- Botnets: If you allow your computer to remain unprotected, did you know you are likely to become part of the spam problem? Most spam is sent remotely by millions of home computers that are not protected. Yes, cybercriminals search the Internet looking for unprotected computers. They then install malicious software (malware) on your unprotected computers so that they can control and use your computer to send spam. You become part of a robot network known as a botnet. Also known as a "zombie army," a botnet is made up of thousands of controlled computers sending millions of emails. That's one reason why up-to-date security software is critical. Malware may also be hidden in free software applications. It can be appealing to download free software like games, file-sharing programs, and customized toolbars, but just visiting a website or downloading files may cause a "drive-by download," which could turn your computer into a "bot." Another way spammers take over your computer is by sending you an email with attachments, links, or images that install hidden software if you click on or open them.
- Distributed Denial of Service (DDoS): A distributed denial-of-service (DDoS) attack is one executed by multiple machines against a single server, such as a website’s server, to cripple it or stop it from functioning. Many DDoS attacks can be perpetrated by consumer PCs controlled by a bot controller, using the individual PCs as zombies as described above.
- Identity theft: Your personal information can provide a cybercriminal instant access to your financial accounts, credit record, and other assets. Identity theft is when criminals take possession of your personally identifiable information (PII), sometimes including credit card information, bank account information, and/or Social Security number, and use it for fraudulent purposes. Anyone can be a victim of identity theft. Identity theft perpetrated online is usually facilitated by malware and social engineering tactics that attempt to fool you into trusting the communicant enough to give up information. For example, posing as your bank, retailer, or other service provider, cybercriminals may request that you click on a link in an email that goes to a website asking for personal information. In other cases, cybercriminals steal personal information from many people at once, by hacking into large databases managed by businesses, such as retailers or government agencies. Identity theft can also occur in the physical world if criminals steal your wallet, raid your mailbox, or rummage through your trash to get your personal information.
- Follow our practices against Identity Theft to help avoid this growing crime.
- Malware: Malicious software that steals your information or otherwise controls your laptop, desktop, smartphone, or other device. Viruses, Trojans, and spyware are some of the most common forms of malware. When you download this malicious software you may see pop-up ads to entice you to purchase fake anti-virus software, resulting in significant proceeds for cybercriminals. Malware can also take control of your computer, forcing it to perpetrate attacks against companies or governments, or send spam on the behalf of cybercriminals.
- To conduct safe online searches and reduce the chance of inadvertently downloading malware onto your computer, download McAfee’s SiteAdvisor software which rates the safety of websites as you search.
- Spam and phishing: Unsolicited email is called spam. Emails that attempt to lure you by masquerading as a legitimate business or someone you know is known as phishing. Phishing is meant to entice you to purchase from fraudulent companies, become a cybermule for money laundering, entice you to download malicious software, or otherwise target your personal information. By posing as legitimate companies or organizations, cybercrooks convince you to share your account numbers, passwords, and other information so they can get your money or buy things in your name. At times, the email may suggest that something bad may happen if you don't respond quickly with your personal information. These criminals also use other means to gather this information, including text messages or pop-up messages that appear to come from your bank, a government agency, an online seller, or another organization with which you do business. The message asks you to click a link to a website or call a phone number to update your account information or claim a prize or benefit. Legitimate businesses should never use email, pop-ups, or text messages to ask for your personal information. Phishing is also used to entice employees of target companies and government agencies to download malicious software onto work devices such as a laptop, establishing a path into an employer’s network to steal intellectual property or attack the network.
- Watch video about Phishing
- Spyware: Installed on your computer without your consent, spyware monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to malicious websites, monitor your Internet surfing, or record your keystrokes, which could lead to the theft of your personal information. A computer may be infected with spyware if it:
- Slows down, malfunctions, or displays repeated error messages
- Won't shut down or restart
- Serves up a lot of pop-up ads or displays them when you're not surfing the web
- Displays web pages or programs you didn't intend to use, or sends emails you didn't write
Ways to Protect Yourself:
- Anti-spyware software: Just like anti-virus software, this additional protection prevents spyware from being downloaded onto your computer without your knowledge.
- Anti-virus software: Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
- Authentication: A method used to attest to your identity in order to log in to a network, website, or device, and use the services. You use authentication every time you use your username and password to log in to your smartphone, use the web to reach services such as the tax authority, the driver’s bureau or Department of Motor Vehicles, your airline, your telephone provider to pay bills, or any other online provider. There are typically several options for authentication: something you know, something you have, or something you are. Two-factor authentication, for example, uses two of those forms. Something you know is your username and password. Something you have includes a hardware or software token which generates a one-time passcode. Something you are includes a unique physical asset that no other person would have, such as your thumbprint.
- Biometrics: In the context of computing, biometrics is a form of authentication that uses the “something you are” or a human physical asset to attest to your identity. This can include thumbprint recognition, iris recognition, and full hand recognition.
- Captchas: Captchas are small prompts that ask you to input letters and numbers that you see in a box on a page, before sending an email or when filling out an online form. They are usually triggered when you are about to send an email or an IM that includes a website URL, or when you try to post a website address on someone's social networking site. These prompts may seem annoying, but they do protect you and your recipients. Because those who are illegitimate users or spammers typically automate spam, they cannot respond to these captchas. When captchas are used, they can only be answered by humans — because you have to see what's in the box and then retype it yourself. As a result, machines, illegitimate users, and spammers are blocked from posting or sending the content, further protecting you.
- Personal Firewall: A firewall is one way to prevent cybercriminals from using your computer without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit.
- Virtual Private Network (VPN): A virtual private network (VPN) provides protection for communications by establishing secure “tunnels” between two endpoints. Businesses use VPNs to secure all communications for employees to connect to their network from a remote location. VPNs typically work by having the user attest to their identity through authentication (passwords, hardware or software tokens plus passwords, or biometrics), and then establish a secure tunnel to protect all communication between those endpoints using encryption technology. Once the secure tunnel between the endpoints has been established, all communications — web, email, and other communications — are private and protected through the VPN tunnel.
For more details on common security threats and protections, see our expanded online security and threat glossary.