What is Spyware: How it Works and Tips to Prevent an Attack

What is Spyware: How it Works and Tips to Prevent an Attack
Graphic: Nathaniel Blum

What is Spyware: How it Works and Tips to Prevent an Attack

S.E. Slack
Updated July 29, 2020

It’s easy to joke about those conspiracy theories that claim you’re being watched. What people often don’t realize, however, is that there are scammers out there secretly installing spyware applications on smartphones and computers that do precisely that: Watch everything you’re doing. So what is spyware and how real is the risk to you?

What is spyware?

Spyware is malicious software that infiltrates your computer or phone often with the intent of stealing sensitive information from you. Once installed on your device, spyware collects data such as keystrokes, surfing habits, passwords, credit card and other personal information. You are literally being spied upon—hence the term, ‘spyware.’

Kaspersky, a cyber security firm, classifies spyware as one of the top 7 mobile security threats. In 2016 alone, malicious cyber activity cost the U.S. economy between $57 and $109 billion, according to the U.S. Council of Economic Advisers.

How does spyware work?

Spyware works by silently gaining access to your computer or smartphone. Most people obtain spyware through the seemingly innocent click of an online ad or a link that seems legitimate, or they open an email attachment that seems safe. But spyware can also come loaded with pirated software or movies and songs that you willingly download, typically from a freeware site.

Once installed, it goes to work by secretly changing settings on your device and monitoring every keystroke you make, every website you visit, every single thing you do on your computer or smartphone.

A recent spyware attack on WhatsApp, which has more than 1.5 billion users, targeted an unknown number of people in order to surreptitiously listen in to conversations. Hackers were able to install malware designed to intercept phone calls made through the app to obtain private information. Even Israeli soldiers have been targeted: A 2017 spyware attack targeted soldiers by using social engineering tricks to steal audio and photos from their smartphones.

Four different types of spyware

Spyware comes in four primary forms. Each is designed to monitor your activities on your device but they work in different ways. While most are malicious, some can be legitimate.


This can appear in the form of numerous pop-up ads on your computer to catch your interest. This approach was used by legitimate advertisers in the early days of the internet and still is in some cases. The hacker’s goal, however, is to entice you to ultimately enter personal information, including credit card information, to complete a fake ‘purchase’.

This type of spyware lodges itself into your web browser so it can monitor everything you do on the internet, from searches and downloads to passwords entered on legitimate sites. Some trackers are used to identify computers for legitimate business use or to help parents determine where their children are going online.


Spyware is often disguised as a simple action that seems quite reasonable. For example, you might see a pop-up appear for a Java or Flash Player update that you ‘need’ to install on your device. The trick here is that you don’t require the update, and the ad is not from Java or Flash Player.

System monitors

Spyware of this type captures everything you do on your computer or smartphone, from keystrokes to emails to the programs you run. This category includes software called password stealers, which collect data that it thinks are account names and passwords to help hackers pose as account owners.

It’s important to know exactly what you are clicking or downloading in order to avoid spyware sneaking onto your device.

How can I protect myself from spyware?

Protecting yourself online is critical to foiling scammers who use tactics like spyware.

“These are big players trying to take what’s yours,” said Jerry Honeycutt, president of Honeycutt, Inc. “On a personal level, you’re responsible for your own security. You need to stay up-to-date, understand what the threats are, and how to defend yourself.”

6 Tips to prevent spyware attacks

To avoid becoming a victim of spyware, remember these tips:

1. Use reliable antivirus software, even on mobile devices

There are many options available and free versions may be dependable; the key is to do your own research to find the program that will best meet your needs.

2. Accept antivirus and other software updates immediately

Antivirus updates keeps virus definitions current to continually monitor your system for threats. “Updates include security fixes for vulnerabilities,” Honeycutt said. “Use strong passwords and two-factor authentication anywhere it’s available.”

3. Keep your firewall turned on

Firewalls can be annoying but they do help protect your computer from hackers. If you have multiple computers, also use a hardware router that offers firewall protection.

You can try and search an email address to learn more and better evaluate suspicious communications.

5. Don’t download software from a site you don’t know

As enticing as getting a customized computer theme or some other feature might be, sites like these are playgrounds for spyware.

Instead, go directly to sites that you know are legitimate.

Stay vigilant and protect yourself online. You never know who’s watching.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.