🔒 Protect yourself from spam, scams, and account theft. This page shows you how to spot phishing and scam messages and gives you practical steps to stay safe online. You don't need to be a tech expert — just follow the simple advice below.
Criminal hackers who break into systems illegally to steal data, money, or cause damage. They are the ones you need to protect yourself from.
Ethical hackers who use the same skills to find vulnerabilities, help victims, and expose criminals. They hack with permission and for good.
Somewhere in between. They hack without permission but not for malicious reasons — often to expose vulnerabilities. Legally grey, ethically complicated.
🎩 Types of Hackers
🔓 Most Common Hacking Techniques
The single most common attack vector — responsible for 82% of breaches involving a human element. Attackers send fake emails, SMS (smishing), or voice calls (vishing) impersonating trusted entities to steal credentials.
✅ Never click links in unexpected messages. Verify with the company directly.
The broadest category — viruses, trojans, worms, and RATs (Remote Access Trojans). Once installed, malware can steal data, provide remote control, or destroy systems. Often hidden in downloads and email attachments.
✅ Use antivirus software. Keep everything updated. Don't open suspicious attachments.
A fast-growing malware subtype. Attackers encrypt your files and demand payment. UK saw 47 confirmed ransomware victims in Q1 2026 — hospitals, schools, and businesses are prime targets.
✅ Backup files regularly (3-2-1 rule). Keep systems patched. Don't pay ransoms.
Psychological manipulation to trick people into giving away access or information. Includes vishing (phone scams), pretexting (fake scenarios), baiting (infected USB drives), and impersonation.
✅ Never share passwords or codes. Verify callers by hanging up and calling them back.
Inserting malicious SQL code into website input fields (login forms, search bars) to manipulate or dump backend databases. Extremely common against poorly secured websites and web apps.
✅ Websites should use parameterised queries. Users: use different passwords per site.
Automated guessing of passwords or using leaked credentials from one breach to try logging into other sites. Effective because most people reuse passwords across multiple services.
✅ Use a password manager. Enable 2FA. Never reuse passwords across sites.
Flooding a server with fake traffic using a botnet until it crashes. Common targets include gaming servers, banks, and political organisations. Can take websites offline for hours or days.
✅ Businesses: use DDoS protection (Cloudflare, AWS Shield). Individuals: use a VPN.
Intercepting communication between two parties. Often done via fake Wi-Fi networks or packet sniffing. Hackers steal logins, credit cards, and private messages in real time.
✅ Use a VPN on public Wi-Fi. Ensure websites use HTTPS (padlock icon in browser).
Injecting malicious scripts into trusted websites that execute in your browser. Can steal cookies, redirect you to fake pages, or capture keystrokes. Widely exploited in web app attacks.
✅ Keep your browser updated. Use browser extensions like NoScript. Sites should sanitise user input.
Attacks that target software vulnerabilities unknown to the vendor — meaning no patch exists. Used in high-value attacks by nation-states and advanced persistent threat (APT) groups. Extremely dangerous.
✅ Keep everything updated. Use endpoint protection. Zero-days are rare against individuals.
Keyloggers record every keystroke you type — capturing passwords, messages, and credit card numbers. Rootkits give hackers persistent remote control while hiding deep in your operating system.
✅ Use antivirus with real-time scanning. Don't download cracked software. Check running processes.
Stealing browser session cookies to authenticate as you without needing your password. Common on websites without proper SSL encryption. Once hijacked, the attacker becomes you on that site.
✅ Only visit HTTPS sites. Log out of accounts when finished. Use VPN on public Wi-Fi.
Hackers compromise a website that a specific target group visits frequently (industry forums, local news sites). They wait for victims to walk into the trap. Hard to detect — the site looks legitimate.
✅ Keep browser and plugins updated. Use endpoint security that detects malicious scripts.
Overlaying invisible elements on top of legitimate buttons to trick you into unintended clicks. You think you are clicking "Play" on a video, but you are actually clicking "Authorise payment". Common on piracy and torrent sites.
✅ Avoid suspicious websites. Keep browser updated. Use click-to-play for plugins.
Emerging attacks using AI to craft deepfake phishing content (fake voice calls, video messages), automate vulnerability scanning, and bypass traditional detection systems. The fastest-growing threat category.
✅ Agree a family code word for emergency calls. Be sceptical of urgent requests. Use AI-aware security tools.
Malware disguised as legitimate software. Once installed, it gives hackers remote access to your device. Often hidden in fake downloads, cracked software, or email attachments across many categories above.
✅ Only download from official sources. Be sceptical of "free" versions of paid software.
📡 Wi-Fi & Bluetooth Hacking
Hackers set up a fake Wi-Fi network that looks legitimate (e.g. "Cafe Free Wi-Fi" or "Airport Lounge"). When you connect, they can see all your traffic — passwords, messages, bank details.
✅ Always confirm the exact Wi-Fi name with staff. Use a VPN on any public network.
Hackers crack your home Wi-Fi password using brute force or exploiting WPA2 vulnerabilities. Once inside your network, they can access connected devices, steal data, or launch attacks from your IP.
✅ Use WPA3 if available. Set a strong 16+ character Wi-Fi password. Disable WPS.
Hackers use software (Wireshark, tcpdump) to capture unencrypted data flying through the air. Emails, passwords, and web traffic sent over HTTP can be read in plain text.
✅ Only visit HTTPS websites (padlock icon). Use a VPN to encrypt all traffic.
Hackers exploit Bluetooth to access devices within range (about 10m). Attacks include Bluejacking (sending unsolicited messages), Bluesnarfing (stealing contacts, photos, data), and Bluebugging (taking full control of your phone).
✅ Turn Bluetooth off when not in use. Set devices to non-discoverable mode. Don't accept unknown pairing requests.
Smart home devices (cameras, thermostats, doorbells, baby monitors) often have weak security. Hackers scan for vulnerable IoT devices and use them to spy, pivot into your network, or recruit them into botnets.
✅ Change default passwords on all smart devices. Keep firmware updated. Put IoT devices on a separate network.
Hackers send deauth packets to disconnect devices from your Wi-Fi network. When your device reconnects, the hacker can capture the handshake and attempt to crack your password. Also used in café Wi-Fi to force users onto fake networks.
✅ Use WPA3 encryption. Monitor your network for unknown devices via your router dashboard.
📶 Home Wi-Fi Security Checklist
📬 How to spot phishing and scam messages. Spam is how most cyber attacks start. Learn to recognise the warning signs and protect yourself from spam, scams, and account theft before it is too late.
📬 Most Common Spam Types
Spam is the most widespread cyber nuisance. Here are the most common types, ranked from most to least prevalent. Spam is not just annoying — it is the primary delivery method for malware, phishing, and scams.
Impersonating banks, HMRC, PayPal, etc. to steal logins. The #1 spam category. 3.4 billion phishing emails sent daily.
Unsolicited product promotions — weight loss, gambling, pharmaceuticals. Sent via compromised servers or botnets.
Faking the sender address to appear as a trusted contact or brand. The email looks like it came from someone you know — but it did not.
Classic "Nigerian prince" style schemes promising huge rewards for upfront payment. The payment is the scam.
"Get rich quick" or miracle health claims leading to malicious sites that steal data or infect devices.
Fake virus alerts pushing rogue antivirus or ransomware. They scare you into installing actual malware.
Forwarding-based manipulation. Less malicious, but still pervasive. Often used to harvest active email addresses.
Scam calls impersonating HMRC, your bank, or tech support. UK vishing up 62% in 2026.
Text-based phishing. Surged massively with fake parcel delivery scams (DPD, Royal Mail, Evri). Forward to 7726.
Unsolicited adult content used as a hook for malware or blackmail. Never interact with unexpected adult material.
📬 How to Protect Yourself From Spam
🛡 How to Protect Yourself — Essential Checklist
Use a password manager (Bitwarden, 1Password, Apple Keychain). Each account gets a unique, random password — at least 12 characters.
Two-factor authentication stops 99.9% of account takeovers. Use an authenticator app (Google Authenticator, Authy) — not SMS if you can avoid it.
Hackers exploit known vulnerabilities. Enable automatic updates on your phone, laptop, router, and apps. Patch Tuesday exists for a reason.
Check sender addresses. Hover over links before clicking. Banks never ask for your password by email or text. When in doubt, call the company directly.
Public Wi-Fi in cafes, hotels, and airports is not secure. A VPN encrypts your internet traffic so hackers on the same network cannot see what you are doing.
Use the 3-2-1 rule: 3 copies of data, 2 different media types, 1 offsite. This protects against ransomware, hardware failure, and theft.
👊 Want to Learn Ethical Hacking?
Ethical hacking is a legitimate, in-demand career. White hat hackers earn £40k-£120k in the UK and help protect people from the same attacks explained on this page.
Start with free resources: Hack The Box, TryHackMe, SANS, or read our White Hats page to learn how ethical hackers fight back against scammers.