Many people believe that if you install antivirus, only go to the more well known websites, and don’t do things people shouldn’t do online that you are fairly well protected. Those people are wrong.
Sure, all of those things will help, but they are not most important way to protect your computer, knowledge is.
There are two major ways I see that people get infected with today: through email attachments, and with a phone call. Let’s talk about each one in turn and see how we can prevent them.
Email attachments
Email attachments are probably the number one way I see systems get infected with spyware or ransomware. More often than not these attachments are either Microsoft Office documents, zip files or some form of script file (VB, Java, etc) disguised as a PDF or image file.
Generally speaking if the user would stop and think for a minute, they would know not to trust the email. A great example is the email from the post office, Fedex, UPS or other delivery service saying there is a problem with your package delivery. If you think about this, the odds that these services have your email address (Wal-Mart, Amazon, and eBay sellers do not usually give your information to the delivery services) is extremely low.
If you are expecting a package and you get one of these emails you can always use the tracking abilities on the website where you bought the item (including eBay) and see if there is a problem. Never open an attachment from one of these companies.
The next type of common email attachment is an invoice or bank statement. Before opening these think if you should be getting one of these and if you think you might, have you gotten one before. It is unlikely that if you have never received a PDF bank statement before that they would just up and send you one without you knowing it was coming.
My rule with email attachments is that I never open them unless I am 100% sure it is legitimate. I make this determination by asking myself these questions:
- Is it from someone who should be sending me an attachment?
- Am I expecting it?
- Have I gotten one from this person/company before?
- Is there any reason, any reason at all, to suspect this is not legitimate?
Another sure fire way to know the attachment is dangerous is if the email says, or insinuates, that I might have won something, be owed something, or they want to pay me something that I was not expecting. The lottery will not email you to tell you that you just won a ton of money, sorry.
If you just have to open an attachment and see what it is, just in case you really did win the Publisher’s Clearing House, open it on a device such as an iPad. An Apple iPad or iPhone is virtually immune from anything that could possibly be in an attachment but will still allow you to open the attachment and view it if it is a legitimate file.
Android devices can work too although it is more likely (although still highly unlikely, and far less likely than your PC) that they could be infected. Even if that should happen, a wipe and reinstall of your device is fairly painless.
I use my iPad Pro any time I suspect an email but for whatever reason I am not sure. It is a fast and easy way to check.
Phone calls / web pop-ups
The next thing I see a lot of these days is people who get taken advantage of by phone calls. It typically starts out with someone calling from “Microsoft” or “Windows” and they tell you they have been getting reports from your computer that it is infected.
They ask you to do a few things on your computer which displays a ton of errors that are in your log files. Yes, the errors are real. No, this is not unique to your computer, we all have them, it is normal.
Then they want you to visit a website or click on an email attachment so they can remote in and fix it for you. Of course once they get in they tell you it will cost real money to have the “problem” fixed. They may even offer to sell you antivirus, a firewall, or even a subscription package that will provide the ultimate in protection and guarantee that you will not have this problem again.
This same scenario could happen with a pop-up on your computer instead of a phone call. This pop-up typically tells you there is a serious problem with your computer and you need to call “Microsoft” or “Windows” at this toll free number.
The first thing you should know is that Microsoft will never call you, period. There is no such company as “Windows”. No one will call you and tell you there is a problem with your computer (with the possible exception of your internet service provider in which case you should hang up and call their technical support department directly). No phone number that just displays on your computer is ever something you want to call.
Often these companies will install not only some free or illegally licensed software that you “paid for” but they can and do install back doors so they can get back into your machine, other spyware, and programs that can keep you from using your computer if you ever decide to stop paying them. They often also sell your credit card info.
I have talked to several of these scammers and allowed them access to computers I had set up just for this, so I could see how they worked. They are very good at their jobs. This is not some uneducated kid on the phone, these are well educated, professional people backed by a large corporation in another country. These people scam millions of dollars a year.
Common sense is the best defense. Slow down and think about it. If there is any doubt at all, hang up, call someone you know personally and ask for help.
