February 05, 2017 at 12:00 PM
Trojan horses are a type of malware that misrepresents itself to look legitimate, much like the Trojan horse the Greek army used to enter Troy.
Trojan horses may be apps in smartphone stores, freeware and shareware or even attachments to emails. The last is a very common spam technique and is often used with spam email campaigns that say you have a voice mail, fax or shipping notification. When you click the attached document to hear the voice mail, see the fax or see who has shipped you a package, the file opens to show what you expect to see or hear, but in the background, malware is downloading onto your computer.
Drive-by downloads and ‘malvertising’
Drive-by downloads occur when a program is downloaded onto your device without your permission. One way this happens is through malicious advertising, or malvertising.
You know the advertisements that appear on the edge of many Web pages? When malicious actors purchase advertising space there, they can install malware in the advertisement. That means if you see the malicious advertisement, which looks like any legitimate advertisement, the malware hidden in the advertisement will automatically try to download onto your device.
Social engineering: Malicious links
Social engineering relies on tricking you into taking an action, such as clicking a link. As the malicious website opens, malware can be installed on your device. Simply visiting these websites is enough to infect your device.
Some types of social engineering use “link baiting” or other techniques to get you to click on the malicious link. Link baiting (which isn’t necessarily malicious) is when content providers try to get you to click on a link. One popular form of link baiting is providing a teaser that generates interest in the story, such as “5 things preventing you from being rich” or “When I found about this trick, it blew my mind!”
Social engineering: ‘Scareware’
Scareware, such as ransomware and fake anti-virus software, frequently use social engineering by making pop-up boxes look like messages from your computer.
These messages try to look official and say things like, “System Warning!,” “Threats Found!” or “Your computer is infected. Click OK to remove the virus.” They hope you’ll click on the message, which allows the malware to be downloaded onto your computer. Often, clicking anywhere on the message allows the malware to be downloaded, so instead hit the Back button (or on a Windows® computer, use the Task Manager to close the pop-up window).
As if scareware isn’t bad enough, some versions of scareware use the scary warning messages to convince you to buy the malware. ‘Fake anti-virus’ malware most commonly uses this technique. Fake anti-virus is malware that pretends to be real anti-virus software. The criminals who sell the fake anti-virus have professional-looking websites, call centers where you can ask for help and even different payment levels.
After you buy and install the fake anti-virus, it will infect your computer with malware instead of cleaning it, and the malicious actors have your money.
How can you minimize your risk?
Avoid the tricks by being aware of the tactics:
- Only open an email attachment or click a link if you’re expecting it and know what it contains. Don’t open email attachments or click links from unknown or untrusted sources.
- If something looks suspicious in an email from a trusted source, call and verify the email is legitimate.
- Use up-to-date anti-virus protection and apply recommended patches/updates to your device.
- Only install third-party applications and software you really need. Make sure it’s from the vendor or the Android®, Apple® or Windows store. Since the app stores allow third parties to post and sell apps, make sure the app is from a trustworthy source.
- Use discretion when posting personal information on social media. This information is a treasure trove to scammers who will use it to feign trustworthiness.