National Cyber Security Awareness Month ends on Halloween. Much like trick-or-treaters and other Halloween mischief makers, malware can use ‘costumes’ to disguise what it is and to trick you into installing it. The Office of Information Security reminds the campus that if you know what to look for, you can avoid being tricked.
Trojan Horses
This type of malware misrepresents itself to look legitimate. The most common example is spam email with an attachment saying that you have a voicemail, fax or shipping notification. When you click on the attachment, malware starts downloading onto your computer.
Drive-by Downloads and Malvertising
A Drive-by download is when a program is downloaded onto your device without your permission. One way this can happen is through malicious advertising or malvertising, which can sometimes be hidden in the ads on the edge of a web page. Malware is installed in the ad and when clicked on, it can automatically attempt to download onto your device.
Social Engineering – Malicious Links
Social engineering relies on tricking you into taking an action such as clicking on a malicious link. As the malicious website opens, malware can be installed on your device. Simply visiting these websites can infect your device. Link baiting (which is not necessarily malicious) is when content providers try to get you to click on a link. A popular form of link baiting is providing a teaser headline that generates interest in the story, such as “When I found about this trick, it blew my mind!”
Social Engineering – Scareware
Scareware, such as ransomware, frequently uses social engineering by making pop-up boxes look like messages from your computer. These messages try to look official and say things “System Warning!” and “Threats Found!” or “Your computer is infected. Click OK to remove the virus.” Often clicking anywhere on the message allows the malware to be downloaded. To close the pop-up window, hit the back button or on a Windows computer, use the Task Manager.
Fake antivirus is malware that pretends to be real antivirus software. Often they have professional-looking websites, call centers where you can ask for help and even different payment levels. After you buy and install the fake antivirus, it will infect your computer with malware instead of cleaning it.
How can you minimize your risk?
Avoid the tricks by being aware of the tactics:
- Only open an email attachment or click on a link if you’re expecting it and know what it contains. Do not open email attachments or click on the links from unknown or untrusted sources.
- If something looks suspicious in an email from a trusted source, call and verify the email is legitimate.
- Use up-to-date anti-virus protection and apply recommended patches/updates to your device.
- Only install third-party applications and software that you really need. Make sure it is from the vendor or the Android, Apple or Windows Store. Since the app stores allow third-parties to post and sell apps, make sure the app is from a trustworthy source.
- Use discretion when posting personal information on social media. This information is a treasure-trove to scammers who will use it to feign trustworthiness.
- Forward suspicious email received in your TU inbox to phishing@towson.edu.
Malware information provided by Multi-State Information Sharing and Analysis Center.
