Malware

Software that purposefully compromises your privacy, damages your data, or uses your device to perpetrate unlawful activity is called malware. Viruses are a kind of malware.

Flaws in apps can create ways for malware to get into your computer, tablet or smartphone, which is why it’s so important to keep your software up to date.

But you can also install malware directly. Of course, you wouldn’t do this on purpose! You must be tricked into running it — but how?

Fake websites

People often encounter malware while trying to install genuine software. Be aware that when you search the web, for example with Google or Bing:

When downloading software from the web, be sure to visit the website of whoever makes it. The best way to tell you’re on an official site is to check the URL displayed in your browser.

Fake apps

Software is increasingly available via app stores, like the Apple App Store and Google Play store. Developers must meet certain conditions to make their apps available this way, and the stores perform checks on the apps they deliver.

However, the curation of these stores isn’t perfect, and malicious apps are sometimes available for a while before being flagged and removed. You might also find unofficial imitations of popular apps.

For more information and tips on how to avoid them, see the separate guide to fake apps.

Rogue security software

Ironically, some malware presents itself as software that will protect you from malware. You might be told “Warning! Your phone is infected with five viruses! Tap here to clean it.”

But what you’re actually seeing is just an ‘advert’ on a web page. It knows nothing about your device, and every visitor sees the same fictitious message.

For more information and tips on how to avoid it, see the separate guide to rogue security software.

Malicious emails

Although email is one of the oldest means of distributing malware, it is still used today. In fact, one of the most serious kinds of malware, called ransomware, is often spread this way.

Emails can deliver malware in two ways:

Note that it’s virtually impossible to harm your device by merely viewing an email. So, if you accidentally opened a suspicious email, but didn’t open any attachments or click any links, you needn’t worry.

It’s easy to ignore and delete messages that are blatantly unsolicited. What’s harder is spotting bogus communications that impersonate a friend or a company you deal with. Means of verifying the authenticity of messages, and the risk of disclosing sensitive information, are covered in the page on phishing.