"In the last five years, the bad guys have gotten as good as or better than the good guys," said Robert Siciliano, security expert with McAfee, the Santa Clara, Calif.-based online security company.
Here's some advice to protect yourself:
Beef up passwords: Too many of us use the same, wimpy passwords, whether it's for banking, shopping or socializing. If just one account gets hacked, they're instantly all vulnerable.
Passwords should never be: a dictionary word, a sequence of numbers/letters (i.e. 45678 or abcdef) or anything that's personal (your kid's name, dog's name, your anniversary).
Instead, they should be: at least 8 characters, a mix of upper-/lower-case letters, a combination of letters and symbols (, &, $, etc.)
Try to make it something you can easily remember. Use the first letter of each word in a favorite phrase or song title, for instance. If you're on a site like Amazon.com, suggests Levin, include the letters AZ.
Too many passwords to remember? Use a password manager, which stores multiple passwords in an "online safe" where you only need one password for access. "They let you randomly generate strong passwords for all your accounts and store them securely," says Joanne McNabb, chief of California's privacy protection office.
McNabb said there are free versions: KeePass (for Windows, OS X, Linux, Android and iOS), Password Safe (Windows) and Keychain (Mac).
Skip the quizzes: All those trivia quizzes, polls, surveys and personality tests that populate the online universe may be perfectly benign. Or they could be a cyber crook trying to assemble puzzle pieces of your identity.
Answer with caution: When signing up for online accounts, we're often required to answer selected security questions: your first pet, favorite color, mother's maiden name, high school mascot.
But if someone wants to break into your online accounts, every answer they need could already be out there via social media.
Instead, use fake answers that you'll remember or repeat the same answer to every question: "Dog," for instance.
Don't click: You get an email from a friend, who wants to share a link to a cute video, political commentary or an intriguing story.
Problem is: It might not really be your friend, but an impostor. Or your friend may unwittingly be sharing an infected link that could worm its way into your computer.
"Don't click links in the body of an email. Ever," said McAfee's Siciliano.
Social media savvy: There are ways to reduce your risks while still enjoying online socializing, McNabb said. Never post your email address or your full birth date (especially the year). Lock down your account so it's viewable to "friends only." Don't accept friend requests from people you don't know.
Palm of your hand: Your mobile phone can be a source of cyber intrusions, either by downloading apps infected with viruses or clicking on texts/links that try to con you into disclosing financial or personal information.
At the very least, McNabb said, everyone should use a password on mobile phones.
And don't click on the "Save my Password" feature, said Adam Levin, founder of IdentityTheft911. That feature could provide instant access to everything stored on your phone.
Check your accounts: Siciliano says he carefully scrutinizes his monthly credit card statements. "If you're not looking at your statement frequently, the next thing you know you're paying for dinner of a cyber-thief."
Same for your credit reports. Check yours to ensure that no fraudulent accounts have been set up in your name.
Get security patches: Update your computer with the most current anti-virus and anti-spyware security. Most newer PCs will do automatic updates, but if you have an older PC that requires manual updates, it may be time to upgrade.