Software that purposefully compromises your privacy, damages your data, or
uses your device to perpetrate unlawful activity is called
malware. Viruses are a kind of malware.
Flaws in apps can create ways for malware to get into your computer,
tablet or smartphone, which is why it’s so important to
keep your software up to date.
But you can also install malware directly. Of course, you wouldn’t do this
on purpose! You must be tricked into running it — but how?
Fake websites
People often encounter malware while trying to install genuine software.
Be aware that when you search the web, for example with Google or Bing:
- The first result will not necessarily be the official website.
- A rogue outfit might have paid to place an advert for their own
similar-looking site.
When downloading software from the web, be sure to visit the website of
whoever makes it. The best way to tell you’re on an official site is to
check the URL displayed in your browser.
Fake apps
Software is increasingly available via app
stores, like the Apple App Store and Google Play store. Developers
must meet certain conditions to make their apps available this way, and the
stores perform checks on the apps they deliver.
However, the curation of these stores isn’t perfect, and malicious apps
are sometimes available for a while before being flagged and removed. You
might also find unofficial imitations of popular apps.
For more information and tips on how to avoid them, see the separate guide
to fake apps.
Rogue security software
Ironically, some malware presents itself as software that will protect you
from malware. You might be told “Warning! Your phone is infected with five
viruses! Tap here to clean it.”
But what you’re actually seeing is just an ‘advert’ on a web page. It
knows nothing about your device, and every visitor sees the same fictitious
message.
For more information and tips on how to avoid it, see the separate guide
to rogue security software.
Malicious emails
Although email is one of the oldest means of distributing malware, it is
still used today. In fact, one of the most serious kinds of malware, called
ransomware, is often spread this way.
Emails can deliver malware in two ways:
- Attachments. Malware may be disguised as familiar file types like JPEG
or PDF. Thankfully, modern email services scan attachments for malware and
block a significant proportion of it. Still, as a rule, if you’re even
slightly unsure about a file you’ve received, don’t open it.
- Links to websites. Instead of attaching it directly, an attacker may
email a link to a website where a harmful file is presented for download.
One trick is to show a page that pretends you need to install an update in
order to view the message; the ‘update’ is actually malware.
Note that it’s virtually impossible to harm your device by merely viewing
an email. So, if you accidentally opened a suspicious email, but didn’t open
any attachments or click any links, you needn’t worry.
It’s easy to ignore and delete messages that are blatantly unsolicited.
What’s harder is spotting bogus communications that impersonate a friend or
a company you deal with. Means of verifying the authenticity of messages,
and the risk of disclosing sensitive information, are covered in the page on
phishing.