Not too long ago, getting a computer virus or falling for a phishing scam was something that happened to other people. It was like hearing about a tragic earthquake or tsunami– it happened and it was awful, but it was far away and didn’t affect you very much.
My, how the times have changed! Today, viruses, worms, and phishing attacks are everywhere. They invade email, websites, blogs, and even popular social networking sites such as Twitter. Some of the phishing scams are very sneaky: emails come in the form of someone or a company with whom you are familiar, such as your best friend or local bank. The email asks you to click on the link and you are directed to a sign in page in your browser. If you enter your information- BAM- it’s stolen.
To start at the beginning, here’s a quick rundown of the various threats we computer users face today:
A virus is a software program or piece of code that infects a computer and reproduces itself to spread throughout the computer or to other computers. Viruses are spread through executable code, which means it must be activated to affect a system and spread. Viruses can sit dormant in computer system until they are activated, either remotely or with a countdown in the code itself.
Malware is short for malicious software. There are different types of malware. A trojan is a type of malware that is surreptitiously downloaded with other software; trojans do not replicate as viruses do, but trojans are generally more malicious because they steal information and “phone home” that information to its master. The name “trojan” comes from the Greek mythology story about the Trojan Horse. Other malware might include spyware or adware, which track the computer’s user’s computing habits, history, or online shopping browsing and buying. Spyware is intended to keep a record of the the activity, while adware is intended to blast the user with targeted ads based on web browsing and online habits. Both do so usually without the user’s knowledge.
Phishing is the name given for one of the worst computer crimes: identity theft. Phishing attempts usually come in the form of emails, instant messages, or hacked websites. They direct the user to what appears to be a legitimate website or application. The user, assuming the website/application is legitimate, enters his username and password, which is promptly stolen.
Although it is increasingly difficult as crooks become more sophisticated, you can prevent viruses and phishing attacks. Some of these tips may require you to radically change your computer use and Internet browsing, however. But if you have ever experienced a virus or trojan, and tried to fix your computer after getting one, you probably realize very quickly that the ounce of prevention really was worth the pound of cure.
How to Avoid Viruses, Phishing Schemes, and other Malware Infestations
- Install firewall and anti-virus software, and use it. There are many excellent programs available for free. Keep the software updated and current, because viruses and malicious software changes all the time.
- Never click on a link in an email that directs you to a webpage to sign in. Even if the email and website are harmless, it’s too risky. Criminals have become very sophisticated with their crimes, and even the experts have difficulty detecting if a website is legitimate or not. Clicking links in emails remains the most common way viruses and phishing scams are propagated.
- Avoid opening attachments in emails. I also avoid opening all emails labeled “Fw” or “Re” unless I am expecting it. A lot of those “Fw” emails are junk, filled with bandwidth-clogging images and urban legends. It’s just not worth it to get a virus or a worm so I can look at another “inspirational-story-with-sparkly-pictures-pass-this-on-to-100-friends!!” email. Not worth it.
- Use Email Properties to view email text. If you absolutely MUST know what is in the email, there is a backdoor way to read the text of the email without opening the images or any spyware that may be lurking. Here’s a video I made that shows how you can view the message coding. This is also helpful if you want to view the IP header to see from where the email is originating. Most of what you will see is in HTML coding (and therefore, gobblydegook), but you can make out the text in the email if you look for it.
- Disable email image viewing by default. If you use Windows Mail or Windows Live Mail, you can disable images from showing in the email, unless you allow it. See my tutorial on How to Block Images in Emails Until You Allow Them.
- Avoid seedy sites, such as p*rn*graphic sites, music-sharing sites, and video-sharing sites. These sites are havens for criminals, and the people who frequent them are easy targets.
- Install or activate the pop-up blocker for your browser. Trojans are sometimes installed in the code of pop-ups, called “drive-by downloads.” NEVER click on any pop-up that tells you that your computer is infected or that there is some impending doom that awaits you. If you worry that your computer really is infected, run your anti-virus software; if you worry that the sky is falling, check the news.
- Be wary of download websites. I used to download new software all the time; but now I am more conservative. Download.com, from the C|Net writers, is a reliable and respectable website. I also look at the Kim Komando website and search for downloads, too. Avoid P2P (peer-to-peer) websites that offer you music, videos, images, etc.
- Use a different browser than Internet Explorer, such as Firefox, Safari, or Opera. Because Internet Explorer is so common, it’s become a popular target. Internet Explorer also has slightly fewer security measures, and can be slow to plug security holes.
Students interested in learning about viruses and phishing to a larger extent should consider an intelligence degree from an online university.