Imagine you receive an email from a large company that you often deal with, suggesting you have an unfinished application. You don't recall applying for anything, but you trust the sender, so you open the email and are directed to open an Excel document to complete the process.
When you try to open the document, you receive a message stating it was created in an older version of Excel. You're asked to 'enable content' to view the file, and when you do, the document doesn't look familiar. The company must have made a mistake.
Unfortunately, the mistake was opening the document in the first place.
That email didn't come from the company you know, it was sent by a fraudster. And while it may take time to realize it, you've just infected your computer with malware that could spread to other computers and across your entire network.
Malware is a catch-all term for various forms of malicious software, including viruses, spyware, adware, browser hijacking software, and fake security software.
Malware can be designed for many purposes, from spying or stealing your personal information to causing harm to your software, and even extorting payment from those whose devices it infects.
Malware can look like a regular file or be embedded in a regular file, making it hard to detect – and unfortunately, also makes it a very common vehicle for frauds and scams.
How does it work?
For malware to be effective, a user must first be deceived into allowing it onto their computer.
Sometimes it's a result of opening a corrupted file that looks like it's from a trusted sender, while other times the malware comes from visiting a website that has been cleverly "skinned" to appear legitimate but tracks your every move.
Malware can collect all kinds of information, including: usernames and passwords, internet cookies, auto-fill browser settings, http traffic, as well as browser information and history. Fraudsters may use the collected data to impersonate their targets, access user accounts or preform fraudulent financial transactions.
The current threat
One type of malware that is proliferating in North America is Trickbot. It constantly evolves to evade detection from even the most sophisticated anti-virus software, undergoing multiple updates and iterations, each one more damaging than the last – and it's still out there.
Trickbot uses screen overlays to trick users into thinking they're on legitimate sites (such as your online banking website), maintaining the appearance of the real address in the URL bar and even mimicking the security certificate. When a user enters their username and password within the fraudulent overlay, their credentials are harvested and can be exploited by fraudsters.
How to spot a malware infection
It can often be difficult for victims to identify a malware infection since many are sophisticated and go undetected by virus checking software.
A few things to look for may be decreased computing speed, missing or deleted security software and increased computer crashes or freezes. In addition, malware may be responsible for delivering unusual screens you've never seen before when using your online banking.
How to protect yourself and your business
- Education. One of the easiest ways to stop threats, which are initially spread via phishing campaigns, is to train yourself and your employees to identify, and not open, suspicious emails – even ones that look like they're from a trusted sender. Call the company they're from to verify their authenticity.
- Software. Use the latest software and most up-to-date browser, install antivirus protection, and implement security patches.
- Get help. Consider engaging an external consultant or provider to periodically review your network and web applications. They can identify vulnerabilities that an attacker could exploit and help secure your network.
- Be alert. Pay attention to the appearance and performance of online banking screens. If they aren't consistent with what you are familiar, this could mean your browser has been compromised. Stop your transaction immediately and report your concerns to your bank.
If you think you have malware
Report it: Regardless of whether funds were transferred, here's where to report malware incidents:
- Report all incidents to the Canadian Anti-Fraud Centre
- If you believe malware has compromised your login credentials report it to your financial institution (for example, if you bank with TD, you can report these incidents by emailing Phishing@td.com) and, remember to include a copy of the questionable email, text message, link or URL
- If this happened in your business or at work, also inform the IT department or security team for review of the machine and potential remediation
Talk about it: Share what you have experienced and how malware impacted you or your business. The more people who know, the fewer chances fraudsters have to defraud people.