The internet is full of viruses, malware and people trying to hack your computer and steal your credit card details and if you don’t buy our virus-crushing, hacker-disintegrating tool you WILL get hacked and you WILL lose everything you hold dear… is what some security companies will tell you to try to get you to buy their product.
In a market full of scaremongering and worst-case-scenarios it’s often hard to pick out the good advice from the over-blown hype and far too easy to fall into the trap of either doing nothing because there’s no clear way forward or doing too much and experiencing the negative consequences of over-protective bloatware slowing down your computer.
Take 10 minutes out of your day and let us walk you through the common attacks and scams to be aware of, and what you need on your computer to keep you safe.
What Is The Risk, Really?
The reality is that there are people out there who would love nothing more than to part you with your hard-earned cash, either by conning you out of it directly or stealing your personal information and using it to impersonate you.
As an individual though, the likelihood of these attacks being targeted specifically at you is slim. Instead, you’ll likely be targeted by a blanket campaign where an attacker will send a generic email to thousands of addresses, or phone a list of random phone numbers, or use some of your data obtained in a hack to get into come of your online accounts automatically.
As a business owner though, your risk of a direct attack is higher, especially if you’re seen to be a wealthy, prosperous business that’s likely to have the funds to pay a high ransom for the return of your data.
How Can It Happen?
There are many ways attackers can try to take advantage of you, and the more cunning of them are coming up with new attack vectors all the time.
Some of the more common methods can be grouped into ___X___ categories:
Phone Scams
An attacker will phone, often from an off-shore call centre, with a story. The story will vary, but they will attempt to come across as wanting to help you to avoid some catastrophic impending event.
Often this will be IT related, a common scam is for an attacker to pretend to be from your Internet Service Provider and tell you they’ve noticed a problem with your computer and that they’re calling to fix it.
Sometimes they’ll be pretending to call from a major retailer like Amazon, looking to confirm that a large payment on your account is genuine – a payment that you won’t recognise and will be entirely fabricated.
Whatever the story, they will try to get you to reveal personal information like your name and address, or your bank details; or they’ll try to gain access to you computer using a remote-access tool like TeamViewer. They’ll keep pressing for more information or access until you realise that they’re not genuine and then move on to their next victim.
Phishing Emails
A phishing email is an email designed to look like a genuine email from a service you use. It is sent by an attacker looking to get access to your online accounts or get you to reveal personal information.
These emails usually include some form of time-critical action that must be taken (confirm this expensive order, renew your email account so we don’t delete it, or even buy this product at a super-cheap price) and a link or button to click.
That link or button is the crux of this scam. If you click it, you’ll be taken to a web page that looks a lot like the website you expect to arrive at, asking you to log in. Except it isn’t the website you think it is. It’s a copy taken by the scammer to trick you into giving them your username and password.
Once you enter your details into that login page, they can log in as you and make purchases in your name (did you save your card details to your Amazon account?), find more personal information (didn’t eBay as for your name, address and date of birth when you signed up?) or try the same email address and password on other sites (you do use a different password for every website right?).
Email Scams
Separate to phishing emails, email scams aren’t trying to get you to visit a website to give away your personal information, they’re asking for it directly.
The infamous ‘Nigerian Prince’ scam is a prime example of an email scam, and normally starts with a too-good-to-be-true offer, like “I have £4 million to send you” but quickly progress to some form of “you send me money first”. Safe to say, if you send the requested money you’ll never hear from the scammer again or get your £4m.
Another email scam is the romance scam. This involves an approach either by email or via a dating site which evolves into a romantic relationship. The scammer then leverages this relationship to get you to send them money in larger and larger amount until they’ve bled you dry.
Viruses & Malware
A virus is, simply put, a computer program that causes harm. There are many different types of virus, and almost as many ways that they can get on to your computer but once there, their job is usually to either steal your personal data or make your computer part of a botnet.
Stealing your data is as simple as it sounds. The virus will monitor which websites you visit, make a note of your usernames, passwords, credit card details and anything else you enter into those websites and feed all that information back to the attacker. They’ll then use this data to commit fraud in your name, steal your money directly, or launch a more targeted attack to get you to hand over even more information, maybe with a phone call.
