted Wi-Fi network.
• Limit or disable remote access when not needed.

Chapter 10
Cyber Safety Habits &
Awareness

25 | P a g e
The Common Mistakes
Most cyberattacks succeed not because people lack technology, but
because they neglect simple safety habits.
Failing to stay informed, ignoring security checklists, or assuming “it
won’t happen to me” leaves the door wide open for hackers and
scammers. Cybersecurity isn’t a one-time task — it’s a lifestyle of
consistent awareness.

Example 1 – The Complacent User

Sahil followed basic safety rules for a while but stopped updating his
passwords or checking bank alerts. Over time, a phishing link slipped
through his inbox, leading to his email being compromised and
several accounts hacked.
Example 2 – The Misinformed Decision
Ananya acted on a viral social media post claiming her bank was
closing down. She transferred funds to a “safe account” mentioned in
the post, only to discover it was a scam. A simple verification with the
bank could have prevented the loss.

The Solution
1. Treat cybersecurity as part of your daily routine — just like
locking your house or wearing a seatbelt.
2. Keep up to date with the latest scam alerts and fraud tactics.
3. Maintain a habit of reviewing security settings on devices and
online accounts regularly.
4. Share cybersecurity tips with family and friends to help protect
them as well.

26 | P a g e
 5. Use checklists to make sure no essential safety measure is
overlooked.

Cyber Safety Checklist

• Review passwords, account security, and device settings
regularly.
• Stay informed through official alerts, cybersecurity blogs, or
government updates.
• Verify all urgent financial or personal requests before acting.
• Educate friends and family on common scams.
• Never assume you are too small a target for hackers.

27 | P a g e