You click open an email sent to you from someone you know … except that there’s an odd salutation (Hello Dear Friend!), which then devolves into a weird, high-pressure sales pitch: “You must check out this great deal I got on laptops, click here right now!” Um, wait, who and what is this?

You quickly realize that said person would never write so awkwardly. Not to mention write excitedly about a good laptop deal, a promotional cruise line or the weight loss supplements that Britney Spears uses. What’s going on? They’ve been hacked, and now their email account is spewing fake, come-on scam emails far and wide, almost certainly without their knowledge.

While you’re feeling badly about their digital invasion, you might consider this very real possibility: It can happen to you, too. In fact, the risks are enormous.

Related: The High Price of Using Free Wi-Fi

A hacker who has cracked your password can lock you out of your own email account, for instance, just by changing the password. Once in control, it’s pretty easy to reset bank and social media passwords, confirming the password changes via your compromised email account. Now you have much bigger problems than friends checking in to make sure you don’t really need money wired to Nigeria.

You might also wind up with social media updates posted to your page that you did not make. Tip: If you hear on the news that millions of accounts managed by your email service have been exposed to hackers, it’s good practice to assume yours is at risk, too, even if nothing strange has happened yet.

RelatedHow to Lock Down Your Home Internet

Pretty certain you’ve been hacked (or might be in the near future)? Here’s what to do about it.

1. Move fast to regain control

If you still can, immediately change your password on the compromised account and, just as quickly, on all of your financial accounts. Banks are getting better about requiring two-factor authentication, such as sending you a text if a password change request is made, but not all institutions are up to this level of security.

2. Tell your friends

Immediately inform your contacts via your email and social media that your account has been compromised. You can even write “I’VE BEEN HACKED” in the subject line to alert them to avoid clicking on any spurious emails sent in your name.

3. Contact your bank and credit cards

If you fear that your account has been compromised severely — your credit card company calls to you to ask if you really are seeking a loan or you’re blocked out of your account, for example — go ahead and call your bank to explain your concern. Notify any other credit card company you use, as well as a retirement account rep. They can freeze your accounts in an instant.

Note: Always call a known number (from a statement or the back of physical card) and never a phone number emailed to you. Hackers sometimes “phish” for the unwary by sending official-looking emails that purport to be from your bank, hoping to trick you into a risky click. Your bank will never ask you to confirm data by email or ask you to call a phone number sent by email.

4. Clean your machine, stat!

Install or update your antivirus software and malware blocking programs and make sure your firewall is activated. Updating software is important, since the newest viruses often are not recognized if your software is not updated frequently. If you think something more complex is going on, disconnect your machine from the Internet and seek professional help.

5. Avoid future trouble

Be wary of repeating your passwords. Using the same usernames is a risk, too. Once a hacker has your main credentials, all of your online life is at risk.

Consider stepping up safety protocols. Use a VPN on the road, make sure your router is secure and always keep your browser software updated to the latest version. Software makers constantly patch holes in their products, but that doesn’t matter if you browser hasn’t been allowed to update itself in several years.

Greg writes about personal finance, business and technology. His work has appeared in Businessweek, Newsweek, Forbes, Bankrate and a variety of trade ​publications.