There are countless methods that bad actors can use to gain access to your computer, and their objectives can vary, but here are some of the ones I've seen most often in my work. This is different from viruses, in that humans are trying to get you to do something to gain them access or information, instead of a computer program.
Method one: Pop-ups
Often, these will present themselves as notifications that your computer is infected or something else is wrong. It'll give you a phone number to call to fix the problem. Don't call this number and if there's an X to close it, click that.
Method two: Phone Calls
A very common method these days is using phone calls to practice scaring users into letting the attacker in. You'll receive a call from someone claiming to be from Microsoft or other authority. They'll claim that your computer is infected, unlicensed, or some other lie to keep you on the phone. Once they've convinced you, they'll request that you let them remotely control your computer so they can fix it, or maybe just jump ahead to asking for money (depending on their goal). To protect yourself from these calls, simple hang up on them. Microsoft will NEVER call you about your computer. Nobody else will either, for that matter. They can't tell that your computer is infected.
What they have in common:
In either of these two methods, the attacker will start with the broadest assumptions and try to narrow things down to target you. It's similar to how fortune tellers work. For example, when you receive one of these calls it has nothing at all to do with you. They have a list of phone numbers and they're working down it. When they call hundreds of phone numbers in a day, chances are that Windows users will make up the largest group, so they start with that assumption. I once received a call at a beach condo informing me that a computer on the premises was infected (there was no computer). These people are casting wide nets and then narrowing from there.
In general, two things make these attackers happy: credit card info or access to your computer. As long as you don't give them either of these things you'll be ok.
If you do give them access to your computer, they use a few tricks to get you to give them what they want. The worst of these is to lock up your computer so badly that they'll hold it ransom until you pay them a large sum of money (anywhere from $500 to $1000). But a more common practice is to try and put you on a virus cleanup and protection plan. They'll scan your computer once for a few hundred dollars, and charge you a couple hundred a year for virus protection. Their method for proving your computer is infected is one of my favorite tactics. They'll often show you this:
That's called the Windows Event Viewer. It tracks thousands of things on your computer and can be a useful tool for figuring out problems with your computer. What the attacker doesn't tell you is that you can make the Event Viewer look like this on EVERY WINDOWS COMPUTER. The shot above is actually my own desktop that I'm writing this post on. Sure, errors come up every now and then, but usually they're not something serious, and they almost never give evidence of a virus infection. But the person on the other end of the phone will use this information to show you that your computer needs help.
Again, the easiest solution for these attacks are to not give them anything at all. You have all the control. If you ever receive a phone call about your computer, ignore it entirely. If you see a popup on your computer, the only thing that indicates is that you could potentially have adware on your system that needs to be cleaned off (in which case give me a call).
There are other ways for attackers to gain control of your system, mostly through viruses and other attacks that don't rely on social engineering. Again, having antivirus installed and being safe about web browsing and emails can help this tremendously.