Protect your device from malware and phishing attacks
Updated17 June 2021
Table of Contents...Loading Table of Contents...
Keeping your device healthy is a critical first step down the path toward better security. Before worrying too much about data encryption, private communication, and anonymous browsing, you should protect your device from malicious software (often called malware). Malware reduces the effectiveness of any other actions you take to protect your security.
All devices are targets of malware: it is no longer true that Windows devices are the only ones at risk. You should also take the following steps if your device has a Mac, Linux, Android, or iOS operating system.
Update all software; apply patches
New vulnerabilities in the code that runs your devices and apps are found every day. The developers who write that code cannot predict where they will be found, because the code is so complex. Malicious attackers may exploit these vulnerabilities to get into your devices.
_But software developers do regularly release code--"patches" or "updates"--that fixes those vulnerabilities. That is why it is very important to install updates and use the latest version of the operating system for each device you use. We recommend setting your device to automatically update so you have one less task to remember to do. _
This is the single most important thing you can do to protect your device from malware.
- Follow the instructions for "Use the latest version of your device's operating system (OS)" for your operating system (Android, iOS, Linux, Mac, or Windows) to get the best protection.
- Follow the instructions on the follwing pages to manually and automatically update apps:
- In "Show Applications," look for "Software Updater" and run it.
Be aware of being pressured to act quickly, and other appeals to your emotions
Security experts consider people's minds and habits the most vulnerable part of digital security. When we are asked to take quick action, when we are curious, or when we feel threatened, we usually comply. The stresses of human rights work can make us especially vulnerable to these kind of attacks. Many of us are convinced we could never be tricked, but even CEOs of large corporations have been fooled in these ways, losing millions of dollars and damaging their companies' reputations.
- Get in the habit of noticing when something on your device--an email, message, or alert--makes you frightened, distressed, worried, passionate, curious, or like you will miss out on an opportunity.
- Pause when a message or alert wants you to take immediate action.
- Be aware that many "win something for free" messages or advertisements are used to trick people into installing malware.
- When you notice these feelings, look closer at what you are being asked to do.
- Go through the following instructions about links, file extensions, and pop-up windows.
- Do not click to proceed unless you are absolutely certain that you know what is about to happen when you do.
Pause before you click; be cautious when you receive a link
Why? The majority of devices infected by malware and spyware were infected by a visit to a web page.
This is one of the most important pieces of advice for your safety.
Look closely at the address in a link before you visit it. This is especially important if someone sent the link via email, SMS text, or a chat message.
- On your computer, hover your mouse pointer over a link in an email or on a webpage to see the full website address.
- On mobile, it is harder to see the links, so it may be better not to click them.
Here is how to read a web address:
- after "https://" , travel right to the next "/".
- Then travel left to the previous "." and the word right before it.
- Your browser will usually highlight this part for you.
- Does it look like the site you expected to go to? If not, someone may be trying to trick you.
DO NOT click on a strange link to figure out what it is. Instead, copy the web address and paste it into one of the following page scanners to see if it is safe: https://www.virustotal.com https://www.onlinelinkscan.com https://www.phishtank.com
If the link looks strange, but you already clicked it:
- take a screenshot and send it to someone who can help you with your digital security.
- Then be sure to run your device's anti-malware software.
Use caution when opening attachments
Many devices infected by malware and spyware were infected by a file someone inadvertently downloaded to their device that ran unwanted, malicious code.
This is one of the most important pieces of advice for your safety.
- Be alert for unexpected files that are attached to email, chat, voice, or other messages.
- Make sure the sender is who you think they are. Try to contact them in another way (for example face to face, or by phone if they sent you email) to confirm they sent the attachment.
- If you absolutely must open a suspicious PDF, use the app Dangerzone to strip out dangerous elements.
Make file extensions on your computer visible to avoid being tricked by malware
People who want to install malicious code on your devices will sometimes make it look like an app is actually a harmless document. One way they do this is by changing the app extension: the information about what type of file it is, that shows up after a dot at the end of a file name, usually about 2-4 characters long. They may change an extension for code they can run ("executable code") to an extension you are used to (like .doc, .txt, or .pdf for document files) to trick you. Often they will send these files as attachments to email, or via a chat app.
- To stay safe, make your file extensions visible on your computer.
- Before you open a file, look at the extension at the end of the file--the letters after the dot. There might be two extensions, like .exe.jpg ; this is suspicious.
- Ask: is this the kind of file I thought it would be? Does it look unusual? Consult these lists of filename extensions to see what a file might do when you open it https://en.wikipedia.org/wiki/List_of_file_formats https://en.wikipedia.org/wiki/List_of_filename_extensions
- Know some common malicious extensions https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/
- Ubuntu shows file extensions by default.
