IE 11 is not supported. For an optimal experience visit our site on another browser.

The Surprising Reason Why You Keep Getting Hacked

Despite the constant threat of getting hacked, many people still aren't motivated to protect their personal information, according to one new survey.
Rafe Swan / Getty Images

Cyber Monday is upon us — and one in four shoppers will get hacked this holiday season. If it's already happened to you, the chances are that it will happen again. That's because many people still aren't motivated to protect their personal information, according to one new survey.

The just-released 2016 Norton Cyber Security Insights Report, which surveyed 21,000 people in 21 countries found that:

  • Seventy-six percent know they must actively protect themselves when they go online, but they still share passwords and engage in risky behaviors
  • Forty-four percent said they feel overwhelmed about the sheer amount of information they’re responsible to safeguard
  • Thirty-five percent have at least one unprotected device, leaving them vulnerable to various online attacks.

“It’s really a huge disconnect,” said Kevin Haley, director of security response at Norton by Symantec. “People always think it’s someone else who’s doing risky behavior or someone else who’s doing the wrong thing.”

But while we remain complacent, hackers are improving their technical capabilities and re-engineering their scams — and it’s paying off. Norton found that:

  • 689 million people in the 21 countries surveyed experienced cyber crime and spent nearly $126 billion to deal with the consequences within the past year
  • Nearly 107 million of these victims were in the United States and they spent a total of $20 billion to deal with the damage
  • The U.S. is the most susceptible developed country for cyber attacks, with 39 percent of American adults experiencing such a crime in the past year.

The Millennial Conundrum

Millennials remain the most common victims of cyber crime. Forty percent said they’d been burned in the past year. Despite growing up with the internet, millennials exhibit what the report calls “surprisingly slack” online security habits.

“They’re on the web more than other groups, so there’s certainly more opportunity for them to get in trouble, but then they’re not taking basic steps to protect themselves,” Haley told NBC News.

Millennials are twice as likely (35 percent) as other age groups to share their passwords with others — a practice that clearly compromises security. Many millennials don’t even protect their digital devices with passwords. Or if they do, they use weak passwords that are easy to crack.

One surprising finding: Cyber crime victims often continue the unsafe behavior that got them into trouble in the first place. While they’re more likely to use a password on every account, they’re more than twice as likely as non-victims to share these passwords. Victims are also more concerned about the security of their home Wi-Fi networks, but less likely than non-victims to password protect them.

Many People Still Can't Spot Phishing Attacks

Phishing scams have been around for about two decades now. Hackers use spoofed email, designed to look like a legitimate communication from a trusted source, to get people to click on a link or open an attachment. Those who take the bait either install malicious software on their devices or land on a look-alike site designed to steal their personal information.

The majority of those (80 percent) who fell for a phishing scam and did something that compromised their security told Norton that something bad happened as a result: identity theft, money stolen from a bank account, credit cards opened in their name or unauthorized apps installed on their device.

“Hackers have become so sophisticated that consumers still have a hard time identifying the fake emails,” the report noted. Nearly half of those surveyed said they aren’t sure how to tell a real email from a malicious one. Around 13 percent of people said they simply guess between a real message and a malicious one.

And that’s nearly impossible to do, since the bogus email looks totally legit.

Related: Test Your Phish-Spotting Skills with This Pop Quiz

“The logos and colors look real, the grammar and spelling is now perfect,” said Adam Levin, chairman and founder of Identity Theft 911. “It’s completely different from the old days. And you really believe you’re dealing with someone of authority, but you’re not."

Because they’re so successful, phishing attacks are on the rise. The Anti-Phishing Working Group recently reported that phishing attacks in the second quarter of this year “shattered all records to reach an all-time high.” APWG detected 466,000 unique phishing sites designed to look like a real site and steal personal information.

The bottom line: None of the companies you deal with will ever send an email asking you to click a link and provide them with personal information.

Herb Weisbaum is The ConsumerMan. Follow him on Facebook and Twitter or visit The ConsumerMan website.