I just participated in a live web meeting with the author of this book
https://www.amazon.com/Social-Engine.../dp/111943338X
He went through the four current vectors of hacking
phishing -> by email, old technology
SMishing -> by text message
Vishing -> by voice phone call spoofing
Impersonation -> dressing up and playing the part.
First, he claimed to have sent out over 91 M phishing emails in his hacking career
He recorded one of his live demonstations on unsuspecting targets, where he planted a remote access back door into a client's computer with the client on the phone.
His only recommendation is to use a cloud based password manager, with two factor authentication. that will save you when you are in a hurry, stressed, and forget to ignore the security rules you have in place. . . and the vault can be linked across multiple platforms. . . keepass, 1password are best from a researched point of view.
most SMishing text will take you to a fake webpage where you enter your information which the thief wants to harvest, and then when you hit enter, it takes you to the real page, as if nothing happened, other than you gave the hackers your information.
The optimal password is long, such as a sentence, you can easily remember, including capitals and numbers and special characters . . his sample was "On Oct 20 i gave a presentation to SECO Electric Company!"
Also, saving a password file in the icloud or google cloud is also not secure, as the recent case just settled in Tampa. . if your account info is phished, same with paris hilton, who used real answers to security questions, got hacked.
Man accused of hacking, selling login credentials of Tampa Bay residents, others
good luck
IT guy