Report Blog Entry
In modern day, sometimes it's unavoidable to share your information, such as the instances with banks and medical professionals. However, you should always remain aware of impersonations, phishing links, malware, and people with bad intentions.
Phishing is the fraudulent practice of sending emails or other messages pretending to be from reputable companies in order to make individuals reveal personal information, such as passwords and credit card numbers, but there are other ways phishing can attack your devices.
Let's say you get an email from banksupport@chase.net and the body of the message tells you to secure your bank account from possible fraud. You click the link, and suddenly something is automatically downloading. Your computer seems to try to run a program when you open it to check it out and then your system crashes.
The above example demonstrates a phishing attempt paired with malware, which is a blanket-term for software or code written with the intent to do harm. Malware comes in many different forms, but there are ways to protect ourselves from digital hostiles.
Types of malware include:
- Viruses
- Worms
- Root kits
- Backdoors
- Ransomware
- Trojan horses
There are also things known as goodware and grayware, which are potentially unwanted but not actively harmful softwares such as adware, spyware, and buggy software. Grayware is any unwanted application or file that can worsen the performance of computers and may cause security risks but which there is insufficient consensus or data to classify them as malware.
A computer virus is software usually hidden within another seemingly malware-free program that can produce copies of itself and insert them into other programs or files, and usually performs a harmful action (such as destroying data).
A worm is a stand-alone malware software that actively transmits itself over a network to infect other computers and can copy itself without infecting files. A virus requires the user to run an infected software or operating system for the virus to spread, whereas a worm spreads itself. As the Morris worm and Mydoom worm showed, even "payload-free", or worms that merely transmit and duplicate without extra malicious code, worms can cause major disruption by increasing network traffic and other unintended effects.
Software packages known as rootkits allow concealment by modifying the host's operating system so that the malware is hidden from the user. Rootkits can prevent a harmful process from being visible in the system's list of processes, or keep its files from being read.
A backdoor is a broad term for a computer program that allows an attacker persistent unauthorized remote access to a victim's computer without their knowledge.
A Trojan horse misrepresents itself to masquerade as a regular program or utility in order to persuade a victim to install it. It usually carries a hidden destructive function that is activated when the application is started, similar to that of a virus, but does not duplicate itself. Instead, it potentially installs additional software such as a keylogger to steal confidential information, cryptomining software or adware to generate revenue to the operator of the trojan.
A dropper is a sub-type of a trojan and merely downloads further malware to the system.
Ransomware prevents a user from accessing their files until a ransom is paid. There are two variations of ransomware, crypto and locker ransomware. Locker ransomware locks down a computer system without encrypting its contents, whereas crypto ransomware locks down a system and encrypts its contents. For example, programs such as CryptoLocker encrypt files securely and only decrypt them on payment of a substantial sum of money.
Phishing can attempt to place any number of these malware items into your computer. Some of the best practices to avoid these are simple and anyone can do them. Starting off, making sure your browser asks before starting a download is probably one of the most important steps, which is a setting you can toggle. You can also change your computer's security to ask your permission before allowing a program to install or make changes to your computer. Modern Windows computer also come with Windows Defender which, when paired with modern safety practices, is sometimes all the defense you need.
These types of attacks can also try to come through bloatware, which we talked about briefly in the computer software teachings, so uninstalling the things you know you won't need like a fitness tracker or a pinball game may be valuable in the long run. Uninstalling bloatware saves space and computing power!
To uninstall bloatware, we need to reach the uninstaller screen. Within your Windows settings (click the start menu and then click the cog/gear icon), go into Apps, and scroll down the list. Find whatever program you're looking to delete and click it to bring up the options available. If the uninstall option is grayed out, you may have to change your permissions on your computer. This type of bloatware removal is impossible on Mac and iOS machines, as the bloatware is directly within the source and returns upon every update. (Just another reason why I hate Apple products)
Being safe on the Internet is hard. The best advice I can give is to assume that every email and text message you get is malicious. Of course, that vastly limits the usefulness of those methods of communication, so we need to take an additive approach. In other words, rather than assuming everything is safe and excluding what isn't, you should assume everything is bad in only allow what you know you can trust. Pass everything through a sniff test: did you get a random text from a friend with an unsolicited link? Don't click on it until/unless you've double-checked with your friend that it was intentional. Bank sent an email with a link to reset your password? Unless you explicitly requested that email to be sent, delete the email and log in to your account manually. If you click on a link from an email and it asks you to enter a password, DON'T DO IT. Always go to the site directly. This also goes for phone calls: if someone calls you and asks for personal info, don't give it to them; only ever give info to someone you called, assuming you know who it is you intended to contact.
Aside from limiting what you click on, ensuring you have a secure password that you change semi-frequently and don't reuse for insecure sites (ie. your bank password shouldn't be the password for your social media, and neither of those passwords should be the same as your work log-in), is a great next step. Having a password become compromised shouldn't be an end-of-the-world scenario, but for a lot of people, that's the reality. When doing this, it's a good idea to keep a physical list of passwords in a safe place, or an encrypted password manager like 1Password.
You should also learn to recognize questionable links, websites, and emails. You can always hover over (leave your mouse cursor over a link without clicking) a link to see where it goes - emails and blogs can disguise a link as something else. For example, here's a link to neopets.com. Notice that when you hover over this link, it does not go to https://neopets.com, but instead to https://en.wikipedia.org/wiki/Neopets. Now imagine if that link went to anywhere on the web, or even to an automatic download link. Watching where you click is an imperative skill that will save a lot of people some heartache.
Before you even do any downloading or questionable searching, you should read up on the next lesson. We'll be talking about how to backup your data, how to store these backups, and the 3, 2, 1 method.
Comments
Comments disabled.