The new age of computer scams and viruses.


Image from Pexels

Hacker’s hand in a dark room.

Joshua Smith, Reporter

Getting a virus on your computer is embarrassing, especially if you’re a young person. It seems like viruses should only be a concern for our parents, grandparents, or weird uncle.

But viruses are always evolving and getting caught out clicking a dodgy link or opening a malicious website is more common than you’d think. As technology advances, so should our understanding of viruses; the best way to avoid them is to understand how they work.

The days of being sent emails with download links to creatively-named malware like the Trojan, ILOVEYOU and Conficker virus are dwindling as the coding behind viruses and antiviruses evolves.

According to Rowan Smith, a service engineer at Inspired IT, these common viruses were often written just for the sake of being a nuisance. But with antivirus programs becoming more proficient, it’s far more difficult to write code to get around the security.

“It’s so hard to write a virus to get around stuff these days that the only people who do it are the ones who are looking to profit from them,” he said.

Most viruses these days are focused on infecting your computer with a type of malicious content called ransomware.

“The purpose of the virus is to lock up important files on a computer and literally hold them ransom.”

Ransomware is an encryption that completely blocks access to files on your device, and the scammer then demands a payment in exchange for a decryption code.

Smith, who has helped run support for business networks infected by ransomware, said the average ransom fee is around US$1000 – a price that is often much cheaper than the cost of paying someone to manually decrypt the files.

Smith explained that if the ransom was unreasonably high – or the scammers had a reputation of not delivering on their promise once the ransom had been paid – individuals and businesses would never bother paying at all, and the scammer would make no profit.

This means two things for us: firstly, if you have found your device held hostage by ransomware, paying the scammer could be the cheapest way to recover your files. Secondly, back up your computer often. If you have everything backed up, it’s possible to restore your device to a point in time before it became infected.

Of course, many people choose not to pay the ransom on principle.

As scary as it sounds, if you have good back up habits, ransomware should not be a major cause for concern. John Kirkby, a partner at Hybrid ICT and The IT Guys, said the most common form of internet scams is not malicious programs, but something called phishing.

                                                                                                           Screenshot from Joshua Smith
A typical phishing email uses small details like the Apple logo to catch people with their guard down. Usually, fake emails can be easily spotted by the awful spelling and grammar.

Like old viruses, phishing websites are generally sent in fake emails.

Kirkby explained that these sites pose as login pages to other sites, like a Microsoft login or a bank or utility like Western Power.

They prompt you for your login details, and as you type in your username and password you’re giving these details to the scammer.

“Because they know most people use the same log-in and password on multiple accounts, they’ll then use that log-in and password to try and get into other accounts that you might have,” Kirkby said.

The reason phishing sites are far more common than executable viruses is that they are much harder to detect.

Kirkby explained: “The antivirus software you’ve got on your computer has got nothing to pick up because there’s no malicious program attached to the email.”

Smith shared similar sentiments, explaining: “Phishing these days is a lot more common because it’s a lot easier to get someone to click on a fake link than it is to write a malicious code that can bypass antiviruses.”

So, what can you do if you think you might have clicked on a dodgy link?

Smith said if you suspect your device has become infected, the best immediate action would be to unplug your PC.

“The sooner you unplug your computer and disconnect it from the network, the less likely it is to then spread to everything else on the network.”

Similarly, if you suspect you’ve fallen victim to a phishing scam, Kirkby suggested changing your passwords using a different device.

“I wouldn’t be trying to change passwords on the infected device,” he said.

In regard to bank passwords, calling the bank and getting them to manually issue you a new password is the safest bet.

Of course, prevention is better than cure, and there are several practical steps you can take to avoid being scammed.

Use multiple passwords for different logins. This way, even if one password is compromised, all your other accounts will be safe.

Kirkby said antivirus programs should not be limited to desktops and laptops: installing antiviruses on mobile phones and tablets ensures maximum safety.

Smith said, however, that even with the best antivirus software available you can still be at risk, because “the weakest point of security is people.”

He advised that the quickest and easiest way to stay safe is to never click on any link from an email you weren’t expecting – even if it’s from someone you know. If you have even the slightest suspicion that an email could put you at risk, most IT support companies will be able to quickly find out if it is malicious or not if you simply forward the email to them and ask them to check.

Kirkby also strongly advises implementing two-factor authentication where possible – meaning that for a new device to log in, it must be confirmed by another account: usually via a separate email address or a text to a linked phone.

One more thing to note which might also ease your mind: if you’re worried that a virus could spread through a server system – like, say, a university server on which you’ve saved hours of work – both Smith and Kirkby said this was highly unlikely.

Kirkby explained that most larger organisations can afford the highest possible security to ensure their servers aren’t compromised, and Smith added that even if somebody does manage to get a computer infected, each computer will still be blocked from accessing other computers on the server, so the virus will be unable to spread.

Viruses may not be as scary and rampant as they used to be, but that doesn’t mean we should let our guards down.

More than any security measures we can take and programs we can install, the most effective scam-deterrent is personal diligence.