5 Things Everyone Using the Internet Needs To Do Right This Second
Your digital life is under attack in ways you haven't even thought about. Here's how to fight back.
Another cybersecurity article telling you to change your passwords and use two-factor authentication?
Yawn.
You’ve heard that song before, and if you haven’t done those bare-bones basics by now there’s an entirely different conversation we need to have.
Here’s the thing: while you’ve been focused on all the usual suspects — like dodging ransomware and deleting phishing emails — cybercriminals have been in the kitchen, cooking up all new ways to deceive and exploit you, and this time they’re getting a helping hand from AI.
We’re only halfway through 2025 but AI-driven attacks have spiked by 67% since 2024, and over 30,000 vulnerabilities were revealed in the past year alone.
Put simply: the bad guys are getting more creative.
It’s time to evolve as an internet user and graduate to the next level of threat detection and scam evasion. Here’s how to do it, today.
1. Audit Your Browser Extensions Like Your Bank Account Depends on It (Because It Does)
Remember that cute little browser extension with the quirky mascot that promised to save you 5% on your next online order? Well that was 6 years ago. The company has been sold twice since then and the new owners are mining your personal info to sell to data brokers.
That fictitious story is rooted deeply in reality. Roughly one-third of all apps deemed “high-risk” and at least 1% known to be downright malicious, the more extensions you recruit to your browser, the more dangerous your web browsing becomes. It’s like having a one-in-three chance that your digital tag-alongs are actually just spying on you.
What to do right now:
Open your browser and navigate to the extension menu
Look at every single extension you have installed and if you don’t actively use it on at least a weekly basis, delete it
For each one you keep, check when they were last updated and read the recent reviews
Going forward, only install extensions from verified developers
Set a monthly reminder to repeat this process
We’ve all become accustomed to installing extensions with reckless abandon, but those days are over.
2. Stop Treating QR Codes Like Digital Magic (They're Not Always Friendly)
QR codes are everywhere right now. You scan them to get a restaurant menu, pay for parking, snag concert tickets… I swear I saw one on a stop sign the other day and I was tempted to scan it just for the heck of it.
Buy QR codes are basically just internet links in a fancy costume. You know that rule everyone tells you about not clicking random links in your email because it might be a scam? The same applies to QR codes, and cybercriminals are already using them to conduct attacks. The worst part is that the vast majority of internet users don’t know how to tell a malicious QR code from a safe one.
What to do right now:
NEVER scan a QR code that’s been stuck over another one — or a code that’s been slapped on a random object for no obvious reason
When at a restaurant, only scan a QR menu code that is specifically given to you (or etched into the table)
Before tapping the link that pops up when you scan a QR code, inspect the URL to make sure it’s a real, legitimate site
When paying through a QR link (like giving a restaurant tip or paying for parking), verify a QR is legit by asking an employee
If you’re not sure, DON’T scan… period
The QR code problem is bad enough that the FBI has issued warnings about fake QR codes on parking meters and other payment locations that steal your cash and, to make matters worse, result in non-payment penalties or even a towed car. Yikes.
3. Protect Your Phone Number Like It's Your Social Security Number
20 years ago if someone knew your phone number the worst you’d get is a prank call or two. Today? Your phone number is the master key to your entire digital identity, and the ways someone can hijack your SIM are growing by the minute. When they get in, they can gain access to everything you’ve protected with 2-factor authentication, like your bank account, email, and even work apps.
What to do right now:
Ask your mobile carrier what SIM protection features are available (most have them but you have to ask for them to be activated)
Add a verbal passcode to your wireless accounts that is required for any changes.
Delete your phone number from as many online accounts as possible
Consider a second line (through an app on your phone like Burner) specifically for financial and work accounts
Upgrade to an eSIM if your device supports it, as they’re much harder to hijack
Nobody is immune. Even the SEC — yes, the Securities and Exchange Commission — lost control of its Twitter account when an attacker tricked a mobile carrier into transferring the number to a different device. If it can happen to them, it can happen to you.
4. Become a DNS Detective (It's Easier Than It Sounds)
DNS attacks are a threat that nobody really talks about. It sounds way too hackery for most of us to care, but we should. Need convincing? Consider that nearly 90% of all organizations have dealt with DNS attacks and the average cost of those attacks is $950,000 globally.
By redirecting a DNS request, attackers can make scam websites seem legitimate, stealing logins, passwords, financial info, and any other information you accidentally give them.
What to do right now:
Change your home router’s DNS settings from “automatic,” which is usually the default, to Google’s (8.8.8.8).
If your router offers DNSSEC, enable it in the settings
If you notice a familiar website suddenly looks odd (or asks for a login when it normally logs in automatically), stop immediately and verify the URL
When on public WiFI, consider a VPN with built-in DNS protections
It might cost you 15 minutes of your day, but taking these steps only has to be done once (or whenever you get a new router), so it’s more than worth it.
5. Train Your Ears for the Age of “Vishing”
Ready for a scare? AI voice cloning is officially here and it’s already a significant thread in the cybersecurity landscape. It’s called “vishing,” and it’s terrifying. Criminals use it to extort victims and conduct social engineering attacks to trick family members into revealing personal information and even stealing large sums of money. The scariest part? Your voice can be cloned from just a few seconds of audio.
What to do right now:
Establish a verbal “safety word” with your family members and close friends and colleagues to verify your identity over the phone
Treat any urgent call for money or sensitive information with skepticism — hang up and call the person back on a verified number to be safe
Educate your elderly family members about this threat, as they are the most likely to be targeted
For businesses, implementing voice verification protocols should be a top priority
Companies like Truecaller are developing technologies that can detect computer-altered voices in an attempt to counter AI-generated voice calls. But, like any other scam, it’ll continue to be a cat-and-mouse game of new threats followed by crackdowns. Training your ears will always be your best defense.
The Bottom Line
The truth is, cybersecurity isn’t about having the latest antivirus software or deleting suspicious emails anymore. Criminals are on the cutting edge of new scam technologies and they’ll continue to use them against us.
The good news is that you don’t need a computer science degree to protect yourself. Be aware, be skeptical, and take action on these five fronts today to be better prepared.
Mike Wehner is a longtime technology journalist and lifestyle writer who has researched and collaborated with Jennifer Jolly on several major news stories over the past decade. His writing is featured in Yahoo!, TIME, USA Today, Engadget, and many other consumer technology publications. When he’s not writing, he’s probably walking somewhere.
 | A guest post by
|