One of my mistakes when I was a newbie and didn't care too much about my privacy is using my main email to register on different platforms. I even used the same password 
It is something that many still practice today, one e-mail and only one password on all sites. And what the bad guys realized a long time ago is that there is a very simple way to hack someone's e-mail account. They simply create eye-pleasing pages where they organize some giveaways/competitions, and all you have to do is register with your e-mail. In case the user uses the same password, the hacker invisibly logs in to the victim's e-mail and tries to do as much damage as possible in the shortest possible time. If there is no 2FA or other way to fix it, the hacker gets full control over the email and all other services related to it.
If people bother check sender's email address and domain of the link in the email, they could avoid most scam/spam email.
Just to learn not to click on links that look suspicious, or at least to copy and analyze them on pages like virustotal before clicking on them.