14 |^ |^ May 2020
$
Attack of the PUPs
Keep annoying bundleware of f your PC with
our guide to potentially unwanted programs
s reported on the
previous page, the
biggest individual threat
to consumers these days
comes from adware. In
the past, adware tended
to simply mean ad-supported software,
and later it evolved to include so-called
PUPs (potentially unwanted programs),
which are offered alongside the original
program during installation. Sometimes
these unsolicited extras are flagged and
easy to avoid, but some use deliberately
misleading language and confusing
options to trick you into installing them.
These days, PUPs are better known as
bundleware, and are usually more
annoying than outright malicious – most
are ignored by your security software,
so you’ll need additional help: Unchecky
(www.unchecky.com) offers limited free
protection, but Malwarebytes Premium
is by far the best at blocking these.
Most PUPs should be removable via
‘Settings > Apps > Apps & Features’, but
third-party apps make them easier to
spot – IObit Uninstaller (www.iobit.com/
advanceduninstaller.php) is one such
tool with a dedicated Bundleware
section, but it ironically offers
bundleware as part of its own setup
process (IObit’s free Advanced
SystemCare Free tool).Social engineering scams
Adware as a threat has shifted away
from being merely annoying and is nowconsidered dangerous once again.
That’s because it’s often used to
identify software used by scammers
to try and hack people’s computers
through social engineering.
Scammers directly contact users
through legitimate channels – including
the phone, text messages, social media
and email – to try and trick them into
handing over sensitive personal details
such as bank account information. This
may be attempted directly through
tricking the victim into volunteering
the information themselves, or it may
be an indirect attempt. Examples of thelatter include the well-known tech-
support scam. This can originate in a
phone call or via fake error messages
on website that pop up as you’reProtect yourself from web skimming
Many websites that sell products or services rely on third-
party payment providers to process payments. When you
make a purchase, you’re redirected to that provider’s website
to complete the transaction before being redirected back.
6DGO\VFDPPHUVKDYHIRXQGZD\VRILQWHUFHSWLQJWUDIÀFWR
these sites to pop up their own fake version of the payment
site to trick users into giving up their credit card details. This
form of a ‘man-in-the-middle’ attack doesn’t target the
payment provider, but instead alters the code on the
PHUFKDQWZHEVLWHWRUHGLUHFW\RXUWUDIÀFWRWKHSKLVKLQJVLWH
Malwarebytes Premium’s web protection component
offers users realtime protection against known phishing sites
based on their behaviour, but you can take further steps to
protect yourself: verify the payment provider’s website using
the information in the address bar of your browser. Click the
padlock to view the site’s security and verify it’s pointing to
the site you expect it to (make sure it’s https://provider.com
and not something like https://http.ps//provider.com for
example). If in doubt, cancel the transaction and alert the
online merchant.Unchecky doesn’t simply untick
potential PUPs, it’ll warn you before
inadvertently selecting one.Your browser and
security tools can
intercept most – but
not all – fake websites.Beware facsimiles of legitimate websites – check
the address before passing on your personal details.