Cyber security is a complex but essential reality of today’s world. It can seem a little overwhelming at times–physical security is much simpler: you have a gun, you point it at the door, you shoot bad guys if they come in and try to hurt you or your family. If they climb through the window, you push them back out. Hackers, on the other hand, are entering through windows and doors you never even knew existed. Instead of your jewelry and television, they’re after your personal information.

That’s where a lot of people shrug off the severity of the situation. Despite differing opinions toward the value of privacy, many would admit that they don’t really have ultra-sensitive information lying around on their Facebook or Instagram profiles. Most people realize that identity theft is a real threat, but short of stealing credit card numbers many are unsure as to how this is actually a threat.

AP Photo/David Goldman

Alex Green, former Army Ranger (TSE) and founder of Windsor Security, provides cyber security for home and small to medium businesses. Few people know the ways you can use personal information to your advantage more than him. “Let’s take phone numbers,” he said, “most people don’t realize that Facebook shares your phone number by default. What can you do with a phone number? Everything. From a myriad of information gathering websites, you can quickly find names, email addresses, actual addresses, social media profiles, and if you dive deep enough, social security numbers.” During the interview, Green pulled up a scary amount of information about myself–past addresses, family members, old and new email addresses, and other things I’d rather not write about here.

“Okay, so what?” was my next question. None of that information could be used to effectively blackmail or coerce me into doing anything, and just knowing all my email addresses doesn’t mean they have access to them.

There are a few types of information: personally identifiable information, financial information and healthcare information. People can shove “identity theft” in your face all day, but what really happens? “Usually, a full-fledged identity theft incident will include some or all of the following; modifying and stealing your tax returns (have fun with the IRS), apply for loans, open lines of credit (which will be used to decimate whatever credit you have), pay their bills, transfer money, etc.” Green added that there has been a recent uptick in people filing fraudulent insurance claims and acquiring prescription medicine.

You don’t have to be on Ashley Madison to have something to hide – AP Photo/Lee Jin-man

Beyond identity theft, they can use your information to launch spam or phishing attacks. They adopt your welcoming, natural persona to seem more legitimate to their next victims. Finally, if they do find something blackmail-worthy, they can use that against you too. These people can be creative–what might not be illegal might still be leveraged against you. There are a lot of things we don’t want our wives, husbands, kids or parents to see–even if it’s not illegal or immoral. Especially if it is.

Your personal information is everywhere | Top 5 phone apps that make you more private and secure

Read Next: Your personal information is everywhere | Top 5 phone apps that make you more private and secure

“Because we’re human, we like shortcuts. In cyberspace, this generally ends up manifesting by using the same passwords pretty much everywhere. You’re only as strong as your weakest link,” Green says. If you have the same one or two passwords across multiple sites, then you’re relying on the website with the weakest security to keep your password safe. Sometimes they’ll find a password, go to the most popular 20 banks and use your email and try that password on all of them. “What’re the chances of that actually working?” Green asks, “Spoiler alert: surprisingly high. Even if that fails, how about getting into Amazon accounts?” That opens a whole different can of worms.

Let’s say you have different passwords for every website. You keep your phone number a secret and you’ve locked down your social media profiles so they don’t publicly share any information to anyone. Maybe you even changed your Facebook name to something random and your profile picture to a lake, frustrating your entire circle of friends when they suddenly have no idea who you are. Are you safe now?

If you received an email saying that your email might be compromised and you need to change your password, would you? You probably should. It’s easy to say that, but how would you do it? Would you check the certificate information from the sender to determine that it was actually Google telling you to do so before you click the link? Would you click on your account settings and change your password via the menu, or click on the link in the email? Phishing keeps happening because, well, it still works. Someone is going to click that link. Someone is going to get their email compromised. Then it’s a free for all. The extremely security conscious aren’t the targets of these types of attacks; that’s simply too time consuming for the hacker underground to deal with. It’s the people who don’t spend the time to carefully manage their cyber security efforts that are ripe for picking. Most people aren’t targeted; they just fall into traps.”

Hackers get creative, it’s what they do. They use a potent mix of social engineering and technical know-how to use your information for their benefit. Staying on top of your game, keeping your information relatively private and only interacting with trusted emails and messages is a good start to encouraging hackers to move and head to an easier target.

AP Photo/John Locher

Featured image courtesy of AP Images.