As a cybersecurity writer, I talk a lot about good digital hygiene. However, I started to wonder how bad it really is for an unprotected user. So, I decided to run a crazy experiment. For one week, I would do everything wrong. I created a new online persona. Then, I intentionally made them an easy target. I wanted to see what would happen if I actually *tried* to get hacked. This is the story of that week. Ultimately, it is a real-world test of just how important good digital security really is.
The Experiment Setup: Creating My “Insecure” Persona
To start, I created a brand new email address. Let’s call my insecure persona “Alex.” I used this email to sign up for about 20 different services. This included a new social media account, a few online shopping sites, and several newsletters from sketchy-looking websites.
Here were the rules for Alex’s terrible digital security:
- Use a simple, common password (`Password123!`) for every single account.
- Disable 2-Factor Authentication (2FA) everywhere.
- Click on links in promotional emails without much thought.
- Use unsecured public Wi-Fi networks whenever possible.
In short, I was creating a digital version of a house with the doors and windows wide open.
Day 1-2: The First Phishing Attempts and Suspicious Logins
Things started happening quickly. In fact, by the end of the first day, Alex’s inbox was already full of spam. More importantly, the first real threats began to appear. I received a classic phishing email. It was supposedly from a shopping site I had signed up for, claiming a “suspicious login.”
Because I knew how to spot phishing, I could see all the red flags. These included the generic greeting, the weird sender address, and the urgent call to “verify my account.” As part of the experiment, I clicked the link on a secure machine. It took me to a perfect copy of the real login page, which was designed to steal my information. Later that night, a legitimate email arrived from the *actual* service. It notified me of a real login attempt from another country. Clearly, someone was already trying to use the password.
Day 3-4: The Dangers of Public Wi-Fi Without Protection
Next, I took Alex’s laptop to a coffee shop. There, I purposefully connected to the open, unsecured public Wi-Fi. As I detail in my guide to public Wi-Fi security, this is one of the riskiest things you can do.
While I could not see what was happening, the risk of an attack was huge. For instance, anyone else on that network could have been snooping on my activity. They could capture any data I sent. Browsing without a VPN in that environment felt like shouting my personal info in a crowded room. Ultimately, it was a stark reminder of our vulnerability when we choose convenience over digital security.
The Control Group: How My *Real* Accounts Stayed Safe
Throughout this experiment, my *real* personal and work accounts remained completely untouched. This was the most important part of the test. Indeed, my real accounts are a fortress of good digital security.
For example, every one of my accounts uses a long, unique password from my password manager. Furthermore, every critical service has 2-Factor Authentication (2FA) protection. So, even if a hacker found one of my real passwords on a site like Have I Been Pwned?, it would be useless. In the end, they would still need my phone to get in.
My Personal Take: The Real Feeling of Vulnerability vs. The Peace of Mind of Security
This experiment taught me something a textbook never could. It taught me the *feeling* of being vulnerable. For instance, operating as “Alex” for a week was stressful. Every email felt like a potential threat, and every login felt like a risk. Overall, it was a constant, low-level anxiety.
In contrast, my normal digital life feels calm and controlled. I do not worry about data breaches, because I know my passwords are unique. I also do not panic with login alerts, since I know my 2FA will protect me. This experiment made me realize that good digital security protects more than just data. Above all, it protects your peace of mind. That, to me, is priceless.
Conclusion: You Don’t Have to Be a Target
In conclusion, my week as an easy target was a success. I was targeted constantly. The experiment clearly showed that the threats are real, constant, and automated. Hackers are not always targeting *you* specifically. Instead, they are targeting the low-hanging fruit.
The most powerful lesson is that you have a choice. For instance, by practicing good digital security, you can make yourself a much harder target. This means using a password manager, enabling 2FA, and being skeptical. In the end, you do not have to be an expert to be safe. You just have to decide not to be the easiest target.
What’s the One Security Tip You’ll Implement Today?
After reading this, what is the one security step you are going to take to make yourself a harder target? Share it in the comments below!
