Recently, a new kind of loophole was discovered in Android that let hackers take over a smartphone with just a physical tap. It abused a bug in the OS's NFC file sharing technology, Android Beam. It's already been fixed by Google, so you need to update right now.
Now this is just a long line of ways hackers can take control of your device, or worse. In some cases, there's nothing you can do to stop it without knowing the dangers. But in most cases, there are simple precautions you can take to keep yourself safe from hacks.
This should be fairly obvious, but we can be too trusting sometimes. It's very easily possible to install an app on a person's phone and then hide it from their sight. So not just with acquaintances, worry about when you're getting your phone repaired too. If it's not with a dedicated customer care center, try to stick around as your phone is being repaired, hopefully with eyes on it. And check it out later for any suspicious apps or programs running in the background.
This again goes without saying. Your device's automatic updates should be turned on, because these frequently contain critical bugfixes and security patches. And if you read about a hack discovered in the wild, it's being announced because companies have been given a chance to fix the flaw, so you should scan for any available updates manually.
Messages and emails are the most-often used tactic for phishing scams. Hackers basically try to entice you into clicking on a link in a message by indicating it's important to you for some reason. They could be pretending to be from your bank, the Income Tax department, a contest you won, etc.?
This one involves a little bit of critical thinking on your part. When you receive a text from a friend that seems odd, restrain yourself from immediately clicking any links in the message. They might not really be from the person on the other end of that handle
For instance, one common phishing scam that's been doing the rounds for years involves a victim getting a message from a contact on Facebook Messenger, saying that someone has uploaded vulgar/compromising photos of them online, complete with a link to it. When you click the link, it requires that you sign in to Facebook to access the photos. This isn't really a Facebook interface, it's just a way to get you to hand over your social media details. Then your account can be further used to propagate the scam, and so on.
For those a little bit tech savvy, you probably know it's common sense to peruse the text in a URL before you click on it. You're stuck however if it's been shortened using an online tool. In that case though, there are other similar tools online you can use to expand the URL, and even check it for reports of malware and the like. Though there are a few options online, even Google has one of its own right here.
A good rule of thumb is, if there isn't a good reason for a website to require you to log into your social media, you probably shouldn't. Similarly, always use different passwords for different sites, no matter how hard it may be to remember them. That way one password compromised doesn't mean all of your online identity is up for grabs
And please for the love of god, don't use passwords like 123456. They're harming you more than helping. Try instead picking a phrase that's nonsensical but memorable to you, like purpleponiespuking. It's a lot harder to crack, especially where brute force attacks are concerned.