- Make extensions visible on your device https://support.apple.com/guide/mac-help/mchlp2304/mac
- Make extensions visible on your device https://support.microsoft.com/en-us/windows/common-file-name-extensions-in-windows-da4a4430-8e76-89c5-59f7-1cdbbc75cb01
Avoid suspicious pop-up windows
It might seem like hacking your computer requires secrecy and powerful coding skills. In fact, tricking you into doing something for them is one of a hacker's most powerful tools. A button or link that asks you to do somethingmay be waiting to install malware on your device.
- Watch for "pop-up" windows that appear unexpectedly.
- Pause. Don't touch anything.
- Read the window carefully. What is it asking you to do?
- If this is not something you asked your device to do, close the window (using a button at the window's top) instead of clicking "yes" or "ok."
- Know the names of apps you have installed. Don’t approve updates by apps you didn’t know you had installed.
- If you are unsure whether it is actually your app or device asking to install software, check your app store or the website of the software to see if the update is official.
Use antivirus or anti-malware
The most important thing you can do to protect your devices' security is to update the operating system and apps you have. However, it is also useful to run the right antivirus or anti-malware software to stop malicious code that may have invaded your device.
- Know how to check if your antivirus or anti-malware app is working and updating itself.
- Perform periodic manual scans.
- Choose and run only one anti-malware app; if you run more than one on a device, they may interfere with each other.
- ClamAV will manually scan your device for malware, but be aware it is only a scanner, and will not monitor your system to protect you from infection. You can use it to determine whether or not a file or directory contains known malware — and it can be run from a USB memory stick in case you do not have permission to install software on the suspect computer.
- Turn on Windows's own anti-malware protection https://securityplanner.consumerreports.org/tool/turn-on-windows-defender-antivirus
Pick one anti-malware tool to use
Using two anti-virus or anti-malware tools might seem like it would be safer, but these tools will often identify each other as suspicious and stop each other from working properly (like two medications that interact with each other). Pick just one that works for you.
Set your anti-malware tool to update automatically
New malware is written and distributed every day. Anti-malware tools release updates to fight it. Your computer will quickly become vulnerable, and the tool will be of no help, if you do not set your anti-malware software to update automatically. Some tools that come pre-installed on new computers must be registered (and paid for) at some point or they will stop receiving updates.
- Make sure that your anti-malware program allows you to receive automatic updates; if it does not, seek another tool.
- Set the anti-malware tool to check for updates on a regular daily schedule.
Scan your device for malware regularly
Like other fancy gadgets, malware-fighting tools don't work if you don't use them!
- If your anti-malware tool has an "always on" mode, enable it. Different tools have different names for this mode, like Realtime Protection or Resident Protection.
- Scan when you have recently:
- connected to an insecure or untrusted network
- shared USB memory sticks with others
- received strange attachments by email
- seen someone else in your house, office, or community having strange issues with their device
- Consider occasionally scanning all of the files on your computer. You do not want to do this often (and you might want to do it overnight), but explicit scans can help identify problems with your anti-malware tool's "always on" feature or its update mechanism.
Use good hygiene with devices you plug in
Malware can spread from device to device through smaller devices you plug into them--particularly SD cards, USB drives and "flash" memory sticks, CDs, and DVDs. Malware has also been found on public charging stations
If your device uses a USB cable to charge, never plug the USB part directly into a public USB charging slot. Make sure you use the adapter that lets you plug into a power outlet.
DO: Use an adapter that fits into a power socket like this
Image By Amin - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=67330781
- Or use a data blocker device (like the ones sold by PortaPow) to prevent the public USB slot from infecting your device.
It is better to start with a brand new stick, card, or disc when you have the option.
DO NOT: Use the cable that plugs into a USB socket like this
Image by By Electro-world-standard - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=102255920
- Never use a stick, card, or disc you find lying around; there have been instances of people putting malicious code on other people's devices by leaving an infected USB stick in public.
- If you are concerned about what might be on a colleague's drive that you need to plug into your machine, consider using a CirClean stick to check it for malware first.
Use good hygiene with sensitive information
Some information about you could do more damage than others, if it fell into the wrong hands. Many people are not aware that email is not a safe way to send this information, as it is frequently stored on multiple computers and servers, making it hard to eliminate all copies.
- Only store or send the following information using encrypted methods.
- Check very carefully to make sure you know who you are giving this information to.
- Be aware that many scams involve someone contacting you electronically or by phone unexpectedly, pretending to be a company or government official who needs this information.
- Be especially careful about pop-up windows or strange links that ask for this information.
