5. What are the possible ways of addressing malware attack and phishing scams.

According to Joseph Regan on February 16,2018

Step 1: Delete it

And you’re done!

Pay attention

The number one way to avoid phishing emails is to simply remember to

check any email you find even slightly suspicious.

1. Check the spelling and grammar

2. Make sure the links are safe, or just use your web browser

3. Pay attention to file extensions

4. Look at the return address and sense check it

5. Ensure everything is specific and the sender can prove their identity

It takes only a few seconds of double-checking, but it can save you a

lifetime’s hassle. So don’t slack on it!

Use an anti-spam

Most every email provider has some kind of anti-spam built in, but they’re not
always the best. Getting an external spam filter can help pick up the slack
and grab any of the sneaker phishing emails, but oftentimes they only work
with desktop-based inboxes.

Think before you give an email address

A “loose” email address that’s publically known will invite phishing emails.
It’s often a good idea to have two or more email addresses: one for signing
up to websites and making accounts, and another for private or professional
use. That way, most phishing emails should head to the former account,
which you’ll barely be visiting anyway.

Good ol’ security software

As we mentioned before, a phishing email will get a virus to your doorstep,
but that’s all: it won’t let the malware slip past any antivirus you have on your
PC or phone. So something as simple as, say, AVG AntiVirus Free, will keep
your computer safe if you accidentally try to download deceptive
attachments. Good protection can also keep you safe from fake websites,
which will check each one for a proper, authentic security certificate: and
that means you’ll never get the chance to visit that fake website the hackers
worked so hard on.
https://www.avg.com/en/signal/what-is-phishing

According to Jules Matabuena

Published 3:03 PM, October 19, 2018

Updated 3:03 PM, October 19, 2018

Emails and Websites

Email is the most common form of phishing. Although content may vary and
landing sites may even use a trusted company logo, phishing emails usually
pose as legitimate bank communications and tell its recipients to click
through a link in order to verify, update, or activate their account with a
sense of urgency. Sometimes, they are even threatening.

Check the URL of the website. The biggest telltale sign that it’s a fake
website, no matter how real it looks like, is the URL. Make sure that nothing
else comes before the hostname other than https:// and the padlock icon.
Double check to see that spellings of the website or company name are
accurate, too.

Phone calls and SMS

Phishing happens through mobile, too. Fraudsters posing as bank officials

ask for important information such as passwords and account numbers
through phone calls and texts.

You can easily verify the authenticity of the phone call or text you receive. If
it’s from a generic phone number (the usual 09…) instead of a hotline, where
usually the brand name appears as the subscriber, it’s most likely fake. For
safety and security purposes, know that banks won’t call or text you and ask
for your personal or banking information such as username, password or one
time PINs. No matter how pushy, threatening, or urgent they sound, refuse
and stand your ground.

Social Media
In this day and age, phishing happens on social media, too, through private or
direct messages. Much like the emails, texts, and calls, these messages are
meant to sound authentic so that you will be convinced to share your
personal details.

Although the message might look official, just remember that official
representatives will never ask for your personal or security information like
bank account passwords and PINs.

Don’t be vulnerable. Learn how to spot signs of phishing across different

platforms. Report any suspicious messages you receive so you and your bank
can work hand-in-hand to ensure your account’s safety

https://www.rappler.com/brandrap/finance-and-industries/214669-tips-to-spot-
avoid-prevent-phishing

Five ways to avoid falling victim to a phishing scam:

 Always be suspicious of emails asking for sensitive information. Email is not a

secure form of communication. Organizations you do business with already know your
account information and will never request it in an email. Phishers usually include false
statements to create a sense of urgency for information, such as, "Your account will be
terminated unless you respond immediately."

 Never respond to an email request for personal information. Err on the side of
caution. Look at the “from” field of the email. If the organization name does not match
the “reply to” organization name, the message is probably fake. (For example, a
message from a local credit union or bank would not have a reply email address ending
in yahoo.com.) If you ever need to provide personal information like a credit card
number, be sure to use a secure, trusted website.

 Beware of phone phishing scams. If someone requests personal information on a

phone call, be sure you initiated the call—not the other way around.

 Never follow the links in an email you suspect might be phishing. If you are unsure
about a link you receive in an email, hover your cursor over it. If the link text doesn't
match the link address, do NOT click it. Log directly onto the company’s website, or call
the company. Ask if the company is legitimately asking for the information in the email.

