A very common infiltration method is to dress up as a good guy, get you to invite them in, and then release heretofore concealed bad guys. I know, you are probably thinking, “Heeeeyyy. I’ve heard this story somewhere before.” Your memory serves you well. The Greeks built a horse with Special Forces inside and then brought it to Troy as a “gift”. Once there, Special Forces popped out of “the Trojan horse” to do their damage. Thus the reason this eponymous malware category has such sweeping access to your computer. You welcomed it into your computer and said, “Hey, make yourself at home and feel free to do whatever you want with my authority and rights. I trust you.” How is that even possible, you may ask?
This method is done by sending emails that have attachments. The perpetrators write text in the body of an email that tries to look like something legitimate in an effort to fool you into thinking the attachment is valid. The emails will say they are from a bank, USPS, FedEx, IRS, wedding invitations, BBB complaints against your business, Paypal, voice messages, eFaxes, or any number of other places. If they can trick you into opening that attachment, then they have you. You just have to be smart enough to know that the email is a fraud and delete it.
Be wary of emails from organizations from whom you normally don’t interact. If there are web links in an email, hover your mouse over the link and a box will pop up to tell you where the link actually goes. One can make the link say whatever they want. They’ll make it look official. You want to see if the link goes where it’s telling you it will go. See the example below.
In the above example, the link says it’ll take you to a nice website. But when I hover my mouse over the link without actually clicking on it, then a box says where the link is actually going to send you. And as you can see, nothing good will come from this.
By all means, do NOT open the attachments in suspicious emails. To quote Egon Spengler, “It would be bad.”
A common question that I field from clients is, "Well isn't my antivirus software supposed to protect me from getting these infections even if I click on the attachment?" The short answer is, "not really".
I read an article recently on slashdot.org that linked to this article where Symantec admits its software lets through around 55% of attacks. In my experience, this does not appear to be exclusive to Symantec. Competitors to Symantec are experiencing similar trends as the threats have shifted from being viruses to now being Trojans. The big security companies are now turning their attention to data protection rather than anti-virus protection. At least with quality backups in place, once your computer is cleaned, you can retrieve your data.