-

Malware: how to prevent malicious attacks on your organisation

What is malware?

‘Malware’, short for ‘malicious software’, is used by criminals to disrupt computer operations and access confidential information.

Malware can be installed into your computer or your mobile device through clicking a link in an email or text message, opening an attachment to an email, or by downloading software from a malicious source.

Many people assume that their IT Department’s systems will protect them from malware, but it’s very important that everyone in an organisation is aware of the risks.

Types of malware

Trojans

Trojan programs are a type of malware that enter your computer or mobile device on the back of other software. They act as back doors to the computer, mobile phone or tablet, granting a fraudster remote access.

Once inside your device, a trojan can give a stranger access to your personal details by taking screenshots or capturing keystrokes.

When logging into online banking websites or banking apps, an unexpected screen might appear, delaying you or asking you to repeatedly input data. While you are delayed by these, a fraudster could be setting up another payment elsewhere, waiting for you to unwittingly authorise it by inputting your PIN and/or other security details.

Trojans remain passive when not in use, making them hard to detect. Firewalls and anti-virus software help to defend against trojans, but can’t guarantee your protection.

You should always be cautious of ‘pop-ups’ on your screen requesting that you put your card into the reader, input your PIN or other security information, or allow a download.

Ransomware

Ransomware enables a fraudster to gain control of your system in order to encrypt your files, demanding a fee to unlock them. Without the decryption code, it is very unlikely that you will be able to access your files again.

Though in many cases the criminals will restore files when the ransom is paid, there is no guarantee this will be the case. Hackers have been known to share stolen private customer information free of charge on the web in order to punish a company for not paying their proposed ransom.

Online and mobile banking – dos and don’ts

Attackers will often try to target you when making payments or accessing online banking services via your PC or mobile device.

Take a look at some of our tips to help protect your online transactions:

Do

  • Select dual approval for making transactions, using two separate machines for setting up this authorisation wherever possible
  • Abandon your banking session and tell Barclays at once if you notice anything unusual on your online or mobile banking screens
  • Be wary about pop-ups for PINsentry resets when logging into online or mobile banking (your PINsentry will never need updating or resetting).

Don't

  • Enter any personal or security information on a site accessed through a link in an email or text message
  • Leave a smart card in the reader connected to your computer
  • Remake payments to alternative account details if asked to do so
  • Enter your PIN in order to allow a download
  • Re-enter your PIN at login or while making a payment.

How do I protect my business against malware? A checklist:

  • Keep your firewalls and security software updated, setting updates to auto where possible.
  • Install the latest updates for your internet browser and operating system. Update mobile devices to the latest operating system to ensure the most current security settings are maintained, and consider using antivirus protection.
  • Only download files and software from trustworthy sources. Ensure there is a positive review history for any apps you intend to download, and avoid downloading outside Google Store or The App Store.
  • Review the permissions required by apps before downloading.
  • Be cautious of emails or texts which ask you to follow a website link or open an attachment. Emails and texts containing malware tend to have some urgency to them, pressuring the receiver into clicking a link in order to avoid adverse consequences.
  • Run regular security scans on your devices. It’s important to check that this is functioning as expected, and the data can be accessed when required. Ensure you keep your important files backed up, stored off your network.
  • If your computer or mobile device does get infected, disconnect from the network straight away and seek professional assistance. The NCSC^ (National Cyber Security Centre) provides step-by-step guides with advice on how to remove malware
  • Keep employees educated on how to identify phishing emails and texts, and ensure they are aware of the initial steps to take in the event of a ransomware attack, and where to go to report fraud and scams.

Read related insights

Insights

Fraud Protection

Fraudsters are working as hard as you are. Our content can help you stay ahead of them.

insights

Navigating a changing threat landscape

Cybercriminals have identified new avenues through which to scam and defraud vulnerable individuals and businesses, so ensure your business is well-equipped to deal with fraudsters.

insights

Always check before making a payment

Barclays Corporate support: Stop fraudsters from trying to trick you into sending them money, always remember to check any new payment requests.

Insights

What is Phishing?

Phishing is an email-based fraud, and is a form of social engineering. Find out how to protect your company from phishing.

insights

What is a data breach?

What is a data breach? Read practical tips to keep your business safe.