Tuesday, October 18, 2016 - 10:49am

Online threats constantly evolve. Cyber criminals use variations of the same tactics, like malware (malicious code or software) and phishing—scams that trick you into providing personal information.

October is National Cyber Security Awareness Month (NCSAM) and the Information Security & Policy Office is partnering with the Department of Homeland Security to highlight the importance of cybersecurity and online safety. Here are some ways to avoid malware and phishing attacks.

Malware defined

Malware is a general, blended term to describe malicious code or software, and includes viruses, worms, Trojan horses, ransomware, and spyware, to name a few. It can disrupt a computer’s operations and destroy files or run quietly in the background, tracking what users type or what sites are visited, sending this information from the infected computer to cyber criminals.

In the case of ransomware, the malicious code locks a computer or encrypts certain files on the device, threatening to delete files or keep the computer locked until a monetary fine is paid. Even after paying this “ransom,” it is not guaranteed that the files will be freed from its captors.

To protect yourself from malware

  • Think before you click. Malware can spread to your computer and files through malicious links and attachments. Only click links or open attachments from legitimate, reputable sources. When in doubt, delete or ignore the message.
  • Keep your anti-virus software updated. New malware is continually being written and deployed. Updating your anti-virus software is a way to keep current against the latest malware.
  • Back up your files. If you are a victim of malware, such as a virus or ransomware, you may risk losing files and data on your computer. Regularly back up your data to the cloud or an external hard drive to protect your files.

Phishing defined

Phishing is a social engineering attempt by an individual or group to solicit personal information from unsuspecting users by tricking them into disclosing their information. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or from someone the person actually knows.

The emails often entice users to click on a link that takes the user to a fraudulent website that appears to be legitimate. The user may be asked to provide personal information, such as account usernames and passwords.

Additionally, these fraudulent websites may contain malicious code which take additional advantage of vulnerabilities present on any outdated computers. Attackers often take advantage of major events – such as a natural disaster, sporting event, etc. – and pretend to be legitimate charities or retailers to entice users.

To protect yourself from phishing

  • Be wary of unsolicited emails asking for personal information. Do not provide personal or institutional data without verifying that the sender is legitimate. When in doubt, ask.
  • Hover over links before clicking on them to be sure they point to a legitimate Web address.
  • Delete suspicious or unexpected emails without opening them. Signs of a suspicious email include misspellings and poor grammar, or offers that seem too good to be true.
  • Change your password if you accidentally fall for a phishing scam. You can change your HawkID password with the reset tool: https://apps.its.uiowa.edu/pwtool/change