Malware is software that is designed to gain access to or damage your computer.
It can gather information on you and, in some cases, can activate your device’s microphone and camera to record your activities. In most cases, people unknowingly install malware on their devices by opening infected documents and/or clicking on links.
How do you know if your computer has been infected with malware?
It can be very difficult to know if your device has been infected with malware. Below are some signs that may indicate that your device has been compromised, however it is no guarantee. Very sophisticated malware or spyware may give no signs that your device has been infected.
- Your device may run slower than usual
- Pop-up ads will appear on your device
- Your computer/phone may not function as it should
Best practice: malware
- Think carefully before you click on any links or download documents sent in emails, SMS or social media messages.
- Avoid using websites with content such as pirated films or pornography. These sites are known to infect computers with malware. Do not use fake software for the same reason.
- Think about installing antivirus software on your devices. This will help to identify certain types of malware – but remember to keep it up-to-date.
- If you think your computer is infected, do not synchronise it with your phone and other devices.
Phishing and spear phishing
Phishing and spear phishing are a big problem for journalists. Attacks are often hard to detect and the consequences can be serious for you and your sources.
What is phishing?
A phishing attack is a message that attempts to trick you into clicking on a link, downloading a document or installing software. The message can come in a variety of forms, including emails, SMS or social media messages. Criminals will use phishing attacks to target a wide range of people. They are looking to trick people into handing over passwords and/or to download malware onto their computers.
What is spear phishing?
Spear phishing is a phishing attack that directly targets you. The adversary may tailor a message so that it looks as if it is from someone you know, in the hope that you will click on a link and/or open a document. The intention of the attack is usually to collect information on you, your stories and your sources. The adversary could also use malware to listen to calls and read emails.
How can you protect yourself against phishing and spear phishing?
- Spear phishing attacks are more common during elections and times of political unrest. Do a threat analysis of your adversaries and investigate if they use spear phishing attacks.
- Be sceptical of messages that threaten to lock down your account or ask you to change your passwords.
- Look carefully at the email address of the sender. Is it legitimate? Verify the email with the sender if you are unsure.
- If there are links in the email, do not click on them. Hover your mouse over them and check if the URL looks legitimate.
- Use two-factor authentication to protect your accounts. See our email guide for more information.
- Keep the software on your devices updated. This will help protect your computer/phone against vulnerabilities that hackers can exploit.
- Do not download suspicious documents onto your devices, instead upload them directly to Google Drive or use the ‘preview’ option in your email account.
- Avoid downloading documents onto your phone.
- Upload documents or submit suspicious links to Virus Total. This website will scan them for viruses – although it will only detect common known viruses not unknown new ones
The Intercept has put together this easy-to-understand guide to phishing and spear phishing.
The Electronic Frontier Foundation has a guide to protecting yourself against phishing.