Whether you read email, check social media, or do most anything online, your internet behavior may put you at risk. Hackers and scammers can take advantage of your online movements to get your financial data and other sensitive information. To stay safe and protect your identity, make sure you avoid these everyday habits that leave you vulnerable online.

1. YOU IMMEDIATELY OPEN UNFAMILIAR EMAIL.

If you don’t think twice before opening an email (or attachment) from an unfamiliar sender, you put yourself at serious risk of phishing. Phishers are scammers who send emails containing links or attachments that, once you click on them, can trick you into revealing your login information or infect your computer with malware or ransomware. To make you more likely to open such emails, some phishers even make it look as though your bank or someone in your contacts list has sent the email.

Be mindful before opening any unusual emails, and pause before clicking on links or attachments that seem suspect. Before you click on a link that appears to be from your bank, for example, go directly to your bank’s website or call your bank to determine if the email is legitimate.

2. YOU OVERSHARE ON SOCIAL MEDIA.

It’s easier than ever to share details of your life, but all that social media sharing can leave you vulnerable to identity thieves, who can piece together information you share to crack your passwords and answers to security questions. If you don’t want to make your social media accounts private, consider strengthening your security settings. Disable location sharing, don’t reveal your birthday or the first concert you attended, and give a second thought to telling the world (and potential thieves) that you’re on vacation. Better to post after you’ve returned!

3. YOU REGULARLY CONNECT TO PUBLIC WI-FI.

Although you may enjoy setting up a makeshift office in a coffee shop or public space equipped with Wi-Fi, tread carefully. Whether they’re unsecured or secured (requiring a password), public Wi-Fi networks make it easier for hackers to see everything you do while you use the connection. If you must use public Wi-Fi, never log into banks or social media accounts, and consider using a virtual private network (VPN) to protect your sensitive data.

4. YOU ACCEPT INVITATIONS TO CONNECT FROM STRANGERS.

Although online platforms offer legitimate professional networking opportunities, be wary of impulsively accepting invitations and requests from strangers. Cyberstalkers can use social networks to gain information on potential victims and send unwanted or harassing messages. Before you add a stranger to your social networks, take a good look at his or her profile and consider the risk.

5. YOU USE THE SAME PASSWORD FOR MULTIPLE ACCOUNTS.

You already know that your passwords should be strong. But besides using long combinations of random numbers, letters, and symbols, you should also make each password you use unique to that account. If you use the same password for multiple accounts, a hacker who gains access to one account also has access to your other accounts. So keep separate passwords for your credit card company, social media profile, and online shopping account, and change them every few months.

6. YOU FORGET TO INSTALL SECURITY AND SOFTWARE UPDATES.

The operating systems, browsers, and software programs you use on a daily basis are vulnerable to security breaches. Thankfully, software updates and patches address many security flaws, but hackers are continually looking for new ways to exploit weaknesses. Set up auto-updates on your computer’s operating system and browser, and periodically make sure that you’re using the latest version of your antivirus software.

7. YOU LEAVE YOUR COMPUTER UNATTENDED.

Many hackers use sophisticated techniques to gain access to your data without your knowledge, but some criminals are more low-tech. If you regularly leave your computer, phone, or tablet unattended, you put your sensitive information at risk. Even leaving your devices unattended for a few minutes—while you go to the restroom or get coffee—can leave you vulnerable. The United States Computer Emergency Readiness Team (US-CERT) recommends that you lock your computer any time you’re away from it. Protect your computer with a password that you must enter each time you use it, and close your laptop’s lid (or put it to sleep) when you step away from it.

8. YOU RELY ON AUTOFILL.

When you’re logging in to an account or doing online shopping, autofill and autocomplete features can save a ton of time. But storing your name, address, phone number, and credit card information makes your data seriously vulnerable to cybercriminals. Make sure you disable autofill on your browser, and take the extra time to manually type in your credit card number each time you buy something. It may seem like a hassle now, but it’s a breeze compared to dealing with identity theft.

9. YOU OVERLOOK YOUR OLD ACCOUNTS.

Whether you have to create a username and password to read a random article or try a yoga class at a new studio, it’s easy to rack up a large number of online accounts. But having your name and email address—as well as phone number, address, and payment information—stored on multiple unused accounts can put your data at risk. Keep track of every new online account you open, and delete any accounts you no longer use. Doing so will ensure that only the companies and platforms that you’re active on will have access to your data.

It’s always better to be safe than sorry online, and that begins with staying in the know. Discover will help you by monitoring thousands of risky websites and alert you if they find your social security number. And it’s free for cardmembers who sign up. It won’t solve all vulnerability issues, but it’s a good first step to putting you in the know. Learn more at www.discover.com/freealerts.