When you use an ATM downtown, you probably glance over your shoulder to make sure nobody is lurking around to steal your PIN number (or your cash). In fact, you probably first check to make sure that you’re not using a fake ATM machine. When you browse the web and perform transactions online, two security risks to be aware of are malware and phishing. These attacks are perpetrated by individuals or organizations who hope to steal your personal information or hijack your computer.
What exactly are phishing and malware attacks?
Phishing takes place when someone masquerades as someone else, often with a fake website, to trick you into sharing personal information. (It’s called “phishing” because the bad guys throw out electronic bait and wait for someone to bite.) In a typical phishing scam, the attacker sends an email that looks like it’s from a bank or familiar web service you use. The subject line might say, “Please update your information at your bank!” The email contains phishing links that look like they go to your bank’s website, but really take you to an impostor website. There you’re asked to log in, and inadvertently reveal your bank account number, credit card numbers, passwords, or other sensitive information to the bad guys.
Malware, on the other hand, is malicious software installed on your machine, usually without your knowledge. You may be asked to download an anti-virus software that is actually a virus itself. Or you may visit a page that installs software on your computer without even asking. The software is really designed to steal credit card numbers or passwords from your computer, or in some cases, harm your computer. Once the malware is on your computer, it’s not only difficult to remove, but it’s also free to access all the data and files it finds, send that information elsewhere, and generally wreak havoc on your computer.
An up-to-date, modern web browser is the first line of defense against phishing and malware attacks. Most modern browsers, for instance, can help analyze web pages to look for signs of lurking malware, and alert you when they find it.
At the same time, an attacker may not always use sophisticated technical wizardry to hijack your computer, but could instead find clever ways to trick you into making a bad decision. In the next few chapters, we’ll look at how you can make wiser decisions to protect yourself when you’re online — and how browsers and other web technologies can help.