After watching a segment on Sixty Minutes tonight about a computer virus designed to infect a computer at the BIOS level, I was reminded about the ever present and growing cyber threat. Especially during this time of year, one has to be alert and extra vigilant to avoid falling prey to one of the many tricks used to gain personal information you didn't want to share.
Malware is usually spread through some form of social engineering. Clever tricks are used to fool people into allowing the bad code to gain access to their computer. Email disguised as a legitimate message from a friend in need, a bank, retail store or web-based company arrives in your inbox. It invites you in some way to click on a button or a link where the malware resides. You don't realize it but when you click you allow that program to run on your machine with all the rights and access you have.
During the holiday season when we receive so many electronic greeting cards, photos and other messages
We receive a message that looks as if it came from our bank warning of an overdraft, our favorite retail store with a special discount or the delivery service (Fed Ex, UPS, USPS) advising of a delivery. They are each brilliant recreations of the formats actually used by these companies including actual logos. It is hard not to be taken in.
Before clicking examine the links carefully. Browsers will show you where you are about to go if you hover over the link or hotspot without actually clicking on it. Look very hard at the address. Note when it does not end with the company domain. Visit the company site directly to see if the message is legitimate, or if warnings of fraudulent messages have been posted there.
A great way to protect yourself is to create an account with limited privilege for every day use. Use a different, special account to administer your computer. That way, malware will not have deep privilege and you can limit the amount of damage it can do. Change passwords regularly and don't use the same one for every account you have.
When all else fails, be sure you have good solid backup for that long, hard road to recovery.
Follow me on Twitter @JPuglisiLLC