Malware wears costumes to get inside your computer
Much like trick-or-treaters, malware can use costumes to disguise what it is, but its purpose is to trick you into installing it. Know what to look for to avoid the trick.
Trojan horse malware got its nickname because it comes in a harmless-looking disguise. Trojan horses may strike as apps in smartphone app stores, freeware or even attachments to emails. A common technique notifies you that you have a voicemail, fax or shipping receipt. If you click the attached document to hear the voicemail, see the fax or find out who shipped you a package, the file downloads malware to your computer. The attachments can look like normal Word documents, photos, sound files or PDFs. Any kind of file can conceal malware.
Drive-by downloads and malvertising
Drive-by downloads occur when a program is downloaded onto your device without your permission or knowledge when you visit a website and click on a legitimate-looking ad. Malicious advertising or “malvertising” embeds malware inside the ads that downloads onto your device if you click the ad.
“Link bait” is website content that other sites link to, such as blog posts, an eBook or a viral video. While link baiting is usually done to generate high levels of clicking (to raise ad revenues), sometimes those links lead to viruses, Trojans or worms; in these cases they are considered malicious.
Malicious links tempt you to click on them from other sites. As the malicious website opens, malware can be installed on your device invisibly. Simply visiting these websites is enough to infect your device.
Scareware tries to get you to click on it by making pop-up boxes look like messages from your computer with official-looking calls to action such as “System Warning!” or “Your computer is infected. Click OK to remove the virus.” If you click the message, the malware can download to your computer. Because clicking anywhere on the message might download the malware, instead of clicking on the X to close the pop-up, press Alt+F4 (Windows and Linux) or ⌘-Shift-W (Mac).
Minimize your risks
Avoid the tricks by being aware of the tactics, and use these strategies to stay safe:
- Only open an email attachment or click on a link if you’re expecting it, you trust the sender, and you know what it contains.
- If something looks suspicious in an email from a trusted source, call the IT Service Desk and verify that the email is legitimate.
- Use up-to-date anti-virus protection and apply recommended patches or updates to your device.
- Only install third-party applications and software that you really need. Make sure it is from the vendor or the official Android, Apple or Windows Store. Since the app stores allow third-parties to post and sell apps, make sure the app is from a trustworthy source and read some reviews before you install it.
- Use discretion when posting personal information on social media. This information is a treasure trove to scammers who use it to feign trustworthiness.
Questions or comments?
We're here to help. Do you have a security-related question or suggestion or want to comment on this article? Contact the IT security officer.
Visit the iRiskAware page on CityTalk for more security-related tips and information.
Published Nov 4, 2015