 Make sure your operating system, antivirus software, and browser are up to
date. Malware exploits vulnerabilities in the security of operating systems (such as
Windows and iOS) as well as web browsers (such as Internet Explorer, FireFox etc.). Be
sure you have the latest security updates installed on your computer. The ITS security
information page has more information on keeping your computer and data protected.
  Last updated:
 February 20, 2019

https://its.uiowa.edu/support/article/3716

10 easy ways to prevent malware infection

Posted: August 26, 2016 by Wendy Zamora

Here are some ways you can protect against exploits and shield your vulnerabilities:

1. Update your operating system, browsers, and plugins. If there’s an update to

your computer waiting in queue, don’t let it linger. Updates to operating
systems, browsers, and plugins are often released to patch any security
vulnerabilities discovered. So while you leave those programs alone,
cybercriminals can find their way in through the vulnerabilities.

Bonus mobile phone tip: To protect against security flaws in mobile phones, be
sure your mobile phone software is updated regularly. Don’t ignore those “New
software update” pop-ups, even if your storage is full or your battery is low.

2. Enable click-to-play plugins. One of the more devious ways that exploit kits
(EKs) are delivered to your computer is through malvertising, or malicious ads.
You needn’t even click on the ad to become infected, and these malicious ads
can live on prestigious, well-known sites. Besides keeping your software
patched so that exploit kits can’t do their dirty work, you can help to block the
 exploit from ever being delivered by enabling click-to-play plugins.Click-to-play
plugins keep Flash or Java from running unless you specifically tell them to
(by clicking on the ad). The bulk of malvertising relies on exploiting these
plugins, so enabling this feature in your browser settings will help keep the
EKs at bay.

3. Remove software you don’t use (especially legacy programs). So, you’re still
running Windows XP or Windows 7/8.1? Microsoft discontinued releasing
software patches for Windows XP in 2015, and Windows 7 and 8 are only under
extended support. Using them without support or the ability to patchwill leave
you wide open to exploit attacks. Take a look at other legacy apps on your
computer, such as Adobe Reader or older versions of media players. If you’re
not using them, best to remove.

4. Read emails with an eagle eye. Phishing is a cybercrime mainstay, and it’s
successful only when readers don’t pay attention or know what to look for.
Check the sender’s address. Is it from the actual company he or she claims?
Hover over links provided in the body of the email. Is the URL legit? Read the
language of the email carefully. Are there weird line breaks? Awkwardly-
constructed sentences that sound foreign? And finally, know the typical
methods of communication for important organizations. For example, the IRS
will never contact you via email. When in doubt, call your healthcare, bank, or
other potentially-spoofed organization directly.

5. Do not call fake tech support numbers. Ahhh, tech support scams. The
bane of our existence. These often involve pop-ups from fake
companies offering to help you with a malware infection. How do you
know if they’re fake? A real security company would never market to
you via pop-up saying they believe your computer is infected. They
would especially not serve up a (bogus) 1-800 number and charge
money to fix it. If you have security software that detects malware, it
will show such a detection in your scan, and it will not encourage
you to call and shell out money to remove the infection. That’s a
scam trying to infect you. Don’t take the bait.
6. Do not believe the cold callers. On the flip side, there are those who
may pick up the phone and try to bamboozle you the good old-fashioned
way. Tech support scammers love to call up and pretend to be from
Microsoft. They’ve detected an infection, they say. Don’t believe it. Others
may claim to have found credit card fraud or a loan overdue. Ask questions if
something feels sketchy. Does the person have info on you that seems
outdated, such as old addresses or maiden names? Don’t confirm or update
the info provided by these callers. Ask about where that person is calling from,
if you can call back, and then hang up and check in with credit agencies, loan
companies, and banks directly to be sure there isn’t a problem.

Practice safe browsing

There’s such a thing as good Internet hygiene. These are the things you
should be doing to protect against external and internal threats, whether
you’ve lost your device and need to retrieve it or want to stay protected when
you shop online.

“While many of the threats you hear about on the news make it seem like
there is no way to protect yourself online these days, the reality is that by
following some basic tips and maintaining good habits while online, you will
evade infection from over 95 percent of the attacks targeting you,” says
Adam Kujawa, Head of Intelligence for Malwarebytes. “For that last 5 percent,
read articles, keep up with what the actual security people are saying, and
follow their advice to protect yourself.”

So here are some of the basics to follow:

7. Use strong passwords and/or password managers. A strong password is

unique, is not written down anywhere, is changed often, and isn’t tied
to easily found personal information, like a birthday. It’s also not
repeated for different logins. Admittedly, that’s a tough cookie to chew
on. If you don’t want to worry about remembering 5,462 different
rotating passwords, you may want to look into a password manager,
which collects, remembers, and encrypts passwords for your computer.

