Viruses, Spyware and Social Engineering

Computer users such as yourself have heard about computer viruses and spyware for years. Most anti-virus programs do a good (but not perfect) job of keeping viruses and spyware out of your computer. So the "bad guys" have started using new techniques -- called Social Engineering -- to infect your computer for profit or revenge.

Social Engineering involves convincing or manipulating you to do something that will unknowingly infect the computer. If you can be tricked into installing a bad program, that action will bypass the anti-virus program trying to protect your computer. Some of the ways the bad guys can convince you to accidentally infect their computer includes:

  1. Authentic-looking e-mail. They send out important looking e-mails that say they are from your bank, credit union, work, or a business where you have shopped. If you click on their link, then you will be directed to an official-looking website that asks for your credit card, bank information, or username and password.
  2. Rogue security software. There are a number of authentic-sounding "security" programs out there that say they are there to protect or clean your computer. Instead, they infect your computer with viruses and spyware.
  3. Infected websites. Many bad guys have managed to infect honest web sites without the owner's knowledge. Then when you visit that site, your computer can get infected in the same way.
  4. Infected payload. They will create a program that you want, and include an additional program in the downloaded file that will infect your computer. If you click on "Yes" to download and install the program you want, it will also automatically install the program you don't want. And you clicking on "Yes" may bypass your anti-virus program.

There are several things you can do to protect your computer from these Social Engineering attacks:

  • Make sure your anti-virus has not expired.
  • Recognize scams -- alarmist messages and threats of account closures, promises of money for little or not effort, deals that sound too good to be true, requests to donate to an unknown charitable organization, and bad grammar and misspellings.
  • Don't click on links in a suspicious email message. Instead, go to your web browser and type the company's web site address yourself.
  • Never provide your password over email.
  • Never download anything unless you are sure it is a legitimate program from a legitimate company.
  • Don't chat with someone you don't know.
  • Make sure all purchases are made over a secure connection. You will see a padlock on the status bar at the bottom of the web browser or in the address bar when you are in an encrypted transaction.
  • Download and install the latest updates to Windows and applications on your computer. Updates to programs such as anti-virus, Office, Acrobat Reader, Java, Flash, and iTunes contain patches to fix recently discovered security holes.

If you have any questions about any of these steps, or if you think your computer has been infected, call Clerc Computer Consulting at 713-861-4183. We have a number of tools we use to detect and remove infections from your computers, and we can help you prevent these infections from recurring.