Just the other day one of our readers saw a friend post on social media, “Don’t open any emails from me, I have been hacked.” They had received a strange email from their friend so now they are questioning their own system. We love that the reader reached out to us for advice.
First, let’s look at their friend’s post on social media. Kudos that the friend went to social media to alert their friends. That’s a great way to reach a lot of people, but it is doubtful that it will reach everyone in their address book. Still, it’s a start. Looking at the message, they said they had been ‘hacked’. Technically, a hack is an unauthorized entry into your computer system. This is often an attempt to steal, damage or represent themselves as a valid user of the computer system, namely you. So in this case, the friend must likely wasn’t hacked…at least not yet. When someone hacks into your system, it is the same as them entering your home uninvited – maybe through an open garage door while you’re mowing the back yard, or maybe by breaking a window or picking a lock. The strange emails that their computer was generating and sending without their knowledge was the act of a virus. We often unknowingly let viruses in ourselves. They can attach themselves to a video we find online, a game we play, or even ride along with another attachment on an email. Just like freshly mowed grass after a rain will glue itself to your shoes making it nearly impossible to not carry grass into your clean home, a virus attaches itself to an innocent appearing object.
Once a virus has entered your system, it can be triggered in various ways. In the case of a video or game you downloaded, the virus is easily triggered by starting to watch the video or play the game. However, the viruses that are attached to a file will often require the file to be opened.
So now, what does the reader do if she received this questionable email? First, computer basics 101 – if someone sends you an attachment that you are not expecting, reach out using a different media (text them, contact them through Facebook, etc.) and ask them if they sent the email with an attachment. If you can’t reach them and you’re unsure about the attachment, don’t open the attachment. Just opening an email with an attachment will not activate the virus. If you know they shouldn’t be sending you an email with an attachment or it seems fishy, then just delete the email immediately. You might also alert your friend and tell them they need to check their computer.
But let’s just say, you were expecting a file from a co-worker, and so you opened it. Many times, you will not even know you have a virus immediately. If it is a ‘email worm’ virus others will begin receiving emails from you with the same virus infected attachment, and it will worm its way around the world infecting the computers as far as they can get people to open the attached file.
The virus could also start recording all your keystrokes, and transfer those to the virus creator, giving them every keystroke the typed. This information could then be used to hack into your system later or more likely, give them bank information, credit card information, social media logins, websites you use, and all sorts of personal information. For example, if you go to your bank website and then login, you may have just given them everything they need to log in too. (i.e. bank.com, then type username, and then password). This is the reason multi-factor authentication is a good idea, and why many of the sites now require it. We’ll dive deeper into this in an upcoming blog.
Viruses can also create a backdoor, only known to the virus creator, which gives them easy access to your system. This is the same as if a house contractor built in a secret door that only they knew and had the key. As you can imagine, that would not be a happy discovery.
Ransomware is the latest type of virus and is by far the worse type. With this type, the creator will lock your files on your computer hard drive and then demand payment to provide the key to unlock. This type is getting a lot of Media coverage, as several schools, hospitals and even the government systems getting hit by these attacks.
A phishing email is often referred to as a virus, but it is actually just an email which tries to redirect you to a website for you to willingly giving your username and password, thinking that you’re logging into a safe website. If you don’t click on any of the links to go to the website, there is no application running on your system. We spoke about this in the blog named “Is your email inbox out of control?”.
Having an up to date anti-virus program running or have our monitored services, you would likely be alerted about a virus or attack on your system. You should pay attention to these alerts when they tell you the file might not be safe. Especially note when the file in question suddenly shows a .EXE extension, as this means it is an application/program file.
If you are don’t have our monitored and anti-virus services, here’s a few tips.
- Disconnect your computer from outside sources. This means turning off the Wi-Fi or unplugging the hardwired Internet cable. This prevents the virus from transmitting data back to the creator or sending emails to your address book list. If you can’t unplug or turn off Wi-Fi access, you can also unplug your router if needed.
- Check your machine with a quality anti-virus and malware software. Hopefully have one already instilled and can manually start a scan of your system. We recommend that you scan with all the options, so that it goes a complete scan.
- If possible, delete the corrupted files. If you can’t delete them because they are system or important files, look to see if you have a back up of those files. If you have a backup, it will be better to delete these and restore from the backup.
- Change your Passwords. This allows you to feel confident that any data the virus might have caught will be useless to the creator.
We strongly recommend that if you find yourself in this situation, give us a call. Let us protect your business and your information. If you aren’t sure if you’re protected, definitely call us today!
One final note. Currently the News is reporting about the IRS scam where they claim your social security number was corrupted. Know that the IRS will not call or email you with this situation. You will get a letter in the US Email. If you find yourself a victim of such, going to the State Consumer Protection Center and file a complaint.