8. Make sure you’re on a secure connection. Look for the proper padlock
icon to the left of the URL. If it’s there, then that means the information
passed between a website’s server and your browser remains private.
In addition, the URL should read “https” and not just “http.”

9. Log out of websites after you’re done. Did you log into your healthcare
provider’s site using your super-strong password? You could still be
leaving yourself vulnerable if you don’t log out, especially if you’re
using a public computer. It’s not enough to just close the browser tab
or window. A person with enough technical prowess could access login
information from session cookies and sign into a site as you.

10. Use firewall, anti-malware, anti-ransomware, and anti-exploit

technology. Your firewall can detect and block some of the known bad
guys. Meanwhile, Malwarebytes products use multiple layers of tech to
fend off sophisticated attacks from unknown agents, stopping malware
and ransomware infection in real time and shielding vulnerable
programs from exploit attack.
 https://blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-
malware-infection/

July 18, 2018 | By James Raymond

How to Remove Malware?

Malware is mostly being developed for making a profit from forced advertising (adware), spreading
email spam or child pornography (zombie computers), extorting money (ransomware), or stealing
sensitive information (spyware).
Various factors are capable of making computers more vulnerable to malware attacks, including
defects present in the operating system (OS) design, giving users too many permissions, all of the
computers on a network running the same OS, or just because a computer runs on a specific
operating system, such as Windows, for example.
The best protection from malware — whether bots, browser hijackers, ransomware, or several other
malicious software — continues to be the usual, preventive advice of being careful about what email
attachments you open, installing and maintaining an updated, quality antivirus program, and always
being alert when surfing by staying away from untrusting websites.
Talking about malware removal methods, each type of malware has its own way of infecting and
destroying computers and data and hence each malware type will need a different malware removal
method. Avoiding suspicious links, emails or websites are always considered to be good online
habits to have, but attackers are also capable of compromising even legitimate websites.
Some of the basic steps for removing malware are presented below:
1. Backup all the files and data on your computer prior to starting the removal procedure.
2. Disconnect your computer from the Internet.
3. Remove DVDs and CDs, and also unplug USB drives from your computer.
4. Start by scanning your computer in normal mode. A few specific types of malware may not
allow you to do this.
5. Scan your computer in safe mode with networking.
6. Restart your computer and hold down the F8 key. You should remember to press this key
before seeing the Windows startup logo.
7. Watch out for the Advanced Options screen and select Startup Settings. With the help of the
arrow keys, highlight “Safe Mode with Networking” and then press “Enter.”
Installing an efficient antivirus software is considered to be the only way to stay protected or remove
an infection. The most advanced antivirus programs comprise of the best malware removal tools.
Even free ones like Comodo Internet Security Suite offers all the essential tools for removing
malware.
Why Comodo Internet Security Suite for Malware Removal?
Comodo Internet Security Suite is considered to be the ultimate internet security suite providing
complete protection against today’s diverse range of malware threats. This internet security suite has
the ability to prevent most of the malware and cyber attacks which can actually steal all the personal
data stored on a computer and also give hackers unauthorized access to your computer, personal
data and financial information. Just like any hostage situation, malware arising from the internet can
also hold your system as a hostage and demand money besides being able to secretly collect
sensitive information about your internet activity, computing habits, and keystrokes, etc. The latest
version of Comodo Internet Security will help you to protect yourself from all of these threats.
Key Features of Comodo Internet Security Suite
 Antivirus: Tracks and destroys existing malware hiding in a PC
 Anti-Spyware: Detects spyware threats and destroys all infections
 Anti-Rootkit: Scans, detects and then removes rootkits on your computer
 Memory Firewall: Cutting-edge protection against sophisticated buffer overflow attacks
 Anti-Malware: Kills malicious processes before they can do any damage
 Bot Protection: Prevents malicious software from turning your PC into a zombie
 Defense+Technology: Protects important system files and blocks malware before it
gets installed
 Auto Sandbox Technology™: Capable of running unknown files in an isolated
environment where they can cause no damage.

https://antivirus.comodo.com/blog/how-to/what-is-malware/

What to do if you're a victim of malware

Disconnect
If you're a victim of a crimeware attack you should disconnect from the Internet immediately. If
you're connected via Wi-Fi, phone or Ethernet cable, you need to disable the connection as
soon as possible to prevent data being transmitted to the criminal. Breaking your network
connection is the best way to put an immediate stop to the attack.
You can disconnect your Internet connection by physically unplugging from the router or network
connection and also disabling the connection on your device via the following the steps:

1. Click on the Start menu

2. Click on 'Settings'

3. In the settings menu select 'Network Connections'

4. Right-click and select the 'Disable' option.

If an attack takes place while you are at work, you should contact the IT department
immediately. Your company's IT team needs to know about the infection to stop it from
spreading or compromising your personal data and that of the company. Your IT department will
then be able to take the right steps to recover the damage caused. If an attack takes place on
your personal device, you should contact your Internet Service Provider (ISP).
Scan your Device
It's good practice to have antivirus software, such as Norton™ AntiVirus or Norton™ Internet
Security, installed and up-to-date in case this kind of incident occurs. Antivirus and antispyware
software are the best tools to protect against crimeware. Run periodic diagnostic scans with
your software; set up automated scans at regular intervals to further protect your device.
As well as being able to detect crimeware threats from your device, which might otherwise go
unnoticed, antivirus and antispyware programs can often remove the threats as well.
In some instances, the software may detect the crimeware but might not be able to remove it. In
this case, you can consult Symantec's removal tool listings to see if there's a separate tool
which can be downloaded to remove the threat.
Create a backup
It's good practice to create regular backups of your files and folders. While the aim of crimeware
is largely to steal information or data, there's a good chance that files may be lost or destroyed
during the recovery process. You can make backups by using backup software, using another
hard drive or removable media such as a CD, DVD or flash drive.
Monitor Your Online Behavior
Be aware of what you’re clicking on. Avoid suspicious-looking websites and advertisements, and
remember if something seems strange or too good to be true, it is.
Reinstall your operating system
Depending on the severity of the attack, it might be necessary to reinstall the operating system
of your computer. Some threats are very sophisticated and can hide deep in the system using
rootkit techniques, meaning they'll go unnoticed by antivirus software.
Norton software can return your system to its last stable state before the infection took place. In
other situations, the date of infection might not be known, and more sensitive data might be put
at risk. In this case, the safest option might be to recover your files and reinstall your operating
system.

Online fraud

Close all accounts

If you find you are the victim of online fraud or identity theft, the first thing you should do is close
all affected accounts immediately. If you work quickly, you should be able to close accounts
before the thief has time to access them. Closing or freezing your accounts can save you a lot
of time and stress later when it comes to disputing fraudulent purchases made by a
cybercriminal. It’s always a good idea to contact the financial institution and discuss the impact
an attack would have on your accounts and what the necessary steps are to take if the account
has been compromised.
Set up fraud alerts
Set up a fraud alert with the three national consumer reporting agencies, Equifax, Experian and
TransUnion. Contacting just one of these companies sets up the alert for all three. The fraud
alert tells creditors to contact you directly before making any changes to existing accounts or
allowing you (or someone using your identity) to open up new ones. This is an essential step to
control the amount of damage an identity thief can do with your stolen information. This step
also allows you to order your credit reports from each of the agencies for free.
Keep an eye on your credit reports
Keep an eye on your credit reports from each of these agencies as the information in the reports
might differ somewhat. It might take some time for fraudulent activity to appear on your reports,
which is why some agencies offer all-in-one reports or just-in-time alerting services for an
additional fee. In some cases, it might be worth considering one of these quick turn-around
reports depending on the level of threat and the potential impact.
Look for signs of identity theft
It's a good idea to be extra vigilant following an incident of identity theft. Look out for things
arriving in the post such as credit cards you haven't applied for, or anything else that seems
suspicious. Review your credit card bills and bank statements thoroughly every month. You
should also make sure that you're receiving all your utility and other bills that are sent to your
home address. In some circumstances, you might be contacted by vendors regarding accounts
you haven't opened or debt collectors may contact you regarding purchases made by someone
else.
Take These Additional Steps
Take the following additional steps to protect yourself from online fraud: *Create strong
passwords featuring numbers and symbols, and change them often. *Avoid using unsecured
public WiFi networks. *Don’t overshare on social media platforms.
Taking precautions
Security risks online are common and can cause massive amounts of damage when an attack
takes place. While we can't control the actions of cybercriminals, we can take the necessary
steps to protect ourselves and minimise the risk of becoming a victim of cybercrime by installing
good Internet security software, backing up our data and being vigilant.

https://us.norton.com/internetsecurity-how-to-what-to-do-if-youre-a-victim-of-malware.html