What is Spyware and How Can I Prevent It?

There are eyes everywhere. Between the security cameras that businesses set up around their locations and virtually everyone having a camera phone, every person out in the public is on display in some way, shape, or form. Whether it’s in a grocery store or on a random street corner, we are always being watched. When you’re within the privacy of your home, you would like to think that you’re free from any prying eyes out in the world, especially when you’re browsing the Internet on your computer or mobile device. But that may not be the case, unfortunately, especially with the pervading presence of spyware.

What is Spyware?

Spyware is a form of malware, or malicious software, that secretly tracks and records activity on a computer or mobile device without the user’s knowledge or permission. Types of monitored activity include websites visited, keystrokes, or data entered using the computer keyboard, screenshots, account login credentials, credit card information, personally identifiable information (PID) such as social security numbers, and much more. All of the covertly captured information gets sent through the Internet from the computer or device to a third party. This third party is oftentimes a hacker, who uses some or all of the information to commit identity theft or steal money from bank accounts, or he may sell the data to another party on the Dark Web. The third party could also be an organization that wants to collect data on online user behavior or preferences, ultimately to identify the target markets to which it should advertise its products and services.

Spyware Trends

Spyware sounds like it’s some kind of ultra-modern technology, but public knowledge of it goes as far back as the mid-1990s. The term “spyware” was first publicly used in 1995 on Usenet, a computer discussion system distributed worldwide where bulletin-type news is shared among users. In that first public reference, it was being used in the context of discussing an article on the business strategies of Microsoft. However, by the middle of the year 2000, “spyware” took on the meaning with which we’re familiar today, when Steve Gibson released the first anti-spyware program called OptOut after he discovered advertising software, or adware, on his computer and believed it was capturing sensitive information. Nowadays, spyware programs have become even more disturbingly powerful and sneaky. Some spyware stories that have made headlines include the discovery of a spyware program that could control iPhones and record calls made on them in 2016, and InvisiMole, a spyware campaign that’s been in effect since 2013 but hasn’t been discovered until recently. InvisiMole records audio and video of wherever the infected computer is located, whether it be in an office or outside at a park.

Types of Spyware

Spyware attacks can take many forms, depending on the type of information the cyber thief seeks to obtain from victims’ computers. One of the well-known types is adware, which displays unwanted advertisements, including bothersome pop-up messages, while also monitoring and transmitting the user’s computer activity such as sites visited or searches conducted to glean findings on the user’s shopping interests for marketing purposes. Another popular type of spyware is the Trojan horse, which is a deceptive program that typically utilizes social engineering in its attacks. Trojan horse spyware programs may come in attachments of email messages that are disguised to appear to be from familiar sources in a phishing scam. They could also be included with legitimate programs, or they may come as part of drive-by downloads, in which they are automatically downloaded without the user’s awareness or consent when the user clicks on a malicious link on a website or social media post. Once a Trojan horse has invaded a device, it then works by harvesting personal information like addresses and dates of birth. Another notorious type of spyware is a keylogger, also known as a system monitor. Keyloggers capture keystrokes entered through keyboards, which allows them to obtain data like usernames, passwords, and credit card information. They can also grab screenshots at set time intervals and observe web browsing searches and history and email messages.Signs of possible spyware on a computer include slower speed, as these sneaky applications can consume much of a device’s resources, as well as weak Internet connections, applications that freeze, and computer crashes.

How Spyware Invades Devices

Spyware creeps its way into devices in several ways, but these are some of the more common methods:

Program Bundles

One way that spyware programs sneak in is when they come packaged with any free applications, also called freeware, or with legitimate programs downloaded from websites. In some cases, the spyware components, such as add-ons or plugins, are deliberately hidden. In other cases, they come as visible components during installation that appear to be necessary, so users typically opt to include them during setup. The spyware may also be referenced in those lengthy license agreements that many users only skim through if they look at them at all; however, any references to these additional programs are not typically referred to as “spyware.”

Pop-Ups

If you’ve ever been on your smartphone or computer and received a message that unexpectedly pops up on your screen, then chances are that it was a message that, if responded to, would download some kind of spyware onto your device. Pop-up boxes with messages like “Congratulations! You’ve won a free voucher!” or “Warning! Your firewall is not set up!” are usually signs of lurking spyware waiting to be downloaded onto your computer to start scanning and recording your activity. These misleading messages rely on gullible users to respond to seemingly enticing offers or urgent warnings to get them to fall into a spyware trap.

Mobile Device Apps

Mobile device spyware is becoming one of the preferred avenues of attack for hackers, especially since it’s difficult for users to see the background activity going on in their mobile devices. Spyware usually invades mobile devices through installed apps that contain malicious code. This malicious code, or malcode, usually comes hidden inside legitimate applications, or it may be part of a rogue app disguised as a reputable one with a fake name.

Email, Websites, and Ads

One popular manner in which spyware lands onto devices is through attachments and links in phishing email campaigns, in which users are tricked into clicking on a link to go to a site to update their account information or download a mandatory update for an application they currently have on their devices. Fraudulent websites and online ads offering what seem to be valuable services such as antivirus protection or a high-performance web browser extension can also be gateways to invasive spyware that infiltrates computers.

Other Types of Malware

Just as spyware can come bundled with benign programs, it can also be included with malicious programs. Many malware applications with the main objective of taking control of a computer to delete its files or block access to certain features may launch secondary attacks like spyware installation to keep tabs on what the user is doing to stay ahead of them and keep them from regaining control of their computers.

How to Avoid Spyware Attacks

Immediately Exit

Never click on any “Yes,” “OK,” or “I Agree” buttons in pop-up windows. By clicking on such buttons, you are consenting to a download that is likely spyware. Always click on the ‘X’ in the top right window. If you don’t see an ‘X’ or exit button, look for a link or button written in the negative that says something like ‘No Thanks’ or ‘I do not agree,’ which is oftentimes displayed in small print that is hard to spot.

Read License Agreements

Resist the urge to just scroll through the lengthy user agreements or terms and conditions sections of an application and just click Agree to download it. Though usually time-consuming to read, these agreements should not be overlooked because they may contain details about “information-gathering functions” that the program may perform, which is, in many instances, code for “spyware.”

Access Emails/Downloads from Trusted Sources Only

Although this tip should go without saying, it bears constant repeating because it’s very easy today for even the most vigilant Internet users to click on links or download programs that look safe or familiar, only to find that they are dangerous applications. Before clicking or downloading something, look for anything out of the ordinary that could be signs of fakery, or do some quick research on a new site or link to see if it has been flagged by other users. Hovering over a link to see where the URL will take you before clicking is another way to see if the link actually is what it presents itself to be.

Anti-Spyware

In addition to anti-virus applications, there are also anti-spyware services that can keep your devices safe from cyberattacks. Be sure to keep them updated so that they can provide the fullest range of protection. Also available on the market are anti-keylogger software programs that can detect keystroke logging software.

Guarding Your Computer From Online Threats

Keeping Internet-connected devices and digital information safe can seem like a time-consuming, never-ending job. But maintaining this responsibility can get easier and more efficient with the right knowledge and guidance on resources to fend off cyber threats. Get this knowledge and guidance by taking courses with Cybrary!

• Analyze and Classify Malware
• Malware Fundamentals
• Software Development Security