There I sat with my 94-year-old grandmother in front of her computer, trying to explain to her about computer viruses. Her computer was full of them, and I was trying to explain they were malicious attempts to do damage or cause chaos over the internet.
“But why would someone do something like that?” she asked.
I thought for a second and found a way to explain it to her in a way she could relate. I said it’s like people who vandalize a playground. Why do they do it?
Because they’re bored.
- Because they’re just plain mean and want to destroy something good.
- Because they enjoy the rush of doing something bad and not getting caught.
- Because they want to prove they can do it and show off.
I told her you could take those exact same reasons and apply them to computer viruses and hackers, because in essence, it’s the same thing. I also said that some of the same ways we try to keep vandals out of parks are the same things we can use to stop hackers.
You can put up a fence around the property, which is like a firewall. But sometimes you accidentally block the people who you want to enter. And despite your security measures, sometimes you accidentally invite in the vandals, thinking that they’re the good guys, because they will lie, cheat, and beg their way through.
I gave her an example: You know all those e-mails your friends and relatives send you with the pretty flowers, the Bible verses, or the funny jokes? Your computer may have warned you that they may contain dangerous files, but you open them anyway.
“But I like those e-mails,” she said with a hint of annoyance. “I’m not going to stop reading them.”
At this point, I knew it would be rude to argue with her. She understood the risk of computer viruses and was willing to take the chance. I also knew that she had no personal information on her computer and never did any shopping online, so the likelihood of her identity being stolen was close to nothing.
Viruses aren’t just fooling little old ladies
I’m relaying this story because this is how people become victims of social engineering, or psychologically manipulating people into performing actions or divulging confidential information. I’m also relaying it because Practical Software Solutions was a victim of a computer virus through an e-mail, and we want to make everyone aware that you don’t have to be a 94-year-old grandmother with limited computer knowledge to become a victim.
Last Friday, Jeremy Wagner, our network administrator, sent out this message to all employees:
One of our employees got a virus that has been making rounds for over a year now. It’s a CryptoLocker virus that takes your files and encrypts them until you pay a ransom. There was no threat of it spreading to other computers but this virus is typically received through email so I wanted to send a warning out to everyone in case you get any suspicious emails. Our spam/virus filter should catch it but just be cautious of any attachments received from any emails. More information regarding how you’re likely to get this virus can be found here.
Let’s be honest: We’re all pretty computer-literate here at Practical. We run the gamut from top-notch computer programmers to people who have spent their entire lives/working careers using computers. (And, if I may brag a bit, we’re all pretty smart here, too.) We have top-of-the-line protection for our servers, and we all know what not to open in e-mails or click on a website. And we know how viruses work and how they can get past a firewall.
But again, it’s the difference between the bad guys who try to force their way past security and the confidence man who can easily gain access just by putting on a great act.
We’ve all had days at work where we’re distracted and don’t pay attention to the best of our abilities. The dog was sick overnight and you didn’t get enough sleep. Or that big vacation is a day away, and you’re excited and rushing to get everything done. Or you’re worrying about money because of some unexpected car repairs. I don’t care if you’re the CEO or the custodian — you’re human and we all have bad days.
But that’s also how an extremely sharp and computer-literate person can be fooled by a hacker. According to the article linked above from Bleeping Computer, the virus most likely was cunningly disguised as a PDF attachment from a seemingly reputable sources. All it takes is one distracted moment to forget that UPS wouldn’t send you a PDF if something you ordered online was going to be delayed, and the trap has been sprung in the time it takes to double-click an icon.
And for the hacker who enjoys “the thrill of the hunt,” they don’t find sport in duping my 94-year-old grandmother. Even though this particular virus was an extortion, many hackers aren’t looking for financial gain. They’re looking for a challenge in their chaos, and getting a computer-savvy businessperson to fall for the scam is quite a coup.
So we ask everyone to stay vigilant when it comes to your online protection. There’s no use in spending thousands of dollars on a security system, only to hold the gate open for the bad guys and invite them in for a drink.