What is malware?
Malware is any software used by criminals to maliciously gain access to personal information on an operating system in order to commit fraud. Roughly half of all cases of credit card fraud are committed using malware. Types of malware include spyware, ransomware, computer viruses, and cryptoworms, to name a few.
Criminals may use your personal information to commit identity fraud or sell it to other criminals once they have it. This results in the loss of billions of dollars every year to sophisticated online attacks.
How do criminals use malware?
Cyber criminals continue to evolve, employing different types of malware to defraud unsuspecting victims. Some of the most common forms of these cyber attacks include:
- Spyware: Type of malware used by keyloggers that runs in the background of a device, monitoring online activity and keystrokes in real-time to steal information.
- Ransomware attacks: Cyber attack whereby criminals steal sensitive data and files, and then demand that the victim pays a ransom to regain access to them. Criminals will often request that these ransoms be paid using cryptocurrencies like Bitcoin, as they are anonymous and untraceable.
- Phishing email scam: Form of social engineering whereby criminals send emails from legitimate-looking addresses to dupe a user into trusting - and therefore opening - the contents. These emails include links to domains that mimic legitimate software or websites. Once clicked or opened, email attachments and links collect sensitive information or unknowingly download malicious software.
- Botnets: A series of Internet-connected devices, each of which runs one or more bots. Botnets are often used to perform Distributed Denial-of-Service (DDoS) attacks, steal sensitive data, send spam, and allow the attacker to access the device via its Wi-Fi connection.
- Malvertising: The use of pop-ups and online advertising to spread malware, malvertising generally involves injecting malware-laden ads into legitimate online advertising networks and webpages. Similarly, adware is unwanted software designed to place ads on your screen, most often within a web browser. A form of fileless malware, malvertising doesn’t rely on files, and leaves no footprint, which makes it challenging to detect and remove.
- Trojan horse: Form of malware or malicious code that appears to be legitimate, but can take control of mobile devices or computer systems. Designed to damage, disrupt, steal, or inflict harmful action on a hard drive or network through backdoor entry, a Trojan behaves like a legitimate application or file to trick computer users
- Rootkit: A collection of malicious software that gives criminals access to computers or a restricted portion of their software.
- Computer worms: A standalone malware infection that uses a computer network to replicate itself in order to spread from infected computers to other computers. Cyber worms rely on security shortcomings to use unprotected computers as hosts from which to scan and infect other computers.
The potential costs of one of these attacks include compromised credit records, infected machines, and increased insurance premiums as a result of fraudulent activity in the victim’s name. Needless to say, it’s important to implement malware protection like anti-malware programs and security software to avoid falling victim to these crimes.
How to reduce the risk of malware attacks
In a digital world, cybersecurity is critical. Malware works because people are trusting and let their guards down. It’s important to stay proactive to reduce your risk of falling victim to malware and cyberattacks. Minimize malware threats with antivirus programs, firewalls, and antispyware software. Regularly run updates on all your devices, including smartphones. Apple and android phones all require these protective measures. Back up important files often on either an external drive or via cloud computing. Microsoft Windows and Mac offer antivirus products that help minimize cyber threats.
In addition to malware removal and antivirus software, there are basic measures everyone should take to ensure their data isn’t compromised. Use strong passwords, and two-factor authentication whenever possible. Be wary of unsolicited emails, check the sender’s full email address for spoofed addresses, and don’t open messages from unknown sources. Delete an email immediately if you suspect that it is spam. Verify websites with a simple Google search or by checking that it has ‘https’ as part of its URL in your web browser. If you can’t confirm a site’s legitimacy, don’t click the link or enter personal details into its domain. Avoid downloading any software from sites that appear untrustworthy.
What to do if you think you have fallen victim
If you suspect that you may have fallen victim to a credit card scam, immediately report the attack to your card issuer. They will cancel the compromised card, send you a new one, and launch an investigation into the fraudulent activity. You may need to file a police report and an identity theft report with the Federal Trade Commission (FTC), as well, if other personal information like your Social Security Number is stolen. You should also set up a fraud alert with at least one of the major credit bureaus. This will notify you when new credit applications are made in your name.
To remain vigilant, regularly check your bank and credit card statements, and review your credit report for any unauthorized activity. And, above all, always trust your gut.