Credit: Trend Micro
Never open an email attachment from an
unknownsender,evenif it looksharmless
Never give tech support remote access to your PC –
unless you contact them firstDon’t be tricked into clicking fake security alerts
that pop up on your computer42 5 - 18 February 2020
notice supposedly from a courier
company or a fine that needs paying
immediately.What’s the risk?
The level of risk depends on what the
malicious attachment is designed to do
once it’s clicked. It could infect your
system with malware, install
ransomware or launch an attack on a
third-party site. Either way, it’s unlikely
to be something harmless, so you
should never click the file.How to avoid it
Malicious email attachments used to be
easy to spot because they came in the
form of easily identifiable executables
(with an ‘.exe’ suffix). Now, however,
they can be made to look like
documents, PDFs, photos, voicemails
and more. The trick is to simply avoid
clicking any attachments from unknown
senders, and don’t open any from
people you know unless you’re sure they
are safe. A good antivirus program will
protect you from most threats, but it’s
wise to delete the email rather than
leave the threat sitting in your inbox.Fake security alerts
Provided your antivirus software is
reliable and up to date, it should
automatically deal with any threat it
finds on your computer and inform you
of whatever action it has taken to
disarm the problem. Fake security
alerts tend to be more demanding and
in your face – using pop-ups and
containing links to a program (either
malicious, paid-for or both) that you
‘must’ download, or displaying a phone
number that you supposedly need to
call to resolve the issue.What’s the risk?
If you heed the warning and install the
recommended “antivirus” software, you
could infect your perfectly clean PC
with malware. Call the “helpline” and
you may be asked to give the scammer
remote access to your PC (see ‘Remote-
access scams’, below) or be duped into
sharing personal information and
handing over your credit card details to
fix a non-existent problem.How to avoid them
Once the message appears, you need
to work out where it’s coming from.
If it’s just an advert on a web page,
close the tab for that site or – if you’re
unable to – close your browser
altogether. If it’s coming from a program
you recently installed, uninstall it, then
use a security tool such as Malwarebytes
(www.malwarebytes.com) to scan your
system. Whatever you do, if there’s a
phone number in the message, do not
call it, because it could cost you dearly.Remote-access scams
When a virus attacks your PC, or some
other technical problem arises, a
tech-support person from Microsoft
will phone or email you and offer to fixit – right? Of course not. This is what’s
known as a remote-access scam.What’s the risk?
The scammer will call or email you,
explain the “problem” and offer to find
and fix it. To do this, they will need
remote access to your computer, which
they get by sending you a message
containing a link you have to click. They
may even give you an official-sounding
support code to enter. If you click the
link to grant them access, they will be
able infect your PC with malware or
ransomware, change your settings,
access your personal files or make it
look as if they’ve found something, then
charge you for the software you
supposedly need to remove it.How to avoid them
If you receive a call, email or text
message out of the blue from someone
claiming that your PC is infected and
offering to fix it, simply hang up on
them or delete the message, no matter
how polite and plausible they sound.
Never give anyone you don’t know
remote access to your computer, and
report the scammer to Action Fraud
(www.actionfraud.police.uk) or
Microsoft (bit.ly/scam494).Webdevelopersoftenusedeceptive
design practices – so-called ‘dark
patterns’ – to manipulate us into
performing certain actions on the web,
such as buying insurance or signing up for
recurring payments. Examples of dark
patterns include hidden costs that you
only find out about at the last step of the
checkout process, disguised ads, trick
questions and misdirection. The Dark
Patterns website (www.darkpatterns.org)
explains more, and its Twitter feed at
twitter.com/darkpatterns acts as a hall of
shame.
Last year, researchers at Princeton and the University of Chicago conducted
a large-scale study, analysing more than 53,000 product pages from 11,000
shopping websites, and found over 1,800 instances of dark patterns across
those sites. You can find out more at bit.ly/dpatterns494 to avoid getting
manipulated yourself.WATCH OUT FOR ‘DARK PATTERNS’