By adding your computer to a botnet, the attacker will gain control over your computer to use for their own purposes. They may use your computer to launch an attack against someone else (botnets are frequently used to launch Distributed Denial of Service (DDoS) attacks which can render a website or service non-functional) or to send more scam and phishing emails to more potential victims.
Ransomware
This is strictly a subset of the viruses section above, but it can be so debilitating to a business that it deserves its own section.
Ransomware is a particularly nasty form of virus that, once on your computer, encrypts everything so that you can’t make sense of it. Encryption is its own expansive topic, but if you’re not familiar with it, think of the encrypted files as being written in code which can only be understood by the attacker.
The ransomware infection will be accompanied by a ransom demand – usually an amount in Bitcoin or another crypto currency which is difficult to track.
They promise that if you pay the ransom, they’ll unencrypt your files and you can go about your day. Fail to pay, and those files are as good as a sheet of paper filled with random letters and numbers.
What Can I Do To Stop It?
Now that you’re sufficiently scared… *ahem* educated about the risks, you’re going to want to know what you can do about it.
The good news is, it doesn’t take more than a little bit of common sense to stop most of these scams. Scammers employ all sorts of tactics to pressure you into giving them what they want. That’s normally because if they give you the time to think about what you’re being asked you’ll probably realise that it doesn’t quite add up.
Your first step is simple. Take a second to think about who is calling. Is the call or email from a company you recognise? Do you have any dealings with that company? Are they claiming to be from BT when you get your phone and internet through Sky?
If the call seems like it could be genuine, think about what you’re being asked for. Your mobile phone company probably wouldn’t call you about a problem with your computer, and Amazon wouldn’t call you about an order you haven’t placed.
If you are in any doubt about the validity of a call or email, hang up the phone, don’t reply to the email, and get in touch with the company directly via the phone number or email address on their website. Don’t trust any contact information that a potential scammer gives you, or click any links in a suspect email.
This is often a reliable way of spotting a scam. A genuine caller will NEVER complain if you tell them you want to call through their main phone number. A scammer will almost always pressure you in to staying on the line because they know that the moment you get through to the company they are claiming to be from, you’ll realise that they were trying to scam you.
There are a few additional tips that can be used to identify a phishing email. This blog post is a little too long already, so we’ll cover those in another Tech Tip.
What About Anti Virus Software?
So you’ve avoided scam calls and phishing emails, but even the most diligent of us can let a virus through our defences and on to our computer.
That’s where Anti-Virus software provides another line of defence. A good anti-virus package will scan our files as you download them and open them, making sure that they are safe before letting you use them.
And the best news is, if you’re using a current version of Windows (either 10 or 11) you already have a perfectly decent, completely free antivirus installed in the shape of Windows Defender.
In fact, I’d go as far as to say that if you’re using your computer for personal use and keeping an eye out for some of the scams we discussed above, you probably don’t need anything else. Windows Defender is capable and discreet, only trying to get your attention when it needs you to take action.
For business use, however, there are a few additional considerations to keep in mind. The amount of business data that you’ll likely be storing on your computers, coupled with the need to maintain protection on several machines means that you may be better off with a commercial security suite that better meets your needs.
A good commercial security suite will allow you to configure and monitor the security of all your machines from a central portal, making it easy to make sure everything stays up to date and letting you respond to threats as they happen instead of having to rely on individual users to take the right action, or using defaults that might not fit every situation.
You’ll also find additional features like disk encryption to protect your data even if your computer is stolen, and email security offering enhanced spam protection and an opportunity to stop phishing emails before they reach your inbox.
This tech tip has turned into something of a tech essay. For those of you that have made it this far, thank you for sticking with it. I’m sure you’ll agree that this is an important topic that can have a significant impact on you and your business if neglected.
If you’d like a second opinion on your security stance, then we’d be happy to be your sounding board. Take a free 30-minute call with us and we’ll talk through your current setup and your plans for the future and offer some simple straightforward steps you can take to improve things.
There’s no hard sell, and we’re not going to tie you into a contract just for talking to us. We just want to offer some advice to make your business safer and more secure.