8 Rules for Avoiding Spam and Spyware
Online and Mobile Safety As a society, we have never been more connected—to the internet. Practically everything we do and every place we go has an online component.
From banking, to shopping, from working to looking for work, from connecting with friends to dating, from buying things to binge watching, life is often conducted via an app or in a browser. Society now operates at the speed of email, SMS messaging, tweets and posts.
Connecting to threats
Ironically, at the same time that we boast about our connected-ness, we’re not entirely sure with whom we are connecting. This creates considerable personal and business risk.
Every day, malevolent third parties lurk online—behind copycat websites, convincing emails, highly rated mobile apps—trying to trick unsuspecting people into sharing their passwords, work credentials, bank accounts or address books.
Ransomware and malware, planted on individual devices or across corporate networks, can only succeed if an individual falls for the ploy and clicks. But lots of people do succumb. That’s why the criminals keep attacking. For example, when celebrities pass away, like Prince, David Bowie, or Philip Seymour Hoffman, online activity explodes to celebrate them. Most is sincere. But not all.
For each of these celebrities, email messages and social media posts promised recipients a chance to see or experience something truly special. In the case of Prince, it was a video of his “last” performance, allegedly filmed on a phone the night before he died, an almost irresistible temptation for a Prince fan. But anyone who clicked on that link found their computers locked by ransomware. Ouch.
Recipe for risk
The attacks always have these elements: trust and urgency. Here are some of the most common ploys:
Brand equity. An email appearing to be from a bank, credit card company, or other financial institution that asks you to “confirm” your personal account information. The trust is provided by the trusted logo and design of your bank, the urgency comes from a claim that your account has or may be compromised.
False flag. An email directly from the security or fraud department of a major retailer or telecom company that describes “suspicious activity.” Ironically, the fraudsters claim that you should verify your identity in order to protect against “identity theft.”
Trending topics. A current event scam, like the Prince last performance attack. Scammers read the headlines, and take advantage of current events like deaths or natural disasters, by creating messages that win trust because they seem so authentic. The attachments or links will load malware or ransomware onto your device.
Sham sale. Product based scams—luxury goods at crazy discounts, like $10 iPhone promotions or cut rate airline tickets. These exploits usually have a strong “supply is limited” message, so there is extra urgency to “act now” by clicking the link.
You can’t stop using email. You can’t stop working. You can’t stop using the internet. But you can dramatically reduce your risk by following a few simple guidelines.
Whenever you get an email or online message you are not expecting, a warning bell should go off in your head. Then follow these cyber safety tips:
1. Skip click-bait
Never open an attachment or click on a link that you are not expecting.
Check a suspicious email carefully. Was it sent to you? Or were you bcc’ed? What is the sender’s URL? Quite often, with just a simple visual inspection you’ll be able to determine that it was sent by an un-trusted source.
3. Go to the source
If you receive a convincing email from a bank of financial institution, do not click on the link provided. Instead, go directly to the website of the institution. If the email is legitimate, you will be able to transact your business on the official institution site.
4. Filter files
Many file attachments, particularly .zip and .pdf files, can contain malicious files. Don’t try to open attachments if you are not sure where they have come from.
5. Follow up
It only takes a second to contact the organization or individual who appears to be emailing you. If the email is from an organization or company, go to their main website and contact them using the numbers you find there.
6. Keep up
Make sure your antivirus software is up to date. Most modern antivirus packages will scan attachments and automatically disable any malware, including spyware or adware that may be part of the malicious payload.
7. Grab patches
Keep your internet browser updated with the latest security patches.
8. Keep it simple
When in doubt, do nothing.