Have you ever asked, “Why did I get malware?” Here are 5 reasons that may cause malware to break into your device and wreak havoc. Let’s find out.
Table of Contents
- Visiting Fake Websites
- USB Drop Attack
- Security Vulnerabilities
Phishing is a widespread way for hackers to distribute malware. That’s because phishing messages can trick the recipient into trusting this source and do what the scammers tell them to do.
One way that they can let your guard down is to include urgent messages in the content. For instance, if a message says that your account will be deleted within 24 hours unless you click on the link, it should sound very suspicious.
Moreover, since attackers may not have access to the original servers’ email accounts, they might use their own. For example, if an email is seemingly sent by Microsoft, but the email address is like firstname.lastname@example.org, you know the sender’s fake. The email is a scam, too, if the domain name contains mistakes in the email address or the link. Can you spot the difference between “microsoft.com” and “mìcrosoft.com”?
Furthermore, if the message contains too many mistakes, consider it dangerous. Scammers may do so to bypass the anti-spam filters so that their emails and messages land straight into your inbox.
Also, if your email contains input fields, it should be spam, especially when requesting your personal information. Emails from legitimate companies don’t do that because they already know about you. Therefore, watch out for generic greetings like “Dear customer”, too. It means that the sender doesn’t know as much about you as the associated company should.
2. Visiting Fake Websites
Many phishing websites take the form of a misspelled legitimate website. This is called typosquatting, and it involves creating a domain name that is similar to but not the same as frequently visited websites. Take our website, for example. It can be transformed into central.galaxy.com, centrallgalaxy.com, centralgalxy.com, centra1galaxy.com, centralgalaxy.co, or even cèntralgalaxy.com. We don’t know if any of these domains are malicious, but this effect is prominent among the sites with the most visitors on the Internet.
Therefore, you should verify whether the domain name is correct before visiting a website. For example, browsers have auto-suggestions on what websites you may visit when you’ve typed a few characters correctly. Take a look at the domains whenever you encounter a link, too. Although you should not click on links in an email unless you expect it to be sent and there’s no other way to get to that webpage, you can still use it as a piece of evidence to report the sender.
If your website is starting to get large amounts of visitors, it’s a good idea to occupy available domains that is similar to your actual one. After that, set a redirect from the wrong website to the correct one. This ensures that the domains cannot be used by attackers trying to steal information or install malware by waiting for users to visit the wrong website.
Suppose you’ve received a notification that your computer has discovered 5 threats. In that case, do you want to click on the link on the popup window and install the antivirus? Your answer should be no because these sudden and unofficial notifications indicate that there is malware behind the scenes, and the popup is trying to persuade you to install more malware.
If you see notifications like that, immediately disconnect from your Internet, and open your real antivirus program and scan for threats. If you click on any buttons or anywhere inside the popup window, you might get infected.
4. USB Drop Attack
Another possible way that malware can be installed on your device is through a USB drop attack. If you see an external storage device left in public places, never pick it up and plug it into your computer. It usually contains nefarious malware that steals your data and wreaks all kinds of havoc.
Such an attack is called a USB drop attack, and the criminals are intentionally leaving external storage devices in the hopes that a person will connect them to his/her computer. However, the signs are a lot more evident than those in phishing or scareware. Do NOT fall victim to those attacks.
5. Security Vulnerabilities
Unfortunately, even if you do everything right, the software you’re using might have security flaws that mean a hacker can install all kinds of malware, like those that view your data without your consent and when you’re not logged in.
Therefore, it’s advisable to read and reread how to deal with malware and always make data backups so that you won’t lose all your data if malware gets in. Moreover, you should update your software frequently. Patches generally provide fixes for security exploits, so update your app/computer as soon as possible after you find an update. Even if attackers are already using the exploit by the time the software manufacturer finds it, using an updated version immediately reduces the possibility that you’re being attacked with this exploit.
Malware can infect your computer in any of the five ways above, and probably more. Remember that the number one reason for getting malware is human error, and you should prepare for a malware infection because it might happen in any situation, even if you do everything right.
References and Credits
- (n.d.). 7 Ways to Recognize a Phishing Email: Email Phishing Examples. Retrieved September 12, 2021, from https://www.securitymetrics.com/blog/7-ways-recognize-phishing-email
- (n.d.). How To Recognize and Avoid Phishing Scams. Retrieved September 12, 2021, from https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- Juliana De Groot. (2021, September 9). Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2021. Retrieved September 12, 2021, from https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams
- Dan Swinhoe. (2020, December 18). What is typosquatting? A simple but effective attack technique. Retrieved September 12, 2021, from https://www.csoonline.com/article/3600594/what-is-typosquatting-a-simple-but-effective-attack-technique.html
- (2013, July 3). What is Typosquatting? | McAfee Blogs. Retrieved September 12, 2021, from https://www.mcafee.com/blogs/consumer/what-is-typosquatting/
- (n.d.). What is Scareware? Retrieved September 12, 2021, from https://www.kaspersky.com/resource-center/definitions/scareware