Cybercrime is one of the fastest-growing threats of the modern age. With over 2,200 attacks reported every day worldwide — one every 39 seconds — the question is no longer whether you might be targeted, but when. Yet despite the scale of the problem, many people remain unaware of how these attacks work or what they can do to protect themselves.

This guide breaks down the three main categories of cyberattack that most people are likely to encounter: Social Engineering, Hacking, and Malware. For each, we explain what it is, how to spot it, and what to do if you fall victim. Whether you are a complete beginner or just looking to brush up on your digital safety, this guide is designed to give you practical, actionable knowledge you can use straight away.

 Social Engineering

Social engineering is the most frequently encountered form of cyberattack faced by everyday people. In short, it is the process of tricking people into revealing confidential or personal information that can be used for criminal purposes. For example, if you receive a phone call from someone claiming to be from O2 telling you that you owe them money, or an email telling you that you have won a prize, it is a form of social engineering. It can even be someone claiming to be a loved one asking for money. The idea is that you receive the message and are encouraged to engage with it — for example, you may be asked to click onto a site and enter your login details or send money to a certain bank account.

You may be wondering how attackers get your information in the first place. Typically, it comes from data breaches (where a company gets hacked and its private data becomes public), social media scraping, public records, or data brokers — companies that compile personal data and sell it on.

Signs of a potential social engineering attack

  • Urgent or threatening language. Phrases like "your account will be closed if you don't act now" are designed to pressure you into responding quickly, bypassing your better judgment. Legitimate organisations rarely operate this way.
  • Suspicious sender details. Someone claiming to be from Apple is unlikely to have an email address like SteveD.Apple@gmail.com. Always check the actual sender address, not just the display name.
  • Strange requests. If someone claiming to be from Amazon is asking for a follow-up payment, that's a red flag — reputable companies have established payment processes and won't contact you this way out of the blue.
  • Poor grammar or unusual attachments. Many social engineering messages contain spelling mistakes, awkward phrasing, or unexpected links and file attachments. Be cautious before clicking anything.
  • It seems too good to be true. If you have won a competition you never entered, or someone is offering you something for nothing, trust your instincts.
 You can check whether your email address has appeared in a known data breach at haveibeenpwned.com — a free and reputable tool worth bookmarking.

If you become a victim of social engineering

  • Change your passwords immediately for any accounts whose details you shared, and enable Multi-Factor Authentication (MFA) where possible.
  • Run a malware scan if you downloaded any files during the interaction.
  • Report the incident to your local police, as well as any relevant organisations such as your bank, workplace, or social media platforms, so they can freeze or monitor your accounts.
  • Warn your contacts if your account was accessed — if the attacker sends messages pretending to be you, your friends and family will know not to respond.
  • Monitor your accounts for any suspicious activity in the weeks that follow and stay cautious going forward.
 For further reading, see CrowdStrike's overview of types of social engineering attacks.

 Hacking

Hacking is the act of gaining unauthorised access to data in a system or computer. The classic example is a cybercriminal who exploits vulnerabilities in a system's security to break in and steal data or damage the system. The purpose is typically to steal something, break or alter the system, use system resources, or to spy on someone. The motivations of hackers range from financial gain and espionage to computer-based activism and personal vendettas.

Common forms of hacking

  • Data Exfiltration — covertly transferring stolen data out of a computer system.
  • DoS (Denial of Service) — overwhelming a system with traffic to make it unavailable.
  • Brute Force — systematically trying every password combination until one works.
  • Privilege Escalation — gaining higher-level access than initially obtained within a system.
  • Packet Sniffing — capturing data travelling across a network to extract sensitive information.

Signs your account or device has been hacked

  • Account Lockouts: You cannot log in with your correct password.
  • Financial Fraud: Unrecognised charges appearing on your bank statements.
  • System Slowdown: Your computer or phone performance drops dramatically.
  • Unusual Activity: Password resets, new app connections, or suspicious logins in your account history (e.g. Google, Facebook).
  • Disabled Security: Anti-virus or firewall software has been turned off without your doing.
  • Unwanted Pop-ups: Persistent ads appearing outside of web browsers.
  • Unwanted Applications: Apps you have not downloaded appear on your device.
  • Contact from the hacker: In some instances, the hacker may contact you themselves to brag or demand payment to remove damage or prevent further attacks.

What to do if you get hacked

  • Change your passwords for the impacted accounts and any other accounts that share the same password.
  • Log out of all sessions and devices using the relevant account security feature to remove the hacker's active access.
  • Secure your email account, as this is often the gateway to resetting other accounts and should be treated as a priority.
  • Enable Multi-Factor Authentication (MFA) on sensitive accounts to prevent further unauthorised access.
  • Update your security systems and run a full system scan to check for any malware that may have been installed.
  • Contact your bank to lock or monitor your financial accounts if any payment details may have been compromised.
  • Alert your contacts so they are aware that any suspicious messages appearing to come from you should be ignored.
  • Report the crime to your local police and any relevant platforms or organisations involved.
  • Consider a factory reset if the hack is severe — back up your essential personal files first, then perform a full reset of the affected device.

