Staying Safe Online: Phishing and Malware

Since the dawn of the internet people have been scheming ways to make a quick buck. Just like in the physical world, in the virtual one people devise plans to trick others out of their money. The infamous Nigerian prince email scam has given way to a wide array of other plots to get your money. Most recently, criminals have started to take over your computer and hold your data ransom. However, the classic phishing schemes and the good ol’ ruin-your-day-malware is still common as well.

Phishing for Your Personal Information

Phishing (a play on the word fishing), is the oldest trick in the online trickery book. The goal of phishing is to make you voluntarily give up your private information. Whether it be your bank account, credit card information, social security number, or login information for your email somebody has created a plan to get it.

Phishing scams vary but they typically enter your life through either your email inbox or a bogus website.

The email version of phishing comes from what seems to be a trusted source, like a university, your bank, or another company that you have regular dealings with. The emails then direct you to a link where you are either asked to login or supply some kind of verification using your personal information. The phishers will then use this information to steal your identity or empty or max out your bank account. These emails also normally have an air of emergency about them (like ‘your service will be suspended’ or ‘your bank account will be closed’, etc.) to get you to react in a hurried and panicked state of mind without thinking.

Another variety of phishing takes advantage of a common typo or misspelling in the URL (web address). Scammers buy domains that are just one letter or typo away from a legitimate institution: like Sometimes these sites look just as official as the original site. The scammers hope that you don’t notice the difference and attempt to login.

Fortunately, it’s relatively easy to spot a phishing email. First, you must remember that no legitimate institution will prompt you to verify or otherwise enter personal information through an unsolicited email. Another give away is a generic greeting such as ‘customer’ or ‘subscriber.’ Because these emails are most times sent en masse the scammers can’t use specifics. An unofficial sounding email address from the sender, a fake link in the email, or the aforementioned urgent tone can also be signs that the sender is phishing. Be especially cautious of emails with lots of spelling or grammatical errors, attachments (that may contain key loggers or malware), and requests for personal information.

Picking out a phishing website is a little more troublesome. The lock or key icon located in the address bar are great indicators of a secure site but can’t be trusted as a fail-safe marker. All sites that require you to enter personal information should begin with https (meaning it has a proper SSL certificate) instead of the usual http. Having this certificate means that the site uses encryption that prevents the information you entered from being sent with plain text that anyone can pick up.

Malware: Made to Ruin Your Day- and Your Computer

Malware is not just aimed at inducing sporadic advertisements or shutting down your system. Nowadays, malware is aimed at reproducing to infect as many computers as possible as well as gaining access to banking information or other personal information.

Like phishing, over the years clever people have developed increasingly sophisticated ways to infect your computer: continually getting harder and harder to remove from your computer. Some of the most well known malware types are viruses, worms, and trojans. However, tougher malware is floating around as well.

Viruses are attached to some sort of executable code, like to an attachment in an email. Once activated by using the parent program the virus replicates, attempts to conceal itself, and then wreaks havoc on your computer. The primary purpose is nearly always replication followed by disabling programs or destroying data. Worms operate in a similar manner but can be activated without user the users unwilling initiation. Once it has infiltrated the users system it installs itself and then scans for other vulnerable systems on the network. Once settled in behind the computer’s defenses, the worm can do just about anything. Including installing a remote access program or key logger.

Trojans are aptly named after the ploy the Greeks used to enter the city of Troy during the Trojan War. As such, trojan software disguises itself as a useful or at least benign program that has some unseen malicious intent. Once inside the malware continues to conceal itself by changing its name to a file that wouldn’t trigger any alarms with anti-virus software.

If you begin experiencing a large number of pop ups (especially when you aren’t even browsing), your computer slows down considerably, or if you lose internet connectivity with a known good network these are all telltale signs of malware. A strong antivirus like Spybot Search and Destroy or Malwarebytes will be able to take care of most malware issues. Restoring your system to an earlier point (if you back up your data regularly) is also a viable option.

To avoid malware programs all together use common sense- don’t click every link you set your eyes on; and be especially cautious of links found in emails. Be vigilant of what you download and the added software that some programs attempt to tack on. Avoid giving administrator privelages to any program unless you absolutely trust it. Invest in a trusted and regularly updated anti-virus program. Above all use common sense, keep all programs updated, and retain a healthy dose of skepticism.


If you take your privacy as seriously as we do, then you should follow @LiquidVPN

You can follow the author @FreelanceTony

Sharing is Caring