- Sensitive information:
- Your date of birth or other personally identifying information
- Financial information, including bank account or credit card numbers
- Identification, including government ID numbers, passports, and cards that get you into an office
- Your fingerprints or iris scans
Secure other "smart devices"
Some malware is designed to infect other devices to which its victims are connected. Many of these internet-connected devices are not as well-secured as our computers and phones. They might include "smart TVs," devices you control with an app on your phone, "smart appliances" like lighting or heating systems, or even children's toys. Attackers might use these devices to get into more important devices around you, or attack other devices as part of a zombie "botnet." Smart TVs, in particular, may listen for sound around them and record what people are saying, using a technology called "automatic content recognition" (ACR). They share what they hear with advertisers and other third parties. You can turn ACR off using the instructions below.
- Consider whether the risk of having additional devices around you which are connected to the internet outweighs the benefits of what they can do for you.
- Consider disconnecting your TV from the internet entirely, or from electricity when you are not using it.
- Turn off smart speakers like Alexa, Cortana, and Siri. Follow the instructions in the "disable voice controls" section of the basic security guide for your device: Android, iOS, Linux, Mac, or Windows.
Other TVs, including Android, Amazon Fire, LG, Roku, Samsung, and Sony
- Turn off ACR using instructions here https://securityplanner.consumerreports.org/tool/secure-your-smart-tv and here https://www.consumerreports.org/privacy/how-to-turn-off-smart-tv-snooping-features/
Disconnect your computer from the Internet when you are not using it
Shut your computer down overnight
Malware frequently takes advantage of times when you are not using your devices to search or send data, so you are less likely to notice that something is wrong. Turning off your devices and connections can help protect against this.
Disable in all browsers: Flash and Java
Why? Flash and Java are older software packages that make it easy for someone to run malicious code on your device without your permission.
Disable in your browsers (Firefox, Chrome, Internet Explorer, Safari):
- Java https://www.java.com/download/help/disable_browser.html
- Flash https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/
Disable in email
- Mac mail:
- Follow these instructions; look for Java or Flash add-ins and turn them off or set them to "ask to run"
- Follow these instructions; look for Java or Flash add-ins and turn them off or set them to "ask to run" https://support.microsoft.com/en-us/office/turn-an-add-in-off-for-outlook-for-windows-96737da4-ab7c-464e-9d2a-cf15db47c4cf
- Follow these instructions; look for Java or Flash add-ins and turn them off or set them to "ask to run" https://support.mozilla.org/kb/thunderbird-add-ons-frequently-asked-questions#w_how-do-i-disable-or-uninstall-an-add-on
If you suspect your device has been infected
Disconnect your device from networks
Doing so will help prevent malware from sending data, receiving commands or infecting other devices.
- Turn off WiFi, mobile data, Bluetooth or other wireless ways of communicating to other devices.
- Unplug any wires (like ethernet cables) the device is using to communicate to other devices.
Avoid connecting things like drives to the infected device
Like sick people, infected devices can spread infections to other devices.
- Do not plug in drives, USB sticks, memory cards, or other removable devices unless you are prepared to discard them, or know how to disinfect them safely.
- Similarly, avoid using things that were previously connected to that device.
Run your anti-malware software
You can sometimes clear a malware infection just by running your anti-malware software. However, be aware some malware is designed to survive a full re-installation of the operating system. Most infections fall somewhere in the middle, resisting cleaning but not being impossible to root out.
Use a rescue drive
If the malware infection keeps coming back or is resisting your efforts to clean it off your device, starting your device from a rescue drive (rescue disk) can help remove infected files deep in your operating system.
- If the infected device is a computer, restart it from an anti-malware rescue drive (such as Windows Defender Offline or the AVG RescueCD)
- Discard the USB memory stick you used to create the rescue drive.
Back up files
You will need to erase as much as possible of your device to eradicate all traces of the malware. So first, make sure you have copied your important files to a new, clean drive to keep them from being erased.
- Back up your important documents to a clean, unused drive, preferably one you can plug in to your device.
- Do not back up any apps or software.
Do a factory reset or re-install the operating system
Many devices now offer the ability to completely reset their operating system. Doing so can eliminate some malware, but you want to be sure you have saved important files first. Be aware you may need to re-set some of your settings after doing this.
- Back up your important files first.
- Follow these instructions to factory reset:
- Android devices differ, but try following the steps listed here: https://support.google.com/android/answer/6088915
Buy a new device
Unfortunately, sometimes malware is impossible to get out of an old device. Whether or not your old device continues to show signs of malware after you have gone through these steps, the most secure solution may be to get a new device which can be updated to the latest software.
