In recent weeks we have shared information with you about data breaches and identity theft; this article is intended to provide a general understanding of two additional forms of cyber crime—malware and phishing. It will give you tips on how to protect yourself and what to do if you become a victim of a scam.
Malware is short for “malicious software.” Malicious software is any software that gives partial to full control of your computer to the malware creator; once they have control, the creator can do virtually anything they like within your computer.
Malware can come in a variety of forms, including the following:
- Malware can be a virus, worm, or a Trojan horse, all of which seek to infect and spread throughout your and others’ systems to create more havoc.
- Malware can also be adware or spyware which generally seeks to embed itself into your computer subtly in order to watch what the user does, compile data on the user and, ultimately, act upon that data.
- Malware may also be in the form of root kits, which seek to give full access of your machine to the attacker to do what they want.
So, how can your computer become infected? Most malware requires the user to initiate its operation. Some ways of attack include attachments in emails, browsing a malicious website that installs its program after the user clicks on a pop-up, or from vulnerabilities in your computer’s operating system or its programs.
How to protect yourself
- Make sure your computer’s operating system and any programs you use are up to date with patches/updates.
- Don’t click suspicious links in email messages—even if they appear to be from a friend or family member. If a link seems odd or you feel that the message is unusual or out of context, contact the sender and ask if their message is legitimate.
- Watch what you click and install when browsing the Internet. Make sure to read through the End User License Agreement.
- Avoid websites that offer free software—especially free antivirus software.
- Install anti-virus, anti-spyware and anti-adware software. Scan and update on a regular basis and make sure you purchase software that will remove and prevent future adware and spyware.
- Keep your firewall turned on.
Phishing refers to the process where a targeted individual is contacted via email or telephone by someone posing as a legitimate institution to lure the individual into providing sensitive information such as banking information, credit card details, and/or passwords. The personal information is then used to access the individual’s account and can result in financial loss. Legally, phishing generally is correlated to identity theft and considered a cyber crime.
Types of Phishing Emails
- Luring emails – these often include lucrative offers and eye-catching statements.
- Urgent emails – this tactic entices you to act fast in order to receive a limited time offer.
- Links to another website – this is when an email contains a link that appears to be for a familiar organization, but once you click on the link you are directed to a website that looks similar, but not quite the same as the official website.
- Spear phishing – this is an email that appears to be from an individual or business that you know. The spear phisher thrives on familiarity. They know your name, your email address, and at least a little bit about you. The salutation on the email message is likely to be personalized and make reference to a mutual friend.
To prevent these phishing schemes from happening review your social media presence for private information, maintain strong passwords and change them regularly, and verify any suspicious emails with the sender.
How to Report an Issue
- If you receive a suspicious phishing email forward the email as-is to firstname.lastname@example.org
- If you receive an email you suspect contains malicious code or a malicious attachment and you have clicked on the link or downloaded the attachment, visit http://www.onguardonline.gov/
- If you receive an email you suspect contains malicious code or a malicious attachment and you have not clicked on the link or downloaded the attachment, forward the email to your internet service provider’s abuse department and/or to email@example.com.
If You Are a Victim of a Scam
- Change your passwords and PIN numbers on all your online accounts even if you are unsure if they’ve been compromised. Make sure to contact each institution to make them aware of the situation.
- Place a fraud alert on your credit report.
- Routinely review your bank and credit card statements for unexplained charges or inquiries that you didn’t initiate.
Ultimately, you should remember to be cautious when you are online. This does not mean that you should be afraid of the Internet by any means, but that you should always be aware of the potential dangers. Diligence will go a long way!
As always, feel free to contact your Moneta Team for assistance with any of these items.