There are people trying to fool you.
A message pops up warning you that malware has been detected on your computer.
What do you do?
The answer’s not as clear as you might think.
Become a Patron of Ask Leo! and go ad-free!
Scammers are constantly trying to fool you into trusting them. Your first reaction to any notification — be it of malware found, a package delivered, or that your computer is supposedly “causing problems on the internet”– should a skeptical one. Don’t blindly trust. Take the time to consider the source and make an informed decision rather than a knee-jerk reaction.
Your trust is a commodity
It’s no secret that scammers actively prey on the trusting.
But it’s not just con artists who abuse our good nature and desire to trust. Hackers, malware authors, overly aggressive salespeople — essentially anyone who wants something from us — are skilled at using your trust against your better interests.
Warning: malware detected, click to remove…
A pop-up message telling you there’s malware on your machine and directing you to “click here to fix it” is probably no big surprise to most people. With the constant barrage of news reports about hacks and malware and the ongoing emphasis on anti-malware tools, your first response to such a message may be to believe it.
“Malware? Well, it happens to so many people, it’s no surprise it happened to me!”
Except that it might not have.
That message might be completely fake. It may be trying to get you to trust it and click to take further action. “Further action” could install malware, or worse.
Or it could be legitimate.
What do you do?
Unable to deliver package, details attached…
You’ve probably received an important-looking email telling you there’s a package on its way and the details are in an attached file.
Or maybe a message says that your online email provider has detected a problem with your account, and you need to check something by clicking on a conveniently provided link.
I’ve even received email from “PayPal” telling me access to my account had been “limited” because of suspicious activity. I needed to log in to provide additional information — once again, using the provided link.1
In each case, the sender wants you to trust them and take whatever action they’ve recommended in their message, be it examining the contents of an attached file, clicking a provided link to their website, or replying to the email with sensitive information.
Abusing your trust in this manner is currently one of the most effective ways to distribute malware or hack your online accounts.
And yet, each one of those scenarios could be legitimate at times.
What do you do?
I’m from Microsoft, and we’ve detected…
You’re working on your computer one afternoon and get a phone call from someone who says they work for Microsoft, and your computer is causing many errors on the internet. They offer to walk you through some steps to show this to you, and indeed, there do seem to be lots of unexplained errors right there on your computer.
Then they offer to fix it for you if you just go to a site and type in a few numbers they recite to you.
Those errors are pretty scary looking, and you certainly don’t understand them.
What do you do?
What you do: get skeptical
Skeptic: a person who has or shows doubt about something. – Merriam Webster
If there were one skill I could magically impart to my readers — hell, on the entire technology-using, internet-loving universe — it would be healthy skepticism.
I’m not suggesting you believe nothing and trust no one. I mean that before you believe, you question, and before you trust, you learn.
Being skeptical is the only solution to the scenarios I’ve outlined above.
In each case, it’s critical that you not blindly trust the information presented to you. In each case, you must question whether or not the person or company at the other end of the message has your best interests in mind. Is the story they’re telling accurate? Verifiably accurate? Do you know beyond a doubt that they are who they say they are?
If the answer to any of those questions is “no”, or even “I’m not sure”, then stop. Stop and take additional steps to confirm what you’re being told is legitimate.
It might mean some internet research, calling them back, or asking a trusted friend or resource for their opinion.
But question everything.
Be more skeptical: it’s a skill that helps prevent disasters before they happen and keeps you and your technology safe.
Nullius in verba.
“Take nobody’s word for it.”2
It’s more than just technology. My plea to be skeptical and question everything is about far more than the technology you have sitting in front of you.
As I’ve written about before, an amazing amount of the information we’re shown each day is completely bullsh*t — or at least nuanced and presented in such a way as to cause you to believe that things are other than they truly are.
Add our natural tendency to believe that which supports what we already believe (known as the “echo chamber” or “confirmation bias”), and it’s easy to be mislead and misinformed.
The solution remains the same:
…even things you already believe are true.
Footnotes & References
2: Nullius in verba, besides being the motto of The President, Council, and Fellows of the Royal Society of London for Improving Natural Knowledge, is a very fancy way of saying “question everything”.