Use a unique password for every online internet site that you register
to.
A password wallet makes it easy to securely store and access these passwords.
Securely backup that eWallet.
Never provide to any online site information relating to your personal
identification. (think about the security questions you are asked
by phone to validate your account).
This includes your birthdate, phone number, specifics of your
residential address, etc.
Create a "online" birth date consisting of your true birth year, but
with different month and day using something memorable to you.
When a site asks for security questions and answer pairs, create unique
answers and save the pair in your eWallet.
For example, if the security question was the city you were born in and the
true answer was "Philadelphia PA", you might answer "OrlandoFL".
Never use true information that someone could lookup and use to guess.
Cell phones are frequently used for identity authorization.
As you know by the number of spam calls you receive, your cell number can be simulated (spoofed) by hackers.
Therefore, you should severely limit the exposure of your phone number to anyone except trusted people and secure organizations. Consider getting a free Google phone number for public exposure. You can then have text messages and calls forwarded from your Google phone number to your cell phone number without exposing directly your cell phone number.
Before installing any "App" on your phone, carefully review the "permissions"
the phone will require (look carefully and you will find them).
Never install an App that requires excessive permissions.
That flashlight app doesn't need to read your contacts or the storage on
your device. These apps are often free because your personal
data is read by these apps and sold.
Don't answer phone calls from people you don't know (not in your phone
contact list). If someone has a ligament reason to speak to you,
they will leave a message. NEVER call anyone back based on the number
reported on the cell phone - use your phone contacts to lookup the number
(so that you don't accidentally call a fake number).
Assume every email, text message, social media contact, and phone call
is suspicious and dangerous until you have made your own independent data
that proves otherwise.