Viruses, Hackers and Phishing


Windows users need antivirus software, especially if you access the Internet or use email. If you don’t have a program installed, I suggest installing Microsoft Security Essentials (for free).

Windows 8 users should already have Windows Defender installed, which gives the same level of protection as Microsoft Security Essentials. But make sure it is activated. If your computer comes with an alternative, trial antivirus program, if you don’t renew the program, you will need to activate Windows Defender. I suggest uninstalling the trial and activating Windows Defender; it does a decent job and you don’t have to pay for it.

For users before Windows 8, if you never installed an antivirus program, you likely need to do that. As far as I know, Windows Defender before Windows 8 is not sufficient protection. Use Microsoft Security Essentials (Avast or Avira are also OK options at the time of this writing).

Presently, MAC users don’t have to worry so much about this kind of thing, since I think MAC programs have to be approved by Apple.

Antivirus tips:

  • Don’t install more than one antivirus program. It will slow down your computer dramatically.
  • You can install anti-spamware and anti-malware software along with antivirus programs. I generally do not use them for real-time scanning, but just run them every so often. MalwareBytes (free version) is a good software to use for this.

Email hacking

This is also a common problem. If your contacts are getting messages that say they are sent by you and they’re not, change your password to something at least 7 characters long with symbols, and change your security question(s). This happens to people in my contacts all the time and has caused much frustration.

This also can happen as a result of clicking on a bad link in an email. (See “tips for detecting spam” below.)

Spam and Phishing

“Phishing” involves emails that trying to steal your personal information from you for bad reasons. Obviously, mark as spam those emails that say you have money coming. The not-so-obvious messages from “PayPal” that tell you to log in because someone might be using your account are a bit more tricky. Always verify that the address of the link you are going to is the address it’s supposed to be, or someone will have access to your financial records and you won’t have a clue. Remember that just because the email says it is from PayPal and looks exactly like an email from PayPal and links to a site that looks exactly like PayPal’s site doesn’t mean it IS from PayPal. When in doubt, don’t follow the email’s links. Go to trusted, known website addresses instead or call a known number for verification.

Tips for detecting spam and phishing schemes:

  • Links go to an address that is different from what it should be
  • Words are commonly misspelled are don’t make sense
  • The sender’s email address isn’t what you expect it to be (some have faked PayPal by changing one letter)
  • The email contains gibberish
  • The email contains a link that doesn’t make sense or is not explained, even if it is signed by someone you know and looks real! (Hover over links and look at the place it is going to, shown in the lower left of your browser, before clicking.) Clicking a link like this could cause you to send gibberish to all your contacts, too (and who knows what else).
  • The email says you have money coming
  • You are asked to provide personal or login information

Email Scenario:

*Question about email.
You’re Jean Doe and you have a friend John Deer. You get an email from John Deer as follows:
From: John Deer [John’s email here] To: Jean Doe, Pep Cole, Dina Winter [all are your friends] Subject: hi
John Deer
* Should you check out the link or not? Why or why not? Should you reply to John Deer? 


My (suggested) short answer:
NO, don’t click on the link, because the email is NOT from John Deer. Be very careful about replying to John Deer from this email, but it’s a good idea to let John Deer know that it was sent and that he should change his email password and security questions.

The long answer:
Here are some suggestions based on my experience and education. (I don’t claim to know half of all that is involved here, though.)

1) As people above suggested, never click on a link that you don’t understand or that looks questionable, even if it seems to come from a trustworthy source. This link is obviously not taking you to a place you know is safe. Sometimes the real link location is not visible and you need to hover over the link before clicking on it and view the real link location in the lower left of your browser screen to know if it is safe. Verify questionable links with the person who sent them to you before clicking on them.

2) Verify questionable emails with the sender before assuming they come from the said source. This email is almost surely not actually from John Deer, even though it comes from his real email address, is sent to real friends, and is signed by his real name. Hackers or robot-computers can get all of this information and use it to trick unsuspecting people. We know it is fake because it makes no sense and contains gibberish. Spam often has misspelled words and gibberish. This email also has a link to a strange place, and links are one of the means hackers use to do damage by taking you somewhere where they can try to steal your passwords and information or perhaps install a program to spy on you while you use your computer. I’m not positive that clicking on a link like this could make you the next sender of a similar email to some of your contacts, but I’m guessing that’s possible.

3) I don’t know how someone was able to get the friends from John Deer’s address book. Maybe John Deer clicked on a bad link from someone else’s email that looked just like this! Maybe his email has been hacked. Maybe he added a bad app on Facebook which had access to his email contacts and the rest is history. Did you know that someone can send an email and make it say it comes from whatever email address they wish? Just because you get an email from John Deer does not prove he sent it.

4) Maybe John Deer was hacked. Maybe he uses the same password for Hallmark Cards as he uses for his email account. Hackers unleash their computer password crackers on insecure sites and then use those same passwords on more secure sites like banks or Dropbox- or your email. That’s why it is a good idea not to reuse passwords, especially for important things like email and banking.

5) So at this point John Deer has no idea he has sent out this email. Do him a favor and let him know, but be careful about replying to the hoax email unless you’re absolutely sure that the email is his exact address. It’s much better to email him directly in a separate email.

6) What should John Deer do? At a minimum, he should change his email password and the security questions used to reset his password. This many times will stop the incident from happening again. He should make the password at least 8 characters long, and add a capital letter with a special symbol. (Adding just one capital letter and one asterisk would change the hacker’s processing time to figure out an 8 character password from 2.4 days to 2.1 centuries [very generally, according to]) He might want to check the validity of Facebook apps and change his Facebook password as well. He also might want to change the settings in his email to always use a secure SSL connection if he uses email through public wireless networks.