It’s easy to joke about those conspiracy theories that claim you’re being watched. What people often don’t realize, however, is that there are scammers out there secretly installing spyware applications on smartphones and computers that do precisely that: Watch everything you’re doing. So what is spyware and how real is the risk to you?
What is spyware?
Spyware is malicious software that infiltrates your computer or phone often with the intent of stealing sensitive information from you. Once installed on your device, spyware collects data such as keystrokes, surfing habits, passwords, credit card and other personal information. You are literally being spied upon—hence the term, ‘spyware.’
Kaspersky, a cyber security firm, classifies spyware as one of the top 7 mobile security threats. In 2016 alone, malicious cyber activity cost the U.S. economy between $57 and $109 billion, according to the U.S. Council of Economic Advisers.
How does spyware work?
Spyware works by silently gaining access to your computer or smartphone. Most people obtain spyware through the seemingly innocent click of an online ad or a link that seems legitimate, or they open an email attachment that seems safe. But spyware can also come loaded with pirated software or movies and songs that you willingly download, typically from a freeware site.
Once installed, it goes to work by secretly changing settings on your device and monitoring every keystroke you make, every website you visit, every single thing you do on your computer or smartphone.
A recent spyware attack on WhatsApp, which has more than 1.5 billion users, targeted an unknown number of people in order to surreptitiously listen in to conversations. Hackers were able to install malware designed to intercept phone calls made through the app to obtain private information. Even Israeli soldiers have been targeted: A 2017 spyware attack targeted soldiers by using social engineering tricks to steal audio and photos from their smartphones.
The different types of spyware
Spyware comes in four primary forms. Each is designed to monitor your activities on your device but they work in different ways. While most are malicious, some can be legitimate.
- Adware. This can appear in the form of numerous pop-up ads on your computer to catch your interest. This approach was used by legitimate advertisers in the early days of the internet and still is in some cases. The hacker’s goal, however, is to entice you to ultimately enter personal information, including credit card information, to complete a fake ‘purchase’.
- Cookie trackers. This type of spyware lodges itself into your web browser so it can monitor everything you do on the internet, from searches and downloads to passwords entered on legitimate sites. Some trackers are used to identify computers for legitimate business use or to help parents determine where their children are going online.
- Trojans. Spyware is often disguised as a simple action that seems quite reasonable. For example, you might see a pop-up appear for a Java or Flash Player update that you ‘need’ to install on your device. The trick here is that you don’t require the update, and the ad is not from Java or Flash Player.
- System monitors. Spyware of this type captures everything you do on your computer or smartphone, from keystrokes to emails to the programs you run. This category includes software called password stealers, which collect data that it thinks are account names and passwords to help hackers pose as account owners.
It’s important to know exactly what you are clicking or downloading in order to avoid spyware sneaking onto your device.
How can I protect myself from spyware?
Protecting yourself online is critical to foiling scammers who use tactics like spyware.
“These are big players trying to take what’s yours,” said Jerry Honeycutt, president of Honeycutt, Inc. “On a personal level, you’re responsible for your own security. You need to stay up-to-date, understand what the threats are, and how to defend yourself.”
To avoid becoming a victim of spyware, remember these tips:
- Use reliable antivirus software, even on mobile devices. There are many options available and free versions may be dependable; the key is to do your own research to find the program that will best meet your needs.
- Accept antivirus and other software updates immediately. Antivirus updates keeps virus definitions current to continually monitor your system for threats. “Updates include security fixes for vulnerabilities,” Honeycutt said. “Use strong passwords and two-factor authentication anywhere it’s available.”
- Keep your firewall turned on. Firewalls can be annoying but they do help protect your computer from hackers. If you have multiple computers, also use a hardware router that offers firewall protection.
- Never click on links in unsolicited texts or emails. You can try and search an email address to learn more and better evaluate suspicious communications.
- Don’t download software from a site you don’t know. As enticing as getting a customized computer theme or some other feature might be, sites like these are playgrounds for spyware.
- Beware of links claiming to offer free anti-spyware software. Instead, go directly to sites that you know are legitimate.
Stay vigilant and protect yourself online. You never know who’s watching.