We are constantly asked by clients how their computers become corrupted by malware. While we have sent many newsletters explaining this on the technical side, it is time to approach the subject on a universal level.
Simply stated, it is human behavior that allows cybercrime to flourish. Take this tongue-in-cheek. Laugh a little at what may resonate with you personally, and know that we are all human. – Jinx Davis
The motivation behind those that harm us with cybercrime is simple: money, power, disruption, and manipulation. These motivations are as old as civilization itself and the only difference is they are now being used on computers and smartphones.
If we could all step back from the stress caused by cybercrime and the darker sides of technology, we could see it as the grand Shakespearean drama that it is. To understand how our computers can become infected, hacked or encrypted, we simply need to look at our shared human flaws.
Start with the Seven Deadly Sins originated with the desert fathers, especially Evagrius Ponticus, the Christian monk (345-399 AD) who identified evil thoughts that one needed to overcome. These ‘sins’ are gluttony, lust, greed, pride, vanity, despair, and sloth.
These human tragic flaws interact with each other and are used to exploit us by the master manipulators of marketing, commercialism, finances, politics and cyber crime. Typically, these human flaws are unconscious to us.
We love excess. We consume far more food, goods, natural resources, funds, and even charity than we need. Marketers know this and cyber criminals follow their lead by infiltrating ads with ransomware and malware, knowing that our impulse for more will motivate us to click on the ad.
This is known as malvertising. Hackers load poisoned ads onto publishing networks employed by websites that attract individuals who want more of everything, including reinforcement of their political, religious and ideological beliefs. (Recently the security firm KnowBe4 has warned of a new breed of ransomware disguised as online advertisements on Adspirit.de, a publishing network employed by websites such as Drudgereport.com and wunderground.com.)
People can be obsessed with personal pleasure and gratification. Historically, adult sites were the first to spread malware. Ironically, adult sites have been replaced by ideological and religious sites as the most likely infected with malware. Lust is lust, whether it is for physical pleasures or the reinforcement of personal ideas.
Greed is the tendency to selfish craving, grasping and hoarding through any way possible, and with no regard to others. Greed creates an insatiable desire for money, power, food, attention, knowledge … just about anything. Greed feeds itself on a basic fear of life. Marketers and manipulators exploit your fears and the more you fear, the more likely you will become their victim.
Click on an ad or website that promises to help you lose weight, stop hair loss, avoid wrinkles, promises you redemption, or promotes your inclusion within a celebrity world and chances are you will pick up malware. If you are vain, or if you are depressed and despondent, cyber criminals know that you will think emotionally and impulsively.
If it is FREE – forget it. This is another reason why churches and small business sites are easy targets. The entrepreneurs who run adult websites are old hands at Web security, and they’ve long since learned to use protection. Those who build and host church websites may have the best intentions, but they tend to be naive and inexperienced. For hackers, that makes them easy prey.
Wrath is the uncontrolled hatred for someone or something, and the unquenchable desire to exact revenge on said object/person. Extreme political, conspiracy, religious, racist sites and ‘fake news’ sites can be ripe with malware and ransomware. (If you are interested in who creates ‘fake news’ and how much money can be made by its creators, read NPR article We Tracked Down a Fake News Creator in the Suburbs: Here is What We Learned) We are sure you will roll your eyes over this one.)
If you willfully remain lazy about learning new things, refuse to change old habits or believe that everything should be done for you – or worse, that everything should be simple and easy – then you are a prime target for cybercrime. Targeted people can be the elderly or those too naïve or too lazy to think about the links and zip file attachments in emails; the phone scams pretending to be Microsoft or Google; or the pop-ups that announce fake infections in your operating system your computer.
In short, beware of any internet activity that plays on your emotions, vanity, fears or ideologies. The only way to overcome these unconscious influences is to better understand the process of decision-making by becoming aware of the environmental cues that can trigger these learned behaviors. Psychologists and behavior scientists call this ‘unconscious branding’.
Cybercrime is effective and lucrative since most humans make their decisions unconsciously.
“Humans operate from two separate and often contentious cognitive systems and the mind that drives most of our behavior is ironically the one unbeknownst to ourselves.” – Doug Van Praet, Unconscious Branding, How Neuroscience Can Empower (and Inspire) Marketing
Because we don’t like change, we tend to gravitate to the familiar. We rely on predictable patterns so, even though we may be interested in what is different, we shy away from critical thinking. We will open emails and click on links simply because someone sent them to us.
We do what we do because of how we feel. We give things value through our emotions. And because of the way our brains are wired, emotions influence our thinking more than our thinking influences our emotions. So if a Facebook post, an ad or a viral email creates an emotional response, we engage without thinking of the consequences.
It is the conscious mind that gives us the exclusive ability to rationally reject an idea that doesn’t make sense based on our experience and emotions. Often, in order to act, we need logical permission from our mind.
To do this it helps to change the associations. An email is not just an email. It may be an important note from a business colleague or a greeting from a friend – or it may be a scam pretending to be from the FBI, UPS, FedEx or your bank. Until we change our habits and look closely at the email addresses, spellings, content and domain names within an email, we are responding unconsciously. Change your habits when you receive an email and you will automatically change the associations. Eventually, repetition will strengthen the minds neural associations so that they become fixed and automatic, and you will protect yourself from the mischief and mischance in emails and online scams.
Technical advice from every expert and security site is basically the same. This list can be found most everywhere:
1. Install Anti-Virus/Malware Software. We recommend Vipre or Cylance.
2. Keep Your Anti-Virus Software Up to Date
3. Run Regularly Scheduled Scans with Your Anti-Virus Software. The Millennium Group places an MG file on our client’s desktop that includes several software programs designed to keep computers clean. The clients who regularly run these programs seldom have problems.
4. Secure Your Network. Many of our computers connect to our files, printers, or the Internet via a Wi-Fi connection. Make sure it requires a password to access it and that the password is strong. Never broadcast an open Wi-Fi connection.
5. Think Before You Click. Ignore any strange company that calls you on the phone and alleges you have computer problems. (How would they know?) Avoid websites that provide pirated material. Do not open an email attachment from somebody or a company that you do not know – or whose email address does not match the company they are allegedly representing. Do not click on a link in an unsolicited email. Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it. (A good anti-virus software will do that automatically).
6. Don’t Use Open Wi-Fi. When you are in a public space like a coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi. Think about it. If you can access it with no issues, what can someone else do?
7. Back Up Your Files. The best thing you can do is back up your files—all of them. Ideally, you will have your files (your data) in at least three places: the place where you work on them, on a separate storage device, and off-site.
8. Use Multiple Strong Passwords. Never use the same password, especially on your bank account. Use a strong password. Use lower case, upper case, numbers, and symbols in your password. Keep it easy to remember but difficult to guess.
Please know that the Managed IT Services we provide for businesses nationwide protect and maintain their networks and increase workplace productivity. Our next newsletter to you will announce our Managed IT programs for individuals who value their data and equipment, as well. Thank you- Jinx Davis