A message pops up on your computer, warning you that malware has been detected.
What do you do?
The answer’s not as clear as you might think.
In fact, no matter what you choose do, it could be the wrong thing, depending on the circumstances.
Your trust is a commodity
It’s no secret that scammers actively prey on the trusting.
But it’s not just scam artists who abuse our generally good nature and desire to trust. People generally prefer to trust the people they encounter every day.
Hackers, malware authors, over-aggressive salespeople – essentially just about anyone who wants something – know that. They’re often skilled at using your trust against your best interests.
Consider that warning message that popped up…
Warning: malware detected, click to remove…
A pop-up message telling you there’s malware on your machine is probably no big surprise to most people. With the constant barrage of news reports about hacks and malware and the ongoing emphasis on anti-malware tools (including from sites like Ask Leo!), it’s no surprise that belief might be your first response when such a message appears.
“Malware? Well, it happens to so many people, it’s no surprise that it happened to me!”
Except … it might not have.
Not yet, anyway.
That message might be completely fake. It could be counting on you to trust that it’s legitimate, and then click on it to take further action. And that “further action” could actually install malware, or worse.
Or, it could be legitimate.
What do you do?
Unable to deliver package, details attached…
You’ve probably received email – important-looking email – that indicates there’s a package on its way to you, and the details are in an attached file.
Perhaps your online email provider has detected a problem with your account, and you need to check something by clicking on the conveniently provided link.
I’ve even received email from Paypal indicating that access to my account had been “limited” because of suspicious activity. I needed to log in to provide additional information – once again, using the provided link.1
In each case, the sender wants you to trust them and take whatever action they’ve recommended in their message, be it examining the contents of an attached file, clicking a provided link to their web site, or even replying to the email with sensitive information.
Abusing your trust in this manner is currently one of the most effective ways to distribute malware.
And yet, each one of those scenarios could, in some cases, also be legitimate.
What do you do?
I’m from Microsoft, and we’ve detected….
You’re working on your computer one afternoon and you get a phone call from someone who says they work for Microsoft, and they’ve detected that your computer is causing many errors on the internet. They offer to walk you through some steps to show this to you, and indeed, there do seem to be lots of unexplained errors right there on your computer.
Then they offer to fix it for you, if you’ll just go to a site and type in a few numbers that they recite to you.
Those errors are pretty scary looking, and you certainly don’t understand them.
What do you do?
What you do: get skeptical
Skeptic: a person who has or shows doubt about something – Merriam Webster
If there were one skill I could magically impart to my Ask Leo! readers … hell, on the entire technology-using, internet-loving universe – it would be the skill of healthy skepticism.
I don’t mean that you believe nothing and trust no one. I mean simply that you question before you believe, and ask before you trust.
Truly, being skeptical is really the only solution to the scenarios I’ve outlined above.
In each case, it’s critical that you not blindly trust the information presented to you. In each case, you must question whether or not the person or company at the other end of the message actually has your best interests in mind. Is the story they’re telling accurate? Verifiably accurate? Do you know – beyond a doubt – that they are who they say they are?
If the answer to any of those questions is “no”, or even “I’m not sure”, then stop. Stop and take whatever additional steps make sense to confirm that what you’re being told is legitimate.
It might mean some internet research, calling them back, or asking a trusted friend or resource for their opinion.
But if you aren’t sure, question everything.
Be more skeptical: it’s one skill that can help prevent disasters before they happen, and keep you and your technology safe.
Nullius in verba
“Take nobody’s word for it.”2
It’s more than just technology
Naturally, my plea for being skeptical and that you “question everything” is about far more than just the technology you have sitting in front of you.
As I’ve written about before, an amazing amount of information we’re shown each day is completely bogus – or at least nuanced and presented in such a way as to cause you to believe that things are other than they truly are.
Add to that our natural tendency to believe that which supports what we already believe (known as the “echo chamber“), and it’s exceptionally easy to be mislead and misinformed.
The solution remains the same:
…even things you already believe are true.