 Malware

Malware (short for malicious software) is a catch-all term for any program designed to disrupt, damage, or gain unauthorised access to computer systems, networks, or devices. It causes disruption, interferes with the device's security and privacy, steals personal data, displays unwanted ads, or hijacks systems for financial gain. That data can range from financial records to healthcare information, personal emails, and passwords.

Malware is generally installed without the user's knowledge — typically via clicking on dodgy links or downloading files and software from untrusted sources. Hackers can even send unsolicited malicious files or links via Bluetooth if a device's settings aren't secure enough.

Types of malware

  • Ransomware: Encrypts files, rendering them inaccessible until a ransom is paid.
  • Trojans (Trojan Horses): Disguise themselves as legitimate software to deceive users into installing them, often creating backdoors for attackers.
  • Spyware: Secretly monitors user activity and collects personal information (e.g. passwords, credit card numbers).
  • Viruses: Programs that attach to legitimate files and replicate themselves to spread across systems.
  • Worms: Standalone software that self-replicates and spreads across networks without needing a host program.
  • Adware: Automatically renders unwanted advertisements, often tracking browsing behaviour to display targeted ads.
  • Remote Access Trojans (RATs): Specialised Trojans that give attackers full control over a device.

Signs your device may be infected

  • Performance Issues: Your device becomes unusually slow, freezes frequently, or experiences system crashes (blue screen).
  • Unwanted Pop-ups and Ads: An increase in advertisements, especially those appearing outside of web browsers or while offline.
  • Browser Changes: Your browser homepage, default search engine, or installed extensions change without your permission.
  • Suspicious Activity: Security software fails to open or is disabled, and new, unrecognised programs appear in your applications list.
  • Rapid File/Storage Loss: A sudden, inexplicable decrease in available hard drive space.
  • High Network Usage: Your computer's fan runs constantly, or you notice unexpectedly high internet usage (potential botnet activity).

How to respond to a malware infection

  • Disconnect from the Internet: Pull the Ethernet cable or turn off Wi-Fi immediately to prevent the malware from sending data to hackers or downloading more threats.
  • Enter Safe Mode: Boot your computer in Safe Mode to prevent malicious software from launching automatically.
  • Stop Financial Transactions: Do not log into banking, shopping, or email accounts until the device is clean.
  • Run Antivirus Software: Use pre-installed security software or reputable tools like Malwarebytes or Norton to scan for and remove threats.
  • Delete Temporary Files: Clear your temporary files (using Disk Cleanup on Windows), as malware often hides there.
  • Check Browser Extensions: Remove any unknown or suspicious extensions in your browser settings.
  • Change Passwords: Change passwords for all online accounts (banking, email, social media) from a different, uninfected device.
  • Update Software: Ensure your operating system and applications are fully updated to patch security holes.
  • Android Devices: Check for unauthorised apps in settings, run Google Play Protect, and consider a factory reset if necessary.
  • If All Else Fails: Back up essential personal files (not programs) and perform a complete reinstallation of your operating system or a factory reset.

 Preventing Attacks

While no defence is foolproof, the majority of successful cyberattacks exploit basic security weaknesses that are relatively easy to address. The following habits go a long way towards keeping you protected:

  • Use strong, unique passwords for every account and store them securely using a reputable password manager such as Bitwarden or 1Password. Never reuse passwords across multiple sites.
  • Enable Multi-Factor Authentication (MFA) wherever it is available. This adds a second layer of verification, meaning that even if your password is stolen, your account remains protected.
  • Keep your software and devices updated. Security patches are regularly released to fix known vulnerabilities. Delaying updates leaves those gaps open for attackers to exploit.
  • Be cautious with links and attachments. If you were not expecting an email or message, do not click links or open attachments without verifying the sender first.
  • Use reputable security software. A good antivirus or endpoint protection tool — such as Malwarebytes, Norton, or Windows Defender — provides an important safety net.
  • Back up your data regularly. Store backups in at least two places (e.g. an external hard drive and a cloud service). This is especially important as a defence against ransomware.
  • Secure your network. Use a strong, unique Wi-Fi password, keep your router firmware updated, and consider using a VPN when on public networks.
  • Stay informed. Cyber threats evolve constantly. Following organisations like the UK's National Cyber Security Centre (NCSC) at ncsc.gov.uk is a good way to keep up with emerging risks and advice.

 Closing Summary

Cyberattacks are a reality of modern life, but being a victim is far from inevitable. Social engineering preys on trust and urgency; hacking exploits technical weaknesses; and malware silently undermines the security of your devices. Each poses a real threat — but each also has clear warning signs and effective countermeasures.

The most important takeaway is that good cybersecurity does not require technical expertise. It requires awareness, a few strong habits, and a healthy scepticism towards anything that seems unexpected or too good to be true. By understanding how these attacks work and knowing what to do when something feels off, you put yourself in a far stronger position than the vast majority of potential targets.

 Stay alert, stay updated, and don't be afraid to question what lands in your inbox.