Continuing our series of Valentine’s Day-related posts, let’s take a moment to talk about security. Valentine’s Day is a particularly onerous time of year when it comes to keeping your computer safe from malware and other maladies. “Hackers” (or whatever you want to call the people who craft and disseminate malware, steal private information, etc.) prey upon people’s emotional vulnerability, sending phony “I love you” e-mails, mass blasting messages across dating sites that lead to phishing sites, the whole nine yards. So, what can you do to keep yourself as safe as possible over the next week or so, and how many of these skills can you then use throughout the year? Let’s find out!
To get a better idea of some of the scams that pop up around Valentine’s Day, I spoke to Paula Greve, McAfee’s Director of Web Security Research. McAfee seems like a good group of folks to talk to about this kind of thing.
First, what exactly should you be on the lookout for? Greve explained that hackers (I’m going to keep using the word “hackers” for convenience’s sake) primarily exploit the Valentine’s Day holiday in three different ways: running online dating site scams (look at today’s eHarmony hack); appealing to people’s sensual curiosities as seen with the recent Kama Sutra PowerPoint trojan; and plain ol’ e-mail spam, often under the guide of e-cards.
“[Right now we’re seeing that] about one out of every 200 e-mails is a Valentine’s spam e-mail,” said Greve. “And they’re not just spam e-mails, but they’re scams, e-cards with viruses, that sort of thing.”
It’s partially because people tend to let their guard down around this time of year, expecting electronic Valentine’s cards from friends and family, scrolling through dating sites looking for friendly people to chat-up, and so forth, that hackers can take advantage of people’s natural inclinations and turn that against them.
“People are thinking about [Valentine’s Day] so they’re more likely to click on these types of things,” said Greve. “People know that Valentines are going around, so its easier for [hackers] to send those types of e-mails and have them reach your inbox, and have you open them.”
The following graph, which McAfee kindly provided, shows the percentage of spam e-mails containing the world “valentine” in the subject field. As you can see, once February hits there’s a pretty dramatic upswing.
Hackers know that once February rolls around people begin the tricky process of selecting the perfect Valentine’s Day gift for their loved ones, so they naturally take advantage of that added interest.
“With everybody thinking about Valentine’s Day, and it being something that people want to be excited about and want to participate in, [hackers] know they have a willing market,” she said.
Greve explained that these hackers are after any number of things, including credit card information, login credentials, or merely looking to install malware on your computer. Some are profit-motivated, while others are just out to cause a little destruction. In any case, there are a number of things you can do to prevent something bad happening to you.
One, and I know I sound like a broken record at this point, but it absolutely behooves you to have up-to-date anti-malware software up and running on your computer. Even if you’re a savvy user, and I expect anyone reading good ol’ CrunchGear to know their way around a computer and the Internet(s), you really ought to have anti-malware software. How many times have we seen so-called “trusted” Web sites inadvertently serving up malware by way of a rogue, third-party ad server? (I seem to recall a similar situation happening here several months ago…) Just because you know not to launch random .exe files that have magically download to your desktop doesn’t mean you’re Superman. And I mean that with no disrespect, of course, it’s just that there’s so much nonsense out there that even the savviest of users need help. Nothing wrong with admitting that you need help.
Two, if you’re going to take the time to buy and install an anti-malware software suite, you really ought to consider one that operates via the cloud. More and more anti-malware suites have moved some of their operations to the cloud over the past year or so. That means if McAfee (or Symantec or Kaspersky, or take-your-pick) discovers a new exploit on Monday morning and releases an update to its software by lunchtime you’ll automatically be protected. No having to remember to manually update your definitions (if you ever bother to). Downloading the free version of AVG, while a good first step, probably isn’t sufficient these days.
Three, software installed, pay attention to what you’re doing. Did you received an e-card from someone you don’t know? Maybe it would be a good idea to hit “delete” rather than viewing the card, much less clicking on a link within. Just “met” someone on a social networking or dating site, and now all of a sudden they’re asking for money? You’re not a mark, right? If someone came up to you on the street and said they were the wallet inspector you wouldn’t hand over your wallet, right? Of course not.
I know most of these tips are probably second nature to most of you guys, but not everyone spends all day in front of a computer reading tech sites. Remind your friends and your family of some of the dangers that may pop up around this time of year, and of the things they can do to mitigate said dangers. Unless, of course, you have nothing better to do than try to play tech support over the phone, which, in my experience, is outrageously frustrating. “Is your anti-malware software up-to-date?” “Well, I updated ‘my iTunes’ yesterday, does that count?”