Would you respond to an email from a friend that's desperately in need of your help?
It's human instinct to say 'yes', but experts have warned that's not the smart answer - as it could end up costing you thousands - for a very good reason.
According to security body McAfee, more than a third of Brits have received an email from a 'friend' in the past year, which they later found out to be fraudulent.
A quarter either included a link to an illegitimate deal or asked for money to be transferred to a bank account. Such attempts are known as phishing - the art of posing as someone else for criminal gain.
In most cases, the fraudsters will use social media to gather email addresses to target, they'll use open profiles to obtain personal details, such as names and occupations - which can later be used to convince the recipient they are who they claim to be.
"Social media profiles offer a huge amount of information that cybercriminals can use to personalise their attacks when impersonating a friend or family member over email", a McAfee spokesman told Mirror Money.
In other cases, they'll obtain data through widespread hacks such as those of Tesco Bank, Three and Wonga.
Lorna Gill from Wolverhampton, was tricked out of £5,000 after criminals posed as her best friend last summer - and claimed she was stranded abroad.
"I'm a retired teacher and I received an email from what I thought was an ex-colleague and good friend.
"It said that her bag had been stolen and she was stuck at a teaching conference in Europe and that she had no way of getting home. As the email asked, I went straight to a Western Union and transferred £2,000 to help get her home and cover hotel costs.
"When I got home, there was an email thanking me for helping her in such a tough situation, but that the amount I'd sent wasn't enough and she needed more. I would do anything to help my friends and I didn't think twice about sending more money.
"When I didn't hear back from her the next day I gave her a call. To my complete horror, she knew nothing about this.
"These criminals manipulated me into believing she was stuck in a distressing situation. I am convinced they used social media to work out how close we were and identify that our connection was through teaching."
The money was untraceable, meaning Lorna's bank were unable to track down the funds - leaving her permanently out of pocket.
Nick Viney, McAfee security expert, said: "We discovered one new cyber-threat every three seconds in the fourth quarter of 2016.
"Famous attacks on Wonga and Three, for example, led to hundreds of thousands of people's personal information being stolen. This means Brits' addresses are readily available within cybercriminal circles.
"Cybercriminals can also use the information available on social media to build convincing stories as to why friends and family members are asking for money.
"It's always a good idea to reach out to the friend in question via a different method of communication to ensure it's a legitimate request."
McAfee's tips to stay secure online
Verify requests for money: Always double check that requests you receive via email or SMS are legitimate. People often like to think they'd do anything for friends with no questions asked but this is no longer a sensible option. Verify through another form of communication and only transfer if you are 100% confident that you are genuinely helping a friend in need and not lining the pockets of cybercriminals.
Update your devices: The first line of defense for your devices is you, so it's important to take a few precautions to stay safe. Make sure your devices' operating system and applications are kept updated. Using old versions of software could leave you open to potential security vulnerabilities.
Go straight to the source : If you receive a suspicious email, containing a link or attachment you didn't request from someone you know, a good rule of thumb is to go directly to the person through a communications channel other than that email.
Always check for legitimacy first : If an email includes a link, hover over it and see if it's going to a reliable URL. Or, if you're unsure about an email's content or the source it came from, do a quick Google search and look for other examples of other people being victims of this sort of attack, and what those instances could tell you about the email's legitimacy.
Stay educated: Make sure you stay clued in on what cyber threats are emerging from the news and cyber security firms and how you can protect yourself from them.
Password detox: Passwords are the keys to our digital lives; a biometric password manager is the ideal solution to storing them all. However, if you want to stick to the traditional method of memory you have to ensure your logins are unbreakable. Make sure you create strong and unique passwords to keep unwanted people out by including numbers, symbols, upper and lower case and always update your password across all accounts at least a few times a year. If you're having problems remembering passwords, try creating an acronym for a phrase that's meaningful to you, for example 'my hamster is called Sophie' might become 'MH1sCs0p'. Simple and difficult to forget but a hard one to crack.
Check if you've been hacked: There is one way to check if your account has been compromised. Enter your details into Have I been Pwned and it'll you a full list of any breaches that have exposed your personal details. If you have been hit, change your password.