I recently wrote an article for Bar Leader that examined how attacks on computers are increasing, and what Bar Associations are doing to try to prevent them. After speaking with a number of experts in the field, one of the conclusions I came to is that while there are different ways for people to attack your computer, most of the methods have a common thread: they require you to take some action, generally to click on a link or an attachment, in order for the malware to inflict its harm. While there are all kinds of hardware and software defenses that experts recommend, the careless or unsuspecting click can easily defeat them.
“The sophistication of all this malware hasn’t improved all that much,” said Catherine Sanders Reach, director of Law Practice Management & Technology at the Chicago Bar Association. “Mostly it’s relying on being smarter at tricking someone using social engineering to get them to click on something because it looks interesting, or scary. It’s relying on the weakness of people.”
The CBA recently put on a program for its employees that covered how to stay safe both in the office and at home. The material covered such topics as email, passwords, and social media hazards, such as messages on Facebook that indicate that a user has to click something in order to prevent Facebook from taking some action. During the program, Reach showed examples of the kinds of tricks spammers use to get people to do something that leads to malware being installed. “If it looks scary or too good to be true, then it’s probably something that is trying to get you to take an action that you shouldn’t take,” she says. “You need to be really, really diligent about not clicking on things until you’ve confirmed that they’re legit.”
Good advice. I’d add that even if you get an email from someone you know that has a link or attachment in it, don’t open or click on it unless you were expecting it. Spammers who’ve broken into someone else’s email account can send email to all the contacts in the address book, pretending to be the person who owns the account. The link could take you to a malicious website where malware is installed on your computer. The attachment could also contain malware.