As our reliance on the internet grows, so does the ingenuity of online criminals.
Worms and viruses used to be the biggest threats online, but times have changed.
An estimated 85 per cent of website attacks are motivated by criminality and greed rather than devilment – which used to be the main reason for creating data-munching worms.
Cybercrime rose by 23 per cent last year and ransomware attacks doubled, making it much harder to avoid malware.
Responding to attacks is becoming more time-consuming and expensive, and 60 per cent of small to medium-sized companies fail within six months of being hacked.
Talented hackers and malware developers have even started offering their expertise to the highest bidder, in a process known as cybercrime-as-a-service.
That’s allowing unsophisticated criminal gangs to acquire advanced computer software, with which they can target everyone from enterprise companies to private individuals.
Surely I wouldn’t be worth targeting?
Unfortunately, private citizens often provide rich pickings for criminals.
There are several reasons why you represent a legitimate target:
- Financial reward. If someone can acquire the login details for your financial accounts, they could help themselves to your savings, credit card balances and overdrafts
- Identify fraud. Acquiring sensitive data like passwords helps crooks to impersonate you online, taking out loans in your name or making high-value purchases
- Botnets. Around the world, millions of computers are enslaved in vast networks called botnets. Slave machines soon become unusably slow, because their processors and internet bandwidth are tied up spreading malware or generating bitcoin for criminal syndicates
- Ransomware. Software is installed which stops people accessing their own data unless a fee is paid. If the victim refuses to pay, the device is usually wiped and all data is lost.
Points of entry
The above actions all require a point of entry into your digital life – usually through a compromised computer, phone or tablet.
A Trojan horse is the term for a seemingly legitimate piece of software that provides access to a device, enabling remote users to steal login credentials or monitor keystrokes.
This is also known as spyware, and a classic example involves a rootkit – software hidden in the bowels of an operating system, letting criminals control the machine remotely.
Examples of malware – malicious software – are liberally sprinkled throughout the internet.
Some are transmitted as email attachments, which have to be opened or downloaded before they activate.
Others hide within the code of compromised web pages, and infect anyone visiting the site.
Popup adverts claiming your system has been infected might encourage people to take action by clicking a button – granting the malware permission to download and install itself.
Even clicking on the X icon in the corner of a popup – normally enough to close a browser window – might enable the software to be installed, compromising your system.
Once these bugs have burrowed into your operating system, they’re very difficult to remove.
Fortunately, prevention is much easier than cure…
Ways to avoid malware
These are our tips on how to avoid malware and viruses:
- Keep software updated. When your phone or tablet announces a software update, click Install Now. If you have your own website, ensure add-ons and plugins are regularly updated. Software patches are often released in direct response to identified threats
- Install an antivirus package. Our site lists the latest and best tools for PCs, Macs and mobile devices. These packages avoid malware by blocking and deleting malicious code before it does any damage
- Treat unsolicited messages with suspicion. If an email arrives claiming your device is unsafe, delete it immediately. If a popup appears on your PC, press Esc to close the window. If that doesn’t work, Ctl-Alt-Del the program or pull the plug, but don’t click on it!
- Don’t trust email links unless you’re sure they’re genuine. Even messages from loved ones might be from infected machines. If in doubt, ring the sender and ask if a message is legitimate. Does it sound strange or look unprofessional, and what email address sent it?
- Use strong passwords. The most used passwords in America are still “123456” and “password”. Choosing a unique blend of letters, numbers and symbols makes it harder for people to guess a password, which would enable them to hack personal accounts.
- Stay away from websites of unknown quality. Only visit genuine sites linked to by search engines or other reputable agencies. If you’re buying anything, look for an https address or a padlock (indicating the website is securely encrypted), and log out afterwards
- Stay on secure networks. Your device might have cutting edge security settings, but sending an email while logged into your local café’s WiFi service may still expose the message’s contents to crooks. Never send sensitive data across public WiFi networks.