In August 2007 thousands of people received an e-mail that purported to be from a well known job search site . The mail was personalised, so they had no reason to doubt its authenticity. It suggested they opened an attachment and download a toolbar to help in their job search.Many did, but what they didn’t know was that they’d just become victims of malware. They’d infected their computers with a Trojan virus that logged all their keystrokes, including passwords and personal data, which it sent out automatically to a remote server, where the information could be used or sold. Their identities could easily be stolen.
Infecting computers with malware has become a much more popular scam. Sometimes the aim is to simply turn the infected machine into part of a massive botnet, where computers are remotely manipulated to send spam or attack networks. At other times it’s for identity theft.
How It WorksThe person or group making the attack sends an e-mail message. The more authentic it looks the better. The idea is to have the recipient open the attachment that’s part of the e-mail, which then installs the malware on the computer. What happens then depends on what’s been installed, but the consequences can be disastrous.
To offer an idea how easy it can be, scammers can buy malware viruses online for less than £20, or an entire pack with updates and a year’s technical support for £500. It’s going to become more and more prevalent, and more sophisticated and hard to spot as time goes on. The job search site victims would have had no clue there was any problem until it was too late.
How to Avoid Being a VictimThe first rule is to never open an e-mail attachment from someone you don’t know. Even those from friends should be suspect unless it’s something you expected (their computers could have been taken over without them knowing). Treat every attachment as suspicious. Never open anything with a suffix of .exe., .scr or .rar. That said, Trojans can be hidden in many things, including pictures, which usually have a .jpg or .gif suffix – many of which will be harmless.
Make sure you have a good firewall and antivirus software. Both are vital these days, and an important investment in your computer. They’re certainly a lot cheaper than having to take it in to have a bug removed.
One good suggestion is to use a mail filter. It offers you a chance to inspect your mail before you download it onto your computer, and delete any items you don’t want on your hard drive, as well as blacklist certain e-mail addresses. It’s free, and a very useful tool to eliminate spam and well as possible viruses. This is one area where a doubting nature can serve you well. Until you know otherwise, assume everything is malware.
If you bank online, check your account very regularly for suspicious activity. Review the monthly statements from all credit and store cards, and you should also check your credit file twice a year to see if anyone has tried to open accounts in your name.