arrow
Search icon

Safe and Secure Computing Tips

Phising Malware

Phishing

This is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and financial details from a victim. Phishing is normally carried out by sending victims a legitimate looking email typically purporting to be from a bank or other financial institution, online payment processor or IT administrators directing them to a fake website. This website will look authenticate and will ask the victim to login using their credentials and enter other sensitive information. Not all phishing websites will ask for information some sites main function is to distribute malware.

Malware

Malware is software designed to cause damage to a computer, server or computer network Malware can be introduced to a computer by several means for example:

  • Physically using a USB type device
  • Using the Internet for example a drive-by-download
  • Delivered as part of a phishing attack
  • An attachment in an email

Malware comes in many forms here are some are some of the common types of malware.

Requests for sensitive information or login details Be careful of emails requesting you to verify your login details. I.T.D will never ask you to do this over email.
The message contains poor spelling and grammar Emails sent by legitimate companies are checked for poor grammar and spelling mistakes. Any message received with spelling and grammar mistakes should be treated with caution. Also be wary of vague salutations such as "Dear Customer" or "Valued Customer". Most legitimate businesses will use a personal salutation with your first and last name as they will have this information already.
Check any URL’s in the message Hover your mouse pointer over the top of the URL to reveal the actual hyperlink address. If the hyperlinked address is different from the address that is displayed in the message, the message is probably a phishing email which should be reported to your IT department.
There are many different types of scams in use today here are a few of the more common ones.
  • Beware of messages offering amazing deals
  • Beware of emails asking you for personal information or to login to a website
  • Beware of emails saying that you won a large amount of money especially if they look for money to release the funds
  • Beware of emails that make threats
Watch for email senders that use suspicious or misleading domain names If you have any suspicion about an email  double check with the sender. If you are unsure an email is legitimate DO Not Open It, Contact I.T.D at the earliest opportunity. Always double check requests for sensitive information or the transfer of funds
Viruses

This is one of the oldest and most common forms of malware. A computer virus modifies files on a computer in such a way that when a legitimate file is executed, the virus is also executed. Viruses are hard to clean up because they are executed from legitimate programs. To help prevent viruses attacking your computer it is essential that you have a recognised anti-virus program running on your computer and that it is updated regularly.

Worms The main difference between a virus and a worm is that the worm has the ability to self-replicate. Unlike computer viruses a worm can spread to other systems and networks without end-user action. Having an up-to-date anti-virus application will help protect your computer from worms.
Ransomware These are malware programs that encrypt your data and hold it for ransom.  Over the last few years this type of malware has become very common and sophisticated. Social engineering techniques are used to trick victims into downloading the ransomware.  The best defense against ransomware attacks is to backup your files regularly. Under no circumstances should you pay a ransom if your computer is affected as there is no guarantee you will get your data released.
Fileless malware Traditional malware travels and infects new systems using files on the compromised computer. Fileless malware doesn’t directly use files or the file system. Instead it resides in the computer’s memory and is spread from there. As this malware resides in memory it makes it more difficult for anti-virus applications to detect it.
Trojans Trojans masquerade as legitimate programs, but they contain malicious code. A Trojan is generally executed by some action initiated by the victim. Trojans can be delivered as attachments in email on by users visiting sites that contain malicious software. Having an up-to-date anti-virus application will help protect your computer from Trojans. Caution should also be taken when visiting unfamiliar websites.
Adware/Spyware Adware attempts deliver unwanted and potentially malicious advertising to the victim. A common form of adware is to change the default browser page to one that contains advertising. This type pf malware is seen more as a nuisances than been malicious.

Spyware on the other hand are programs that harvest information from your computer. This can include browsing habits and even key strokes. One emerging threat from spyware is the information harvested from the computer can be used in other types of attacks that require a level of social engineering.

DigitalGuardian’s 101 Data Protection Tips

How to keep your passwords, financial & personal information safe


US-CERT (United States Computer Emergency Readiness Team

Home & Business protection


Make-IT-Secure

Ireland’s national advice centre (Roinn Cumarsáide, Gniomhaithe ar son na hAeráide & Comhshaoil)


Stay Safe from Phishing and Scams from Google for Education

Vishing attacks are carried out over the phone

  • Never give remote access to your computer to anyone who phones you
  • Never connect to a website if advised by the caller this more than likely will be an attempt to download malware onto your computer or take remote control of it.
  • Never give personal, bank or login information over the phone or input them on a website unless you can verify that the caller or website is genuine.
  • If you do give access to your computer notify ITD as soon as possible also you will need to contact your service providers such as your bank, Credit Card Company and mobile phone provider and advise them that your details maybe compromised.
  • Please note that ITD will never ask for login details by email.