Atlanta

One click on the wrong thing can open your life to crooks. This is how to protect yourself

ATLANTA — From phishing, spear phishing, job scams, to romance scams, hackers attempt trillions of cyberattacks every day.

While most of us are aware of the havoc clicking on a malicious link can cause, we wanted to know how it works!

Channel 2 consumer adviser Clark Howard sat down with a cyber expert to show us just how easy it is for hackers to create and spread malware.

It’s not one person sitting in a dark room trying to attack you. It’s millions of people sending billions of attacks trying to get in your life.

Retailers, governments, hospital systems, banks -- our personal information is up for grabs.

“We’re talking billions, trillions of scans of attempts on a daily basis,” cyber threat researcher Willis McDonald said. “The last couple of years, it’s multiple billions of dollars that we’ve lost, and that’s just the US.”

[HAVE A STORY FOR 2 INVESTIGATES? Submit a tip here]

McDonald has been fighting the hackers for over a decade.

“I research malware authors, criminal marketplaces and who is using them, what they’re selling and how they operate,” McDonald said.

Those criminal marketplaces are big business.

“They have employees they have benefits, they have health insurance,” McDonald said.

Crooks can choose to buy malware that collects usernames and passwords or ransomware to extort money.

“A lot of times those are sold as a service and the subscription services have many different ways. They monetize it. Sometimes it’s by how many infections that you would like to carry out,” McDonald said.

McDonald demonstrated two attacks criminals use to gain access to our info and it was not hard.

MORE STORIES FROM 2 INVESTIGATES:

“It’s really just answering a bunch of prompts as long as you have all the information. It’s a fairly simple process,” McDonald said.

Using open-source tools available online McDonald was able to create and send a phishing email to multiple addresses.

Then he waits.

“If I don’t get a connection back, I try a different template until eventually I’m successful and I can gain access to this person’s computer,” McDonald said.

Once they have access …

“In most cases, the whole purpose of the malware is to not make itself known, to collect data in the background silently and send that back to the attacker,” McDonald said.

Using another template, he was able to take control of the user’s computer by setting up a malicious link.

“In this case, it’s actually warning me that I should not download this,” McDonald said. “What I’m going to tell it is, I want to keep it. So I’m just going to ignore it. Which a lot of times this happens as well.”

Within seconds he was able to remotely take over.

“As you can see it, mirrors on my attacker laptop,” McDonald showed Howard. “Someone could do this in a matter of seconds, gathering credentials, gathering personal information.”

McDonald said people looking for pirated versions of software like Microsoft or Adobe products are asking for trouble.

“Plenty of those have malware attached for free on pirated versions,” McDonald said.

There are ways to protect yourself.

“Pay attention to what you’re clicking on,” McDonald said.

He said to also look at the URL and make sure a site is legit before you login in.

If you think you are a victim, McDonald said to change your passwords and enable two-factor authentication.

Howard said one last thing you can do is freeze your credit. It’s free to do it’s a key thing for you to set up defenses around your identity and your wallet.

IN OTHER NEWS:

0