Phishing is a targeted method of infecting someone with malware or a trojan. This type of attack is getting more and more frequent. Especially for business users who deal with financial information. Another type of malware spreading fast is ransomware. When you get infected, the entire computer or your key data directories are all encrypted. The only way to get your data back is to pay a ransom to an anonymous hacker. While some of these attacks can be difficult to avoid, the most basic versions can be mitigated by a set of best practices:
The most common way to spread malware of any sort is a link. The user needs to click the link and will then be taken to a page which loads the malware onto the phone or computer.
Too many end users give themselves admin access to install applications. The best practice here is to give a separate account admin rights and then use that account when you need to install an application of make system level changes. The windows UAC is helpful in this regard but is also too often switched off.
It is a good practice to also have a virus scanner like Windows Defender running and updated. Protect yourself from malware that we know about.
Always keep the computer up to date. Whenever updates are available, install them. A lot of flaws are detected and fixed and by keeping your computer updated, a lot of the readily available tools online will be negated.