Skip to Content
© Leo Lintang |
Tech tips

5 sneaky ways hackers can steal your data

Data is worth its weight in gold. Companies exist specifically to collect user data to sell to the highest bidder. You may have heard of a few of these companies, like Facebook and Google.

Of course, big corporations aren’t the only ones after your data. Hackers and cybercriminals steal and launder private information and use it for everything from identity theft to building spam mailing lists. Tap or click here to delete your online presence and shut out greedy advertisers.

To protect yourself, it’s important to understand scammers’ methods. Here are five tricks criminals use every day and how you can fight back.

1. The shadiest corners of the web

 © Yiorgosgr |

For hackers to get into your data, they need a point of access. To stay under the radar, hackers try to trick you into willingly letting them in.

The most common methods are phishing attacks and compromised websites. You’ve probably seen these deceptive landing pages or received obviously sketchy emails.

If you provide any information in these scams, the criminals will either exploit your information themselves or sell it on Dark Web marketplaces for a hefty price. Tap or click to see how 21 million stolen accounts were put up for sale on a Dark Web marketplace.

To stay safe, know the signs of a scam:

  • Never answer an email from an unknown sender or provide login or financial information unless you’re 100% sure the page you’re on is legitimate.
  • If you get linked to a login page from a website, email or text message, close the window immediately.
  • Ignore any attachments or downloads you encounter if you’re unsure about the sender or website.
  • Some malicious websites automatically download files to your computer without permission, and opening them will activate malware.
  • If a website ever downloads a file on its own, delete it immediately for the safety of your system. If you’re not sure if the site you’re on is legitimate, tap or click here for 3 ways to spot malicious websites.

2. Malware everywhere

Shady websites lead us directly to malware and malicious apps. Malware is extremely versatile and can aggressively steal your data without your knowledge. These apps can plant spyware, adware or worse on your smartphone.

But how do you know if you have a virus or malware on your computer or phone? Simple behavioral issues like the following are all signs of infection:

  • Slowdowns
  • Stuttering
  • Apps opening randomly
  • Unexplained pop-ups

You may also get complaints from friends and loved ones about spam emails coming from your email address, which is a sign your computer has been hijacked as part of a “botnet.” Tap or click here to see how one virus transforms PCs into spambots.

A strong antivirus and anti-malware program is essential to secure all your connected devices. Tap or click here for a comparison of all the top options.

3. One bad app spoils the whole bunch

© Suttipun Degad |

Most of the world’s most dangerous apps are developed for Android, but a small number of bad apps have historically made it through Apple’s draconian approval process.

With Android, Google’s own app store is so lax in its regulation that malicious apps make the cut at least once a month. Tap or click here to see the latest batch of malicious apps found on Google Play.

Since anyone can sign up as a developer and post their app to Google Play, it’s easy to design one that looks normal on the surface but collects your data when you’re not looking.

Apps found on third-party app stores are even riskier, as these platforms contain no oversight whatsoever — and compared to Google Play, that’s saying something.

To avoid malicious apps, read the download page thoroughly. Here are a few red flags to look for:

  • Poor spelling and grammar
  • Wild claims and promises
  • Suspicious settings requests

Don’t forget to check the reviews of apps you want to download. Compare the number of reviews you see against the overall score of the app, and take the time to read some to be sure it’s legitimate.

A program with thousands of downloads but only five perfect reviews is likely a fake. Legitimate apps usually have a diverse mix of reviews with detailed information that helps users.

If the reviews lean too heavily toward the positive, that’s also a sign they may not be trustworthy. Use your best judgement and if you have any doubts, don’t download the app.

4. Asking permission to hurt you

Any app you install on your smartphone asks permission before accessing your data. This often happens in the background, but the operating system requires certain functions and ask for your consent before continuing. These are the pop-ups you see about “permission to access the camera and microphone.”

But malicious apps ask for permission too. Usually, they’re very subtle about it, with some only showing what they ask for on the download page. Again, you need to pay attention. Read permissions requests carefully.

Too many unusual requests for functions irrelevant to the app is a red flag, like a calculator app that requests access to the camera and microphone. Tap or click here to see how thousands of fake apps on Google Play required unusually broad permissions while installing.

If you’re worried about whether your phone is infected with malware, monitor your activity and battery usage. Malicious apps tend to use excessive amounts of data without your permission, and their method of sharing data can drain your battery.

Here’s how to check your phone to see which apps use data and drain your battery:

On iPhone:

  • Check how much data your apps are using by opening Settings followed by Cellular.
  • Scroll down to see which apps are using cellular data, as well as how much they’ve used in your last billing period.
  • See how much battery your apps are using by opening Settings, then tap Battery and scroll down.

On Android:

  • Open Settings, followed by either Battery or Data Usage.

You can also check the individual permissions of apps within iOS and Android to see if they’re doing something they shouldn’t be. Remember, you’re looking for permissions that don’t make sense for the app.

An example of this would be an app to track deliveries, but it requests access to your microphone and camera. Tap or click here for an app that helps you track all your holiday gift deliveries in one spot.

Here’s how to check your permissions settings:

On iPhone:

  • Open Settings followed by Privacy.
  • Select any of the menu options, like Location Services or Microphone to see which apps have access. The apps will have toggles next to them you can turn off to revoke an app’s permissions.

On Android:

  • Open the Settings app and visit the Apps & notifications menu.
  • Tap on the app you want to examine.
  • If you don’t see the one you’re looking for, tap See all.
  • From this page, tap Permissions to see everything the app has access to.

Just like with iPhones, you can turn individual permissions off. If an app requires too many unusual permissions, you may want to consider deleting it to be on the safe side.

5. Unencrypted is unacceptable

© Teerachat Aebwanawong |

One of the most classic hacker (and spy) tactics is intercepting data transmissions. This means hackers wait for you to send something like a text or email and they capture it while it’s “up in the air.”

Modern encryption technology makes this method much more difficult for hackers, but that doesn’t mean they’ll ignore an unencrypted app or connection. In fact, it’s likely to trigger a feeding frenzy.

To keep your communications safe, consider the following:

  • Use an encrypted messaging app. Apple’s iMessage is encrypted by default.
  • Some third-party apps like WhatsApp, Telegram and Signal are also encrypted and are compatible with Android. Tap or click to see 3 ways to send encrypted messages on your Android.
  • While browsing online, always look for a small icon shaped like a lock in the address bar to see if your connection is secure and encrypted. Many malicious websites are intentionally left unencrypted for this exact reason. If the lock isn’t there, click the back button or close out of the window immediately.

Bonus: Encrypt your internet connection with the only VPN Kim trusts

VPNs are another excellent way to hide your internet traffic from snoops and cybercriminals. Short for “virtual private network,” VPNs route your internet traffic through a server located anywhere you’re not, and cloaks your traffic in highly-secure data encryption.

When it comes to choosing a VPN, Kim recommends ExpressVPN, which offers more speed and security without breaking the bank. Get three months free when you sign up for one year at

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days