Secure your router
Your router is the gateway between your wifi and devices, and the rest of the internet. Its firewall adds another layer of protection.
Not everyone can access the settings for their router; many of us get our routers from our internet providers, and sometimes they make it impossible for us to change the settings. However, you can always try to see if you can get access to your router, change some settings, and make your connection more secure.
You will need the login information for your router. If you no longer have the manual that has this information, look for
- a sticker on the router case that may have this information,
- search for the manufacturer of your router here: https://www.routerpasswords.com/ ,
Make sure you are connected to your own wifi network.
Try going to the following addresses in your internet browser; one of them should give you a way to log in to your router's control panel:
- If none of those give you a login page, search for "default IP address router" and the manufacturer and model number of your router.
Take a screenshot of what you see once you have logged in, before you change anything. That way if something goes wrong, you can always change the settings back.
Use your password manager to generate and save a strong password for your router.
Rename your network:
- Do not use the default name (which can tell attackers how your router is vulnerable)
- Do not give it a name that identifies you, your organization, or your family.
- You may have the option to make your wifi network invisible, so devices have to know its name to connect. Make sure your devices can connect this way.
Look for information on the control panel page about updates to your router's software (known as firmware). Search online for the latest version of the software, and update it if possible.
Under "security protocol," select WPA3, WPA2-AES, or WPA2 if possible (in that order of preference). If your router does not make at least WPA2 available, it may be best to buy a new one, as other protocols leave your router vulnerable to attack.
Make sure that your router or WiFi access point has a firewall enabled. Most of them do, but it is worth checking.
You should also change the administrator password used to modify the router's settings to something strong and unique.
Advanced: Use QubesOS
Qubes is an alternative to Windows, Mac, and Linux that gives very strong protection against malware by dividing your device into secure sections that cannot access each other.
- Learn more about how to install and use QubesOS here: https://www.qubes-os.org/
Advanced: Use a liveUSB drive to make a backup of your files
Starting your infected computer from a liveUSB drive (with Ubuntu or Tails installed) will help prevent the infection from spreading to your backup disk and beyond.
- Ensure your infected device is not connected to the network using WiFi, Ethernet, or other connections.
- Get a brand new, clean USB memory stick.
- On a separate, not-infected device, using the USB memory stick, create a liveUSB drive of Ubuntu or Tails.
- Shut down the infected device.
- Plug the liveUSB into the infected device.
- Restart the infected device; it should start off the liveUSB.
- Move your files from the infected device to a new clean drive.
- Safely shut down the infected device.
- Discard the liveUSB drive; DO NOT connect it to any device again or it may spread infection.
Consider free and open-source software
Proprietary software often requires proof that it was purchased legally before it will allow you to install updates. If you are using an unlicensed (also known as "pirated") copy of Microsoft Windows, for example, it may be unable to update itself, which would leave you and your information extremely vulnerable. Some unlicensed software even comes with malware already installed. By not having a valid license, you put yourself and others at risk.
Relying on unlicensed software can present non-technical risks, as well. The authorities in some countries use unlicensed software as a pretence to confiscate devices and close down offices that belong to organisations with which they have political differences.
You do not have to purchase expensive software to protect yourself from threats like these. Free and open-source software (FOSS) is software that can be obtained and updated free of charge. FOSS tools are generally considered more secure than proprietary ones, all else being equal, because their source code is publicly available and can be examined by outside experts who can identify problems and contribute solutions. This transparent approach to development also makes it more difficult for someone to hide a back door that lets them access important parts of your device they shouldn't.
Freeware is software that is distributed free of charge but does not necessarily make its source code visible to the public. While outside experts cannot see whether its code contains back doors, it may still be safer than proprietary software that is unlicensed or "expired."
Consider trying FOSS alternatives to the proprietary software you rely on. If you do not find something that works for you, consider freeware alternatives to any unlicensed software you might be using.
FOSS applications may be similar to and compatible with, the proprietary software they replace. Even if your colleagues continue to use proprietary software, you may still be able to exchange files and share information with them. As a place to start, consider replacing Microsoft Office with LibreOffice.
There are FOSS alternatives to the Windows and MacOS X operating systems as well. Ubuntu Linux is one of the most popular and easy to use. To try it out, download a liveUSB version of Ubuntu, copy it onto a USB memory stick, put it in your computer and restart. When it's done loading, your computer will be running Linux, and you can decide what you think. It will not make any permanent changes to your operating system or other software. When you're finished, just shut down your computer and remove the Ubuntu liveUSB to return to your normal operating system and apps.
Ubuntu is also a good option for computers that are too old to run updated versions of Microsoft Windows or MacOS X.