Threat center

Phishing is the most common cyberattack. Attackers impersonate trusted brands — banks, Google, PayPal — to trick you into entering your password or clicking a malicious link that installs malware. Spear-phishing targets you specifically using personal data.

• Check the sender domain exactly — one letter can differ
• Hover over links before clicking to reveal the real URL
• Never enter passwords via an email link — navigate directly to the site
• Report phishing emails to your email provider

Ransomware locks you out of your own files and demands cryptocurrency payment to restore access. It spreads via email attachments, malicious downloads, and unpatched software vulnerabilities. Organisations lose millions of dollars per incident.

• Maintain regular offline or cloud backups — the 3-2-1 rule
• Never open email attachments from unknown senders
• Patch your OS and all software promptly
• Use endpoint protection software with behavior monitoring

On public Wi-Fi, an attacker can position themselves between you and the internet — silently reading passwords, session cookies, and personal data if the connection is unencrypted. Coffee shops and hotels are common attack locations.

• Always use a VPN on public or untrusted Wi-Fi
• Only visit HTTPS sites — look for the padlock in your browser
• Enable HTTPS-Only mode in your browser settings
• Avoid banking or logging into sensitive accounts on public networks

Data brokers scrape and sell your name, address, phone number, income estimate, and browsing habits. This data fuels spam, scams, identity theft, and highly targeted phishing campaigns — and most people have no idea it is happening.

• Use a removal service like DeleteMe or Incogni to opt out at scale
• Use email aliases so your real address never reaches data brokers
• Regularly Google your own name to find exposed profiles
• Opt out via Google's "Results about you" tool

Social engineers exploit trust rather than technology — impersonating IT staff, executives, or known contacts to trick people into revealing credentials, sending money, or granting system access. Urgency and authority are the main psychological levers.

• Verify unexpected requests through a separate, trusted channel
• Never share passwords or 2FA codes — legitimate staff never ask
• Be especially skeptical of any "urgent" or "act now" pressure
• Report suspicious requests to your security team immediately

Stalkerware and spyware run invisibly in the background, logging keystrokes, reading messages, and tracking GPS location. They are often installed by someone with physical access to your device. Victims are frequently unaware for months.

• Audit installed apps regularly — investigate any you don't recognise
• Check for unusual battery drain or data usage as warning signs
• Use a mobile security scanner like Malwarebytes
• Factory reset your device if you have strong reason to suspect compromise

When any service is breached, attackers dump the credentials and automatically try them across hundreds of other websites. If you reuse passwords, a breach on one site hands attackers access to all your accounts that share the same password.

• Use a unique password for every single account
• Check if you've been breached at haveibeenpwned.com
• Enable login alerts on all important accounts
• A password manager makes unique passwords effortless

Cracked software, pirated games, and unofficial app stores are loaded with trojans, cryptominers, and keyloggers. Attackers also poison search ads to push malicious downloads for popular tools. Even legitimate-looking installers can be compromised.

• Only download software from official sites or your device's app store
• Verify software checksums (SHA-256) when provided by the developer
• Never run software from pop-up ads or unexpected search results
• Scan downloaded files with VirusTotal before opening