It’s the oldest online scam in the world: Send out an official looking e-mail saying your password is out of date, and trick people into clicking it.

But you can protect yourself from phishing schemes.

If 2016 has taught us anything, it’s that we need to be more careful with our online safety. On Wednesday Yahoo announced that a breach three years ago may have resulted in the theft of data from 1 billion of its users. It follows other recent announcements from LinkedIn, Dropbox and Tumblr.

Hillary Clinton lost the expected win for the presidency, thanks to many factors. The hacking of her campaign e-mail didn’t help. How did it happen? Clinton’s campaign manager apparently thought the request from Google to change his password was official. The CIA thinks the email scams were courtesy of Russia.

1. BE WARY OF E-MAILS WITH LINK REQUESTS

Very simply–if you see an official looking communication from Google, Facebook, Amazon or any entity, directing you to take action by clicking a link–don’t!

Click it, and the bad guys can tap into your digital identity and wreak all sorts of havoc.

2. COMPANIES DON’T ASK FOR PASSWORDS IN E-MAILS

Hackers are really good at creating phony e-mails that look like the real thing. But here’s what Facebook says:

The company “will never ask you for your password in an e-mail or send you a password as an attachment.”

The same goes for the IRS, banks and other officials–if you’re under an audit, you’ll be notified by the US mail. You don’t need to sign into an account that’s probably bogus.

3. HOW TO ID A FAKE E-MAIL

Fake e-mails look usually spot on, but there’s usually a typo, a mis-spelled word, a contact address that isn’t a google.com or amazon.com home, but instead a webmail address.

And it usually has an address with http:// instead of the more secure HTTPS, which is what the big online firms use. The S stands for secure, by the way.

4. WHAT IF A FRIEND SENDS E-MAIL WITH JUST A LINK?

Be wary, inspect it, ask the friend what the intent was before agreeing to click on the link.

If the e-mail is from a company, and you’re addressed as “sir” or “madam” and not by your name, and you’re also asked to fill out a form, a simple solution–don’t.

5. MOBILE MAKES IT HARDER

In an age where we live on our mobile phones, these fake e-mails are smaller, harder to spot, so you’ll need to be that more diligent and take the time for inspection.

6. HOW TO RESPOND TO A COMPANY WE TRUST?

Google, Facebook, Amazon, Apple and and other companies routinely ask us, via an e-mail, to update our passwords when we’ve forgotten them. Their pages look authentic, and they offer e-mails with links when we ask for a reminder. So why should I click their link when they send it to re-set the password? Because you requested it from the compny. (If you’re worried and want to play it safe, skip the click and go straight to the browser. Google, Facebook and many others let you change your password at their .com addresses, by going to the account section and opting for a new password.)

Finally, it goes without saying, while we have your attention, that this is a great time to update your passwords with hacker proof collections of numbers, symbols, upper and lower-case letters. Stay away from hacker favorites like “password,” 123456″ or the name of your street.

Experts also recommend really long passwords like isleptunderabedoftunafishinhanaapepehawaiiinaugust2011, but those can be quite a chore to type in frequently. Password managers like Dashlane and 1password help you keep track of passwords.

By Jefferson Graham for usatoday.com | Photo: Pixabay mashup