The reality of most data breaches and hacking events is far less sophisticated than you might think. Thanks to some simple tools that can be found online, everyone from an international cybercrime ring to a person living up the street could be stealing information.

One of the low-tech ways to pull off a breach of some kind is through internet account takeover, typically of social media accounts. By guessing your password—either through software that helps crack it or actual trial-and-error guessing of your weak password—someone logs into your account and gets to work.

Why would someone want to pretend to be you? It could be intentional, in an effort to humiliate or harm you. More often than not, it’s an attempt to spam your contacts’ list with cheesy offers, viruses or malware, or fraudulent requests for money.

However, there’s another method of social media takeover, and that’s the spoofing of accounts with a similar but fake name. In that case, the scammer creates a brand-new Facebook profile, only instead of calling it Irene Davis, it’s lrene Davis. Can you spot the difference? The capital I in the legitimate Irene account has been replaced with a lowercase L in the fake account. The new lrene Davis account begins sending friend requests to all the people listed in Irene’s genuine account, and those people happily accept the request, wondering how they accidentally lost their connection to someone they know.

This account takeover can happen to individuals, but it’s especially rampant for businesses of every size. PayPal can easily be spoofed as PayPaI, and Google is often duped as G00GLE. Sometimes hackers do it for kicks, just to have some fun at the company’s expense, but other times there are intentional efforts to damage a company’s reputation and its relationship with its customers, as well as trick you into handing over your information.

One very serious version of social media takeover that users must be careful of is the spoofing of accounts that pretend to be from news sources. Not only have users created fake social media profiles intended to mask legitimate, respectable news outlets for the purpose of spreading false information—such as an article speaking out against a political candidate or public office holder that looks like it comes from a major news channel—but they can also spread scams, viruses, and malware by getting you to click on something that resembles a fantastic offer from a high-dollar beauty product company, a weight loss product, and more.

It’s important to protect yourself from fake social media accounts, or from accounts that have been taken over. If you suddenly get a friend request on Facebook from someone you’ve been connected with for years, don’t accept it. Contact your friend immediately through another channel and let her know. She can report the account to Facebook—or the customer support division for whatever social media website it happens to be—and ask that it be taken down.

Depending on the social media platform, major businesses or brands will not solicit connections by reaching out to you without a reason, so be very careful of connecting with brand names or seemingly high-profile accounts (is there some reason Kim Kardashian is now following you on Twitter? if not, it’s probably not her) that suddenly want your attention.

Finally, remember to be very wary of “click bait,” whether it’s in the form of a strange news headline or a message you receive. Vaguely misleading wording like, “You won’t believe this picture I found of you!” or “Kanye West Says It’s Finally Over!” could be luring you into clicking on malicious links or downloading viruses